1.10.1 Ensure 'Do Not Download Photos from Active Directory' is set to Enabled

Information

This policy setting controls whether contact photos are downloaded from the Active Directory.

If you enable this policy setting, contact photos are not downloaded.

If you disable or you do not configure this policy setting, contact photos are downloaded. The recommended state for this setting is: Enabled

Rationale:

Disabling or not configuring this setting allows Outlook to download contact photos from Active Directory. Photos downloaded from Active Directory could be shared on social networks, some organizations may not want portraits of their employees to circulate widely. For example: law enforcement, intelligence, and military agencies may need some of their staff to remain anonymous.

Solution

To implement the recommended configuration state, set the following Group Policy setting to Enabled.

User Configuration\Administrative Templates\Microsoft Outlook 2013\Outlook Social Connector\Do Not Download Photos from Active Directory

Impact:

Enable this setting to prevent Outlook from downloading photos stored in Active Directory.

See Also

https://workbench.cisecurity.org/files/552

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Windows

Control ID: fef539262b7d78ebba71a27c3e8939940dbfbbb1be6904fa9055fad471862973