Detections
Analytics

1.2.3.5.1.1 Configure 'Report operating system errors'

Information

This policy setting controls whether errors are reported. If you configure the Report Errors setting to Enabled, users have the ability to report errors when they occur. Errors can be reported to Microsoft through the Internet or to local file shares in the users' organizations. The possible values for the Report Errors setting are: . Enabled with options for: . Do not display links to any Microsoft provided more information Web sites. If you select this option, no links are displayed for Microsoft Web sites that may have more information about the error message. . Do not collect additional files. If you select this option, no additional files are collected to include in error reports. . Do not collect additional machine data. If you select this option, no additional information about the computer on which the error occurred is included in error reports. . Force queue mode for application errors. If you select this option, users do not have an option to send an error report. Instead, the error is placed in a queue directory, and the next administrator who logs on to the computer decides whether to report the error. . Corporate upload file path. You can select this option to specify a Universal Naming Convention (UNC) path to a file share where error reports are uploaded. This option also enables the Corporate Error Reporting tool. . Replace instances of the word Microsoft. If you select this option, you can customize the error reporting dialog boxes with your organization's name. . Disabled . Not Configured If you do not configure this policy setting, users cannot adjust the setting in the Control Panel. The default configuration is Enabled in Windows XP Professional and Disabled in Windows Server 2003. If the Report Errors setting is enabled, it will override any settings that are made through the Control Panel for error reporting. This configuration will also enforce the default values for any error reporting policies that are not configured. In its default configuration, the Windows Corporate Error Reporting features of Windows XP and Office will send data to Microsoft that some organizations may prefer to keep confidential. The Microsoft privacy statement for Windows Corporate Error Reporting ensures that Microsoft will not misuse data that is collected through Windows Corporate Error Reporting. However, some organizations may want to configure this feature so that no information is transmitted outside of the organization without first being reviewed by a trusted member of the IT team. Conversely, if error reporting is disabled completely, it is more difficult for Microsoft to identify and diagnose new bugs. Organizations that develop their own internal business applications can also take advantage of Windows Corporate Error Reporting to track down problems within their code. A reasonable configuration that ensures privacy and uses Windows Corporate Error Reporting effectively is to set up your own internal Corporate Error Reporting (CER) servers. Configure your client computers to point to these servers when they have error reports to submit. An administrator can then review the reports on the CER server and generate an aggregate report for Microsoft that contains no confidential information.

Solution

Configure the following Group Policy setting in a manner that is consistent with the security and operational requirements of your organization-

Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Advanced Error Reporting Settings\Report operating system errors

Impact- Error reporting will be enabled, and new error reports will be sent to the CER server.

See Also

https://workbench.cisecurity.org/files/42

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-11, CCE|CCE-17294-0

Plugin: Windows

Control ID: 8bccc7c6b52d7ec9819e98f49340a5e5b0e1b2a014ddd4bdc6084dad2bf4bafd