1.1.4.1.5 Ensure 'Information Bar' is set to 'Enabled'

Information

This policy setting determines whether the Information Bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Information Bar is displayed for Internet Explorer processes.

The recommended state for this setting is: Enabled: groove.exe, excel.exe, mspub.exe, powerpnt.exe, pptview.exe, visio.exe, winproj.exe, winword.exe, outlook.exe, spDesign.exe, exprwd.exe, msaccess.exe, onent.exe, mse7.exe.

Rationale:

The information bar can help users to understand when potentially malicious content has been blocked. Some users may be confused, however, by the appearance of the bar or unsure about how to respond.

Impact:

The security bar will be enabled for each of the specified applications.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled: check all applications:

Computer Configuration\Administrative Templates\Microsoft Office 2016 (Machine)\Security Settings\IE Security\Information Bar

Default Value:

Not Configured

See Also

https://workbench.cisecurity.org/benchmarks/12129

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-10, 800-53|CM-11, 800-53|SC-18

Plugin: Windows

Control ID: 20ee5ee9b53e614a26c3852f6cf4053bb86720480412fea506adc404c2981b31