Information
This policy setting determines whether Windows is allowed to download fonts and font catalog data from an online font provider.
The recommended state for this setting is: Disabled.
Rationale:
In an enterprise managed environment the IT department should be managing the changes to the system configuration, to ensure all changes are tested and approved.
Solution
To establish the recommended configuration via GP, set the following UI path to Disabled:
Computer Configuration\Policies\Administrative Templates\Network\Fonts\Enable Font Providers
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template GroupPolicy.admx/adml that is included with the Microsoft Windows 10 Release 1607 & Server 2016 Administrative Templates (or newer).
Impact:
Windows will not connect to an online font provider and will only enumerate locally-installed fonts.
Default Value:
Enabled. (Fonts that are included in Windows but that are not stored locally will be downloaded on demand from an online font provider.)
CIS Controls:
Version 6
3 Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
13 Data Protection
Data Protection