18.10.15.3 (L1) Ensure 'Disable OneSettings Downloads' is set to 'Enabled'

Information

This policy setting controls whether Windows attempts to connect with the OneSettings service to download configuration settings.

The recommended state for this setting is: Enabled

Sending data to a third-party vendor is a security concern and should only be done on an as-needed basis.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

Computer Configuration\Policies\Administrative Templates\Windows Components\Data Collection and Preview Builds\Disable OneSettings Downloads

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template DataCollection.admx/adml that is included with the Microsoft Windows 11 Release 21H2 Administrative Templates (or newer).

Impact:

Windows will not connect to the OneSettings service to download configuration settings.

See Also

https://workbench.cisecurity.org/benchmarks/15105

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4

Plugin: Windows

Control ID: 051f5b6f1450544d0118800f1a470d3daafdf34e1e9d72f31ad255f340581413