8.3.38 Set 'Web sites in less privileged Web content zones can navigate into this zone' to 'Enabled:Disable'

Information



This policy setting allows you to manage whether Web sites from less privileged zones can
navigate into this zone. The recommended state for this setting is- Enabled-Disable.

*Rationale*

If you enable this policy setting, Web sites from less privileged zones can open new
windows in, or navigate into, this zone. The security zone will run without the added layer
of security that is provided by the Protection from Zone Elevation security feature.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.

Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Web sites in less
privileged Web content zones can navigate into this zoneThen set the Web sites in less privileged Web content zones can navigate into
this zone option to Disable.

Impact-If you enable this policy setting, Web sites from less privileged zones can open new
windows in, or navigate into, this zone. The security zone will run without the added layer
of security that is provided by the Protection from Zone Elevation security feature. If you
select Prompt in the drop-down box, a warning is issued to the user that potentially risky
navigation is about to occur. If you disable this policy setting, the possibly harmful
navigations are prevented. The Internet Explorer security feature will be on in this zone as
set by Protection from Zone Elevation feature control. If you do not configure this policy
setting, Web sites from less privileged zones can open new windows in, or navigate into,
this zone.

Default Value-Disabled

See Also

https://workbench.cisecurity.org/files/1518

Item Details

Audit Name: CIS IE 11 v1.0.0

Category: ACCESS CONTROL

References: 800-53|AC-4

Plugin: Windows

Control ID: 9d12c8057a949456db55e19c4529b4b865f2e1a2c6ed7767fe7f4a4f837f354c