2.2.4.5.1.1 Ensure 'Internet and network paths as hyperlinks' is set to 'Disabled'

Information

This policy setting determines whether Excel automatically creates hyperlinks when users enter URL or UNC path information.

The recommended state for this setting is: Disabled.

Rationale:

By default, when users type a string of characters that Excel recognizes as a Uniform Resource Locator (URL) or Uniform Naming Convention (UNC) path to a resource on the Internet or a local network, Excel will transform it into a hyperlink. Clicking the hyperlink opens it in the configured default Web browser or the appropriate application. This functionality can enable users to accidentally create links to dangerous or restricted resources, which could create a security risk.

Impact:

Excel users will still be able to create new hyperlinks manually, so it is unlikely to cause significant disruptions for most users.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled:

User Configuration\Administrative Templates\Microsoft Excel 2016\Excel Options\Proofing\Autocorrect Options\Internet and Network Paths as Hyperlinks

Default Value:

Enabled. (Excel will automatically transform matching strings to hyperlinks.)

See Also

https://workbench.cisecurity.org/benchmarks/12129

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Windows

Control ID: edb8c7015bd7a1a1e116f525252b5c28b76a9f79cf68b2bab040bb0ebe8ef6a6