8.3.24 Set 'Script ActiveX controls marked safe for scripting' to 'Enabled:Disable'

Information

*Description*

This policy setting allows you to manage whether an ActiveX control marked safe for
scripting can interact with a script. The recommended state for this setting is-
Enabled-Disable.

*Rationale*

If you enable this policy setting, script interaction can occur automatically without user
intervention.

Solution

To implement the recommended configuration state, set the following Group Policy setting
to Enabled.

Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Script ActiveX
controls marked safe for scripting\Script ActiveX controls marked safe for scripting

Then set the Script ActiveX controls marked safe for scripting option to Disable.

Impact-If you enable this policy setting, script interaction can occur automatically without user
intervention. If you select Prompt in the drop-down box, users are queried to choose
whether to allow script interaction. If you disable this policy setting or do not configure this
policy setting, script interaction is prevented from occurring.

See Also

https://workbench.cisecurity.org/files/1516

Item Details

Audit Name: CIS IE 9 v1.0.0

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(3)

Plugin: Windows

Control ID: 43268989f6a66d51faa78872770d41ba3a359b11926767cae716c5b47624d086