Include local path when user is uploading files to a server - Restricted Sites Zone

Information

This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent some information may be unintentionally revealed to the server. For instance files sent from the user's desktop may contain the user name as a part of the path.

If you enable this policy setting path information is sent when the user is uploading a file via an HTML form.

If you disable this policy setting path information is removed when the user is uploading a file via an HTML form.

If you do not configure this policy setting the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default path information is sent.

Solution

Policy Path: Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Policy Setting Name: Include local path when user is uploading files to a server

See Also

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-23h2-security-baseline/ba-p/3967618

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a.

Plugin: Windows

Control ID: b40136fad928313e00f77fdbac1efb0bf76865347d2dfc6e1c0761f97866b00e