2.6.6.6.2.5 Ensure 'Disable Trust Bar Notification for unsigned application add-ins and block them' is set to 'Enabled'

Information

This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are loaded or silently disable such add-ins without notification.

Note: For this policy to apply, the Require that application add-ins are signed by Trusted Publisher policy setting needs to be enabled. This will prevents users from changing the Disable Trust Bar Notification for Unsigned Application Add-ins and Block Them policy setting.

The recommended state for this setting is: Enabled.

Rationale:

Allowing unsigned application add-ins could cause the application to load dangerous add-ins and as a result, malicious code could become active on endpoints and the network.

Impact:

If an application is configured to require that all add-ins be signed by a trusted publisher, any unsigned add-ins the application loads will be disabled and the application will display the Trust Bar at the top of the active window. The Trust Bar contains a message that informs users about the unsigned add-in.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled.

User Configuration\Administrative Templates\Microsoft PowerPoint 2016\PowerPoint Options\Security\Trust Center\Disable Trust Bar Notification for Unsigned Application Add-ins and Block Them

Default Value:

Disabled. (Users can configure this requirement themselves in the 'Add-ins' category of the Trust Center for the application.)

Additional Information:

This setting only applies if the Office application is configured to require that all add-ins are signed by a trusted publisher. By default, users can configure this requirement themselves in the Add-ins category of the Trust Center for the application. To enforce this requirement, you must enable the Require that application add-ins are signed by Trusted Publisher setting in Group Policy, which prevents users from changing the setting themselves.

See Also

https://workbench.cisecurity.org/benchmarks/12129

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|CM-7, 800-53|CM-7(1), 800-53|SI-7, 800-53|SI-7(1)

Plugin: Windows

Control ID: e28dfedccc792cd15830018982e76bd13dda9ab15cf707d03f03dc159cb01fcc