2.1.1.3.2.1.1 Ensure 'Allow Trusted Locations on the network' is set to 'Disabled'

Information

This policy setting controls whether trusted locations on the network can be used. Trusted locations specified in the Trust Center are used to define file locations that are assumed to be safe by the application opening the file.

The recommended state for this setting is: Disabled.

Rationale:

Content, code, and add-ins are allowed to load from trusted locations with a minimal amount of security, without prompting the users for permission. If a dangerous file is opened from a trusted location, it will not be subject to standard security measures and could harm the user's computers or data.

Impact:

Disabling this setting will cause disruption for users who add network locations to the Trusted Locations list. These custom locations added by users are ignored but not removed. Trusted locations added in Group Policy that specify a network location are also ignored.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled.

User Configuration\Administrative Templates\Microsoft Access 2016\Application Settings\Security\Trust Center\Trusted Locations\Allow Trusted Locations on the network

Default Value:

Disabled. (Microsoft Access treats network locations as non-trusted but users can override.)

See Also

https://workbench.cisecurity.org/benchmarks/12129

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Windows

Control ID: 6a8298b423de4100844f39abaa39fad093a26cd8306ca8e79fd0429e9f5e7419