8.3.35 Set 'Enable dragging of content from different domains within a window' to 'Enabled:Disable'

Information



This policy setting allows you to set options for dragging content from one domain to a
different domain when the source and destination are in the same window. If you enable
this policy setting and click Enable, users can drag content from one domain to a different
domain when the source and destination are in the same window. Users cannot change this
setting. If you enable this policy setting and click Disable, users cannot drag content from
one domain to a different domain when the source and destination are in the same
window. Users cannot change this setting in the Internet Options dialog. In Internet
Explorer 10, if you disable this policy setting or do not configure it, users cannot drag
content from one domain to a different domain when the source and destination are in the
same window. Users can change this setting in the Internet Options dialog. In Internet
Explorer 9 and earlier versions, if you disable this policy setting or do not configure it,
users can drag content from one domain to a different domain when the source and
destination are in the same window. Users cannot change this setting in the Internet
Options dialog. The recommended state for this setting is- Enabled-Disable.

*Rationale*

Content hosted on untrusted sites are more likely to contain malicious payloads and
therefor this feature should be blocked for this zone.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.


Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Enable dragging of
content from different domains within a windowThen set the Enable dragging of content from different domains within a window
option to Disable.

See Also

https://workbench.cisecurity.org/files/1518

Item Details

Audit Name: CIS IE 11 v1.0.0

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(3), CSCv6|3.1

Plugin: Windows

Control ID: 97f12ef73ab6975102be6d1e2b1f2514e936b3f139c30e091d7e4220304be0bb