8.3.2 Set 'Allow drag and drop or copy and paste files' to 'Enabled:Disable'

Information



This policy setting allows you to manage whether users can drag files or copy and paste
files from a source within the zone. The recommended state for this setting is-
Enabled-Disable.

*Rationale*

Content hosted on sites located in the Restricted Sites Zone are more likely to contain
malicious payloads and therefor this feature should be blocked for this zone.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.

Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow drag and
drop or copy and paste filesThen set the Allow drag and drop or copy and paste files option to Disable.

Impact-If you enable this policy setting, users can drag files or copy and paste files from this zone
automatically. If you select Prompt in the drop-down box, users are queried to choose
whether to drag or copy files from this zone. If you disable this policy setting, users are
prevented from dragging files or copying and pasting files from this zone.

Default Value-
Disabled

See Also

https://workbench.cisecurity.org/files/1518

Item Details

Audit Name: CIS IE 11 v1.0.0

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a., CSCv6|3.1

Plugin: Windows

Control ID: f31ddd0b006ac61908383cdd2143ef56bc7ac38e24fbe49b1811e28930df72f9