Information
*Description*
This policy setting allows you to manage the opening of sub-frames and access of
applications across different domains. The recommended state for this setting is-
Enabled-Disable.
*Rationale*
It is conceivable that a web site hosting malicious could use this feature to conduct an
similar to cross-site scripting.
Solution
To implement the recommended configuration state, set the following Group Policy setting
to Enabled.
Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone\Navigate windows and
frames across different domains\Navigate windows and frames across different domains
Then set the Navigate windows and frames across different domains option to
Disable.
Impact-If you enable this policy setting, users can open sub-frames from other domains and access
applications from other domains. If you select Prompt in the drop-down box, users are
queried whether to allow sub-frames or access to applications from other domains. If you
disable this policy setting, users cannot open sub-frames or access applications from
different domains. If you do not configure this policy setting, users can open sub-frames
from other domains and access applications from other domains.