Include local path when user is uploading files to a server - Internet Zone

Information

This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent some information may be unintentionally revealed to the server. For instance files sent from the user's desktop may contain the user name as a part of the path.

If you enable this policy setting path information is sent when the user is uploading a file via an HTML form.

If you disable this policy setting path information is removed when the user is uploading a file via an HTML form.

If you do not configure this policy setting the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default path information is sent.

Solution

Policy Path: Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Policy Setting Name: Include local path when user is uploading files to a server

See Also

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-server-2022-security-baseline/ba-p/2724685

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a.

Plugin: Windows

Control ID: 59e20832cb56d1779598090a26e0a4670803b96902c87cb237617f214dff8cfd