Information
*Description*
This policy setting allows you to manage whether scripts can perform a clipboard
operation (for example, cut, copy, and paste) in the security zone. The recommended state
for this setting is- Enabled-Disable.
*Rationale*
A malicious script could use the clipboard in an undesirable manner, for example, if the
user had recently copied confidential information to the clipboard while editing a
document a malicious script could harvest that information. It might be possible to exploit
other vulnerabilities in order to send the harvested data to the attacker.
Solution
To implement the recommended configuration state, set the following Group Policy setting
to Enabled.
Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow cut, copy or
paste operations from the clipboard via script\Allow cut, copy or paste operations
from the clipboard via script
Then set the Allow paste operations via script option to Disable.
Impact-If you enable this policy setting, a script can perform a clipboard operation. If you select
Prompt in the drop-down box, users are queried as to whether to perform clipboard
operations. If you disable this policy setting, a script cannot perform a clipboard operation.
If you do not configure this policy setting, a script cannot perform a clipboard operation.