8.5.1 Set 'Only allow approved domains to use ActiveX controls without prompt' to 'Enabled:Enable'

Information

*Description*

This policy setting controls whether or not the user is prompted to allow ActiveX controls
to run on Web sites other than the Web site that installed the ActiveX control. If you enable
this policy setting, the user will be prompted before ActiveX controls are permitted to run
from Web sites in this zone. Users may choose to allow the control to run from the current
site, or from all sites. If you disable this policy setting, the user will not see the per-site
ActiveX prompt and ActiveX controls will be allowed to run from all sites in this zone. The
recommended state for this setting is- Enabled-Enable.

*Rationale*

If the user were to disable the setting for the zone, malicious ActiveX controls could be
executed without the user's knowledge.

See Also

https://workbench.cisecurity.org/files/1516

Item Details

Audit Name: CIS IE 9 v1.0.0

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(3)

Plugin: Windows

Control ID: ae92093481e491a818a5db593b50dd16976c994bbf3cdc3ff79d55992bd7ad00