18.9.19.2 (L1) Ensure 'Turn Off user-installed desktop gadgets' is set to 'Enabled'

Information

This policy setting allows you to turn off desktop gadgets that have been installed by the user.

The recommended state for this setting is: Enabled

Allowing gadgets could allow users to install custom gadgets that could be malicious.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

Computer Configuration\Policies\Administrative Templates\Windows Components\Desktop Gadgets\Turn Off user-installed desktop gadgets

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template Sidebar.admx/adml that is included with the Microsoft Windows 7 & Server 2008 R2 Administrative Templates (or newer).

Impact:

Windows will not run any user-installed gadgets.

See Also

https://workbench.cisecurity.org/benchmarks/14291