/export/home should be configured on an appropriate filesystem logical volume logical volume via fstab 10.8.10.4.2.1 (5) /var should be configured on an appropriate filesystem logical volume logical volume via fstab 10.8.10.4.2.1 (5) /opt should be configured on an appropriate filesystem logical volume logical volume via fstab 10.8.10.4.2.1 (5) The shell for the root account should be located on the appropriate filesystem filesystem via /etc/passwd 10.8.10.4.2.1 (6) Core dump size limits should be set appropriately Size (0 to disable core dumps) via /etc/security/limits via ulimit 10.8.10.4.4 (3) The read-only SNMP community string should be set appropriately. string via /etc/snmp.conf 10.8.10.5.1 (1) c) The read/write SNMP community string should be set appropriately. string via /etc/snmp.conf 10.8.10.5.1 (1) c) Password policy should ban or allow usernames or UIDs in passwords as appropriate ban/allow via /etc/security/user 10.8.10.5.1 (2) a) Password policy should ban or allow words found in a dictionary as appropriate. ban/allow via /etc/security/user 10.8.10.5.1 (2) a) Password policy should enforce the correct amount of special characters number of special characters via /etc/security/user 10.8.10.5.1 (2) a) Password policy should enforce or not enforce the requirement to have mixed case passwords as appropriate. enforce/not enforce via /etc/security/user 10.8.10.5.1 (2) a) The minimum password age should be set as appropriate number of days via /etc/security/user 10.8.10.5.1 (2) b) The minimum required password length should be set as appropriate number of characters via /etc/security/user 10.8.10.5.1 (2) c) Password history should be saved for an appropriate number of password changes number of password changes via /etc/security/user 10.8.10.5.1 (2) d) The number of consecutive failed login attempts required to trigger a lockout should be set as appropriate number of consecutive failed login attempts via /etc/security/user 10.8.10.5.1 (2) e) Login access to accounts without passwords should be enabled or disabled as appropriate enabled/disabled via passwd via /etc/shadow 10.8.10.5.1 (2) f) New users should be required or not required to change their password on first login as appropriate required/not required via /etc/security/passwd 10.8.10.5.1 (2) g) Access to single-user mode (maintainence mode) should require the root password or not as appropriate required/not required 10.8.10.5.1 (3) The delay between failed logins should be set as appropriate number of seconds via /etc/security/user 10.8.10.5.1 (5) All files should be owned by an existing account or not as appropriate. existing account required / existing account not required via chown 10.8.10.5.2 (3) All files should be owned by an existing group or not as appropriate. existing group required / existing group not required via chgrp via chown 10.8.10.5.2 (3) The console login banner should be set appropriately. banner text or null via /etc/security/login.cfg via /etc/motd 10.8.10.5.2 (5) a) The SSH login banner should be set appropriately. banner text or null via sshd.conf 10.8.10.5.2 (5) b) The telnet login banner should be set appropriately. banner text or null 10.8.10.5.2 (5) c) The ftp login banner should be set appropriately. banner text or null 10.8.10.5.2 (5) d) The graphical login banner should be set appropriately. banner text or null 10.8.10.5.2 (5) e) Accounts other than root should be allowed to have the UID 0 or not as appropriate allowed/not allowed via passwd via /etc/passwd 10.8.10.5.2.1 (2) a) Accounts other than root and locked system accounts should be allowed to have a GID of 0 or not as appropriate allowed/not allowed via passwd via /etc/passwd 10.8.10.5.2.1 (2) b) Each account should be assigned a unique UID or not as appropriate unique/not unique via /etc/passwd 10.8.10.5.2.4 (3) The ftp account should exist or not as appropriate exist/not exist via /etc/passwd 10.8.10.5.2.4 (9) Login accounts should include an appropriate GECOS identifier or no GECOS identifier GECOS value, null via /etc/passwd 10.8.10.5.2.4.1 (1) The screen lock should activate after an appropriate period of inactivity number of minutes via Xscreensaver via dtsession 10.8.10.5.2.5 (1) File permissions should be set appropriately for all shell executables. permissions via chmod 10.8.10.5.2.6 (1) Remote (serial) consoles should be enabled or disabled as appropriate. enabled/disabled via BIOS 10.8.10.5.2.6 (3) Root logins should be restricted to the console or not as appropriate. restricted/not restricted /etc/default/login 10.8.10.5.2.6 (4) .netrc files should exist or not as appropriate for all users. exist/not exist filesystem 10.8.10.5.2.6 (6) .rhosts files should exist or not as appropriate for all users. exist/not exist filesystem 10.8.10.5.2.6 (6) .shosts files should exist or not as appropriate for all users. exist/not exist filesystem 10.8.10.5.2.6 (6) The /etc/hosts.equiv file should exist or not as appropriate. exist/not exist filesystem 10.8.10.5.2.6 (6) The use of NIS special characters (+ or -) in the first field of the /etc/passwd file should be allowed or disallowed as appropriate. allowed/not allowed Text editor 10.8.10.5.2.6 (7) The use of NIS special characters (+ or -) in the first field of the /etc/shadow file should be allowed or disallowed as appropriate. allowed/not allowed Text editor 10.8.10.5.2.6 (7) The use of NIS special characters (+ or -) in the first field of the /etc/group file should be allowed or disallowed as appropriate. allowed/not allowed Text editor 10.8.10.5.2.6 (10) The /etc/shells file should exist or not as appropriate exist/not exist Text editor 10.8.10.5.2.6 (11) Shells referenced in /etc/passwd should be included in /etc/shells or not as appropriate included/not included /etc/shells 10.8.10.5.2.6 (12) Groups referenced in /etc/passwd should be included in /etc/group or not as appropriate. included/not included /etc/group 10.8.10.5.2.6 (15) The home directory for the root account should be set appropriately. path /etc/passwd 10.8.10.5.2.6 (16) The home directory for each user account should be set appropriately. path /etc/passwd 10.8.10.5.2.6 (17) Home directories referenced in /etc/passwd should exist or not as appropriate exist/not exist filesystem 10.8.10.5.2.6 (18) All device files should be located inside an appropriate directory path filesystem 10.8.10.5.2.6 (24) The ntpd service should be enabled or disabled as appropriate. enabled/disabled via RC scripts 10.8.10.5.3 (3) The Network Time Protocol (ntp) synchronization server should be set appropriately. timeserver ntpd.conf All logon attempts should be logged or not logged as appropriate logged/not logged Audit subsystem 10.8.10.5.3 (4) All su (switch user) activity should be logged or not as appropriate logged/not logged Audit subsystem 10.8.10.5.3 (5) Filesystem logging/journaling should be performed or not as appropriate performed/not performed Audit subsystem 10.8.10.5.3 (6) Automount should be enabled or disabled as appropriate enabled/disabled 10.8.10.5.4.1 (12) Source-routed packets should be accepted or rejected as appropriate. accepted/rejected 10.8.10.5.4.1 (2) a) Response to ICMP timestamp requests should be enabled or disabled as appropriate enabled/disabled 10.8.10.5.4.1 (2) c) Response to ICMP timestamp broadcast requests should be enabled or disabled as appropriate enabled/disabled 10.8.10.5.4.1 (2) d) Response to ICMP echo (ping) requests should be enabled or disabled as appropriate enabled/disabled 10.8.10.5.4.1 (2) e) Executable stack should be enabled or disabled as appropriate enabled/disabled 10.8.10.5.4.1 (3) The default gateway should be set appropriately. IP address/disabled via /etc/default/route.conf 10.8.10.5.4.1 (4) The inetd service should be enabled or disabled as appropriate. enabled/disabled via RC scripts 10.8.10.5.4.1 (5) echo service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #1 netstat service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #2 rcp service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #3 chargen service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #4 finger service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #5 tftpd service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #6 walld service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #7 rstatd service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #8 sprayd service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #9 rusersd service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #10 rlogin service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #11 rsh service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #12 ftp service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #13 telnet service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #14 DEPRECATED. inn service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #16 uucp service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #17 rexec service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #18 inetd logging should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #19 font-service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #20 imap2 service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #21 pop3 service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #22 ident service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #23 rexd service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #24 daytime service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #26 dtspc (cde-spc) service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #27 rquotad service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #28 cmsd service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #29 tooltalk service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #30 xdmcp service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #31 discard service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #32 DEPRECATED. vino-server service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #34 The bind service should be enabled or disabled as appropriate. enabled/disabled via RC scripts 10.8.10.5.4.1.1 (2) The version string reported by the bind service should be configured appropriately. string via /etc/named.conf 10.8.10.5.4.1.1 (5) SSH Protocol v1 should be enabled or disabled as appropriate enabled/disabled /etc/ssh/ssh_config 10.8.10.5.4.1.2 (2) TCP_WRAPPERS should be enabled or disabled as appropriate enabled/disabled via inetd.conf 10.8.10.5.4.1.3 (1) SNMP version 1 should be enabled or disabled as appropriate enabled/disabled 10.8.10.5.4.1.4 (1) The nfsd service should be enabled or disabled as appropriate enabled/disabled via RC scripts 10.8.10.5.4.1.5 (1) The mountd service should be enabled or disabled as appropriate enabled/disabled via RC scripts 10.8.10.5.4.1.5 (1) The statd service should be enabled or disabled as appropriate enabled/disabled via RC scripts 10.8.10.5.4.1.5 (1) The lockd service should be enabled or disabled as appropriate enabled/disabled via RC scripts 10.8.10.5.4.1.5 (1) NFS should be configured to respond or not as appropriate to client requests that do not include a user id . respond/not respond 10.8.10.5.4.1.5 (1) a) NFS should be configured to respond or not as appropriate to client requests that do not originate from a privileged port. respond/not respond 10.8.10.5.4.1.5 (1) a) NFS server support for the AUTH_NONE authentication mechanism should be enabled or disabled as appropriate. enabled/disabled 10.8.10.5.4.1.5 (1) f) NFS server support for the AUTH_UNIX authentication mechanism should be enabled or disabled as appropriate. enabled/disabled 10.8.10.5.4.1.5 (1) f) NFS server support for the AUTH_DES authentication mechanism should be enabled or disabled as appropriate. enabled/disabled 10.8.10.5.4.1.5 (1) f) NFS server support for the AUTH_KERB authentication mechanism should be enabled or disabled as appropriate. enabled/disabled 10.8.10.5.4.1.5 (1) f) The read-only (ro) option should be enabled or disabled as appropriate for all NFS exports. enabled/disabled via /etc/exports 10.8.10.5.4.1.5 (1) g) The nosuid option should be enabled or disabled for all NFS mounts as appropriate enabled/disabled via /etc/fstab 10.8.10.5.4.1.5 (1) i) The nosgid option should be enabled or disabled for all NFS mounts as appropriate enabled/disabled via /etc/fstab 10.8.10.5.4.1.5 (1) i) Sendmail should be enabled or disabled as appropriate enabled/disabled via RC scripts 10.8.10.5.4.2.2 (1) The sendmail banner should be set appropriately. string via /etc/mail/sendmail.cf 10.8.10.5.4.2.2 (3) The decode sendmail alias should be enabled or disabled as appropriate. enabled/disabled via /etc/aliases via /usr/lib/aliases 10.8.10.5.4.2.2 (4) c) .forward files should be allowed or disallowed as appropriate for all users allow/disallow via rm 10.8.10.5.4.2.2 (4) e) Programs executed through the aliases file should be owned by an appropriate user user via chown 10.8.10.5.4.2.2 (4) f) Programs executed through the aliases file should reside a directory with an appropriate user owner user via chown 10.8.10.5.4.2.2 (4) f) Sendmail vrfy command should be allowed or not as appropriate allow/disallow via /etc/mail/sendmail.cf 10.8.10.5.4.2.2 (4) g) Sendmail expn command should be allowed or not as appropriate allow/disallow via /etc/mail/sendmail.cf 10.8.10.5.4.2.2 (4) h) Sendmail should be configured with an appropriate logging level logging level via /etc/mail/sendmail.cf 10.8.10.5.4.2.2 (4) i) The sendmail help command should be allowed or not as appropriate allow/disallow via /etc/mail/sendmail.cf 10.8.10.5.4.2.2 (4) k) NIS should be enabled or disabled as appropriate enabled/disabled via RC scripts 10.8.10.5.4.2.3 (1) NIS+ server should operate at an appropriate security level security level via NIS+ via RC scripts 10.8.10.5.4.2.3 (1) b) X-Windows should be enabled or disabled as appropriate enabled/disabled via Xwindows via /etc/inittab vi RC scripts 10.8.10.5.4.2.4 (1) Authorized X-clients should be listed or not in the X*.hosts file as appropriate listed/not listed via /etc/X*.hosts 10.8.10.5.4.2.4 (2) b) X-Windows should write .Xauthority files to users' home directories or not as appropriate write/not write via xdm via gdm via kdm 10.8.10.5.4.2.4 (2) d) X11 forwarding via SSH should be enabled or disabled as appropriate. enabled/disabled via sshd_config 10.8.10.5.4.2.4 (2) f) Samba should be enabled or disabled as appropriate enabled/disabled via smbd via RC scripts 10.8.10.5.4.2.6 (1) Samba 'hosts allow' option should be configured with an appropriate set of networks list of networks via smbd via smb.conf 10.8.10.5.4.2.6 (3) a) Samba 'security option' option should be set as appropriate via smbd via smb.conf 10.8.10.5.4.2.6 (3) b) Samba 'encrypt' passwords option should be set as appropriate yes/no via smbd via smb.conf 10.8.10.5.4.2.6 (3) c) Samba 'smb passwd file' option should be set to an appropriate password file or no password file file/nothing via smbd via smb.conf 10.8.10.5.4.2.6 (3) d) IPv6 should be enabled or disabled as appropriate enabled/disabled via SMIT 10.8.10.5.4.3 (1) The "at" utility directory permissions should be set as appropriate permissions via chmod 10.8.10-1 A.1 1) #1 at.allow file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #2 at.deny file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #2 Cron directory permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #5 Crontab directory permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #5 Cron log file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #6 cron.allow file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #7 cron.deny file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #7 Crontab file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #8 /dev/kmem file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #9 /dev/mem file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #10 /dev/null file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #11 resolv.conf file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #13 /etc/named.conf file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #14 File permissions should be set appropriately for all user home directories. permissions via chmod 10.8.10-1 A.1 1) #21 /etc/exports file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #23 /usr/bin/at file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #25 /usr/bin/rdist file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #26 /usr/sbin/sync file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #27 Superuser account home directories' permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #29 /etc/samba/smb.conf file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #31 smbpassword executable permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #32 Aliases file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #34 File permissions should be set as appropriate for the log file configured to capture critical sendmail messages. permissions via chmod 10.8.10-1 A.1 1) #35 All files executed through /etc/aliases file entries should have file permissions set appropriately permissions via chmod 10.8.10-1 A.1 1) #36 /bin/csh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #37 /bin/jsh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #38 /bin/ksh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #39 The /bin/rsh file should exist or not as appropriate exist/not exist via filesystem 10.8.10-1 A.1 1) #40 /bin/sh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #41 /bin/bash file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #42 /sbin/csh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #43 /sbin/jsh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #44 /sbin/ksh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #45 The /sbin/rsh file should exist or not as appropriate exist/not exist via filesystem 10.8.10-1 A.1 1) #46 /sbin/sh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #47 /sbin/bash file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #48 /usr/bin/csh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #49 /usr/bin/jsh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #50 /usr/bin/ksh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #51 The /usr/bin/rsh file should exist or not as appropriate exist/not exist via filesystem 10.8.10-1 A.1 1) #52 /usr/bin/sh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #53 /usr/bin/bash file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #54 snmpd.conf file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #56 /tmp file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #57 /usr/tmp file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #58 traceroute executable file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #59 .Xauthority file permissions should be set appropriately for all users. permissions via chmod 10.8.10-1 A.1 1) #60 /etc/aliases file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #61 /etc/cron.d/at.allow file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #62 /etc/cron.d/cron.allow file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #63 /etc/csh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #64 /etc/default/* file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #65 /etc/default/login file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #66 The /etc/ftpusers file should exist or not as appropriate exist/not exist via filesystem 10.8.10-1 A.1 1) #69 /etc/host.lpd file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #70 /etc/hostname* file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #71 /etc/hosts file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #72 /etc/inetd.conf file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #73 /etc/issue file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #75 /etc/jsh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #76 /etc/ksh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #77 /etc/mail/aliases file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #78 /etc/motd file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #79 /etc/netconfig file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #80 /etc/notrouter file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #81 /etc/pam.conf file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #82 /etc/passwd file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #83 The /etc/rsh file should exist or not as appropriate exist/not exist via filesystem 10.8.10-1 A.1 1) #84 /etc/security file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #85 /etc/services file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #86 /etc/sh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #87 /etc/shadow file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #88 /etc/syslog.conf file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #89 DEPRECATED. /etc/fstab file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #91 DEPRECATED. /var/adm/loginlog file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #93 /var/adm/messages file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #94 /var/adm/sulog file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #95 /var/adm/utmp file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #96 /var/adm/wtmp file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #97 /var/adm/authlog file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #98 /var/adm/syslog file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #99 /var/mail file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #100 /var/tmp file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #101 /usr/lib/pt_chmod file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #103 /usr/lib/embedded_us file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #104 /usr/lib/sendmail file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #105 /usr/kerberos/bin/rsh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #107 /var/spool/mail file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #108 smbpassword file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #109 At directory should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #1 At directory should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #1 at.allow file should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #2 at.allow file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #2 at.deny file should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #2 at.deny file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #2 Cron directories should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #4 Cron directories should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #4 Crontab directories should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #4 Crontab directories should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #4 cron.allow file should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #5 cron.allow file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #5 cron.deny should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #5 cron.deny data should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #5 crontab files should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #6 crontab files should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #6 /etc/resolv.conf file should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #7 /etc/resolv.conf file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #7 /etc/named.boot file should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #7 /etc/named.boot file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #7 /etc/named.conf file should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #7 /etc/named.conf file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #7 Each user home directory should be owned by an appropriate user. user via chown 10.8.10-1 A.1 2) #11 Each user home directory should be owned by an appropriate group. group via chgrp via chown 10.8.10-1 A.1 2) #11 inetd.conf file should be owned by an appropriate user user via chown 10.8.10-1 A.1 2) #12 inetd.conf file should be owned by an appropriate group group via chgrp via chown 10.8.10-1 A.1 2) #12 /etc/exports should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #13 /etc/exports should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #13 Exported files and directories should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #14 Exported files and directories should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #14 /etc/services file should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #16 /etc/services file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #16 /etc/notrouter file should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #18 /etc/notrouter file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #18 /etc/samba/smb.conf file should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #21 /etc/samba/smb.conf file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #21 smbpasswd executable should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #22 smbpasswd executable should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #22 aliases file should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #24 aliases file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #24 The log file configured to capture critical sendmail messages should be owned by the appropriate user. list of users via chown 10.8.10-1 A.1 2) #25 The log file configured to capture critical sendmail messages should be owned by the appropriate group. list of groups via chgrp via chown 10.8.10-1 A.1 2) #25 Programs executed through aliases file entries should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #26 Programs executed through aliases file entries should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #26 Shell files should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #27 Shell files should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #27 snmpd.conf file should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #29 snmpd.conf file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #29 /etc/syslog.conf file should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #30 /etc/syslog.conf file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #30 traceroute executable should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #31 traceroute executable should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #31 /usr/lib/sendmail file should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #32 /usr/lib/sendmail file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #32 /etc/passwd file should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #35 /etc/passwd file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #35 /etc/shadow file should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #36 /etc/shadow file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #36 smbpasswd file should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #37 smbpasswd file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #37 Environmental variable PATH for superuser accounts should or should not contain world-writable files as appropriate should/should not via chmod via profile 10.8.10-1 A.2 1) #1 Environmental variable PATH for superuser accounts should not contain the current directory as the first or last entry should/should not via local init files 10.8.10-1 A.2 1) #2 The current working directory should or should not be added to the environmental variable PATH by global initialization files as appropriate should/should not via local init files 10.8.10-1 A.2 1) #3 The current working directory should or should not be added to the environmental variable PATH by local initialization files as appropriate should/should not via local init files 10.8.10-1 A.2 1) #4 DEPRECATED. The current working directory should or should not be added to the environmental variable PATH by run control scripts as appropriate should/should not 10.8.10-1 A.2 1) #7 The system umask should be set appropriately umask via global init files 10.8.10-1 A.2 1) #8 The user umask should be set appropriately umask via local init files 10.8.10-1 A.2 1) #8 The cron.allow file should be configured with the set of users permitted to use the cron facility as appropriate. list of users Text editor The cron.deny file should be configured with the set of users not permitted to use the cron facility as appropriate. list of users Text editor Cron logging should be enabled or disabled as appropriate enabled/disabled 10.8.10-1 A.3 4) The at.allow file should be configured with the set of users permitted to use the at facility as appropriate. list of users Text editor The at.deny file should be configured with the set of users not permitted to use the at facility as appropriate. list of users Text editor /etc/security/audit/config file permissions should be set appropriately permissions via chmod 10.8.10-5 E.1 1) #1 /etc/security/audit/events file permissions should be set appropriately permissions via chmod 10.8.10-5 E.1 1) #2 /etc/security/audit/objects file permissions should be set appropriately permissions via chmod 10.8.10-5 E.1 1) #3 /usr/lib/trcload file permissions should be set appropriately permissions via chmod 10.8.10-5 E.1 1) #5 /usr/lib/semutil file permissions should be set appropriately permissions via chmod 10.8.10-5 E.1 1) #6 /etc/security/audit/config file should be owned by an appropriate user list of users via chown 10.8.10-5 E.1 1) #1 /etc/security/audit/events file should be owned by an appropriate user list of users via chgrp via chown 10.8.10-5 E.1 1) #2 /etc/security/audit/objects file should be owned by an appropriate user list of users via chown 10.8.10-5 E.1 1) #3 /usr/lib/trcload file should be owned by an appropriate user list of users via chown 10.8.10-5 E.1 1) #5 /usr/lib/semutil file should be owned by an appropriate user list of users via chown 10.8.10-5 E.1 1) #6 /etc/security/audit/config file should be owned by an appropriate group list of groups via chown 10.8.10-5 E.1 1) #1 /etc/security/audit/events file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-5 E.1 1) #2 /etc/security/audit/objects file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-5 E.1 1) #3 /usr/lib/trcload file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-5 E.1 1) #5 /usr/lib/semutil file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-5 E.1 1) #6 The authentication mechanism (SYSTEM attribute) should be set appropriately for each user authentication system via /etc/security/user 10.8.10-5 E.1 2) Trusted Computing Base should be installed or not as appropriate installed/not installed via /etc/security/user 10.8.10-5 E.2 1) Auditing should be enabled or disabled as appropriate in runcontrol scripts enabled/disabled via /etc/inittab via RC scripts 10.8.10-5 E.3 1) BIN mode auditing should be enabled or disabled as appropriate enabled/disabled via /etc/security/audit/config 10.8.10-5 E.3 2) Accounts should be present or absent from the audit config file as appropriate present/absent via /etc/security/audit/config 10.8.10-5 E.3 3) System logons should be audited or not as appropriate audited/not audited via /etc/security/audit/config 10.8.10-5 E.3 4) #1 System logoffs should be audited or not as appropriate audited/not audited via /etc/security/audit/config 10.8.10-5 E.3 4) #2 Password changes should be audited or not as appropriate audited/not audited via /etc/security/audit/config 10.8.10-5 E.3 4) #3 su usage should be audited or not as appropriate audited/not audited via /etc/security/audit/config 10.8.10-5 E.3 4) #4 Creation/modification of superuser groups should be audited or not as appropriate audited/not audited via /etc/security/audit/config 10.8.10-5 E.3 4) #5 Startup/shutdown of audit functions should be audited or not as appropriate audited/not audited via /etc/security/audit/config 10.8.10-5 E.3 4) #9 Certificate revocation should be audited or not as appropriate audited/not audited via /etc/security/audit/config 10.8.10-5 E.3 4) #10 Remote access from outside the corporate network should be audited or not as appropriate audited/not audited via /etc/security/audit/config 10.8.10-5 E.3 4) #11 Use of chown command should be audited or not as appropriate audited/not audited via /etc/security/audit/config 10.8.10-5 E.3 4) #13 File permissions of the rcp binary should be set correctly permissions via chmod 10.8.10-5 E.4 1) File permissions of the rlogin binary should be set correctly permissions via chmod 10.8.10-5 E.4 1) File permissions of the rlogind binary should be set correctly permissions via chmod 10.8.10-5 E.4 1) File permissions of the rsh binary should be set correctly permissions via chmod 10.8.10-5 E.4 1) File permissions of the rshd binary should be set correctly permissions via chmod 10.8.10-5 E.4 1) File permissions of the tftp binary should be set correctly permissions via chmod 10.8.10-5 E.4 1) File permissions of the tftpd binary should be set correctly permissions via chmod 10.8.10-5 E.4 1) Global initialization files should allow or deny write access to the terminal as appropriate allow/deny via global init files 10.8.10-5 E.5 1) #1 Netrc should be configured with an appropriate set of services list of services via /etc/security/sysck.cfg 10.8.10-5 E.4 1) Change of file ownership should be audited or not as appropriate audited/not audited via /etc/security/audit/config 10.8.10-5 E.3 4) #13 Use of chmod command should be audited or not as appropriate audited/not audited via /etc/security/audit/config 10.8.10-5 E.3 4) #13 Certificate creation should be audited or not as appropriate audited/not audited via /etc/security/audit/config 10.8.10-5 E.3 4) #10 Certificate deletion should be audited or not as appropriate audited/not audited via /etc/security/audit/config 10.8.10-5 E.3 4) #10 Certificate retrieval should be audited or not as appropriate audited/not audited via /etc/security/audit/config 10.8.10-5 E.3 4) #10 Startup or shutdown of the audit process should be audited or not as appropriate audited/not audited via /etc/security/audit/config 10.8.10-5 E.3 4) #9 Use of chgrp should be audited or not as appropriate audited/not audited via /etc/security/audit/config 10.8.10-5 E.3 4) #5 Use of mkgroup should be audited or not as appropriate audited/not audited via /etc/security/audit/config 10.8.10-5 E.3 4) #5 Use of rmgroup should be audited or not as appropriate audited/not audited via /etc/security/audit/config 10.8.10-5 E.3 4) #5 Use of change user functions should be audited or not as appropriate audited/not audited via /etc/security/audit/config 10.8.10-5 E.3 4) #4 Terminal logoffs should be audited or not as appropriate audited/not audited via /etc/security/audit/config 10.8.10-5 E.3 4) #2 Exit function usage should be audited or not as appropriate audited/not audited via /etc/security/audit/config 10.8.10-5 E.3 4) #2 Hard core dump size limits should be set appropriately Size (0 to disable core dumps) via /etc/security/limits ulimit 10.8.10.4.4 (3) Remote root logins via SSH should be allowed or not as appropriate. allowed/not allowed via /etc/ssh/sshd_config 10.8.10.5.2.6 (4) Apache's configuration directory should be owned by the appropriate group. (1) group (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 1.19 Updating Ownership and Permissions p34 Apache's configuration directory should be owned by the appropriate user. (1) user (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 1.19 Updating Ownership and Permissions p34 Apache's demo CGI printenv.pl should be available or removed as appropriate (1) exist / not exist (1) (ServerRoot)\cgi-bin\printenv.pl (2) (ServerRoot)/cgi-bin/printenv.pl L1 18. Remove Default/Unneeded Apache Files p27 1.18 Remove Default Content p33 testcgi should be installed as appropriate. (1) exist/not exist (1) cgi-script directory L1 18. Remove Default/Unneeded Apache Files p27 1.18 Remove Default Content p33 The "FollowSymLinks" setting of the DocumentRoot should be enabled or disabled as appropriate. (1) FollowSymLinks / -FollowSymLinks / +FollowSymLinks / None (1) Apache configuration file: Options directive (in DocumentRoot Directory directive) L1 15. Directory Functionality/Features Directives p23 1.8 Directory Functionality Control with the Options Directive p16 The "IncludesNOEXEC" setting of the DocumentRoot should be enabled or disabled as appropriate. (1) IncludesNoExec / -IncludesNoExec / +IncludesNoExec / None (1) Apache configuration file: Options directive (in DocumentRoot Directory directive) L1 15. Directory Functionality/Features Directives p24 1.8 Directory Functionality Control with the Options Directive p16 The "Indexes" setting of the DocumentRoot should be enabled or disabled as appropriate. (1) Indexes / -Indexes / +Indexes / None (1) Apache configuration file: Options directive (in DocumentRoot Directory directive) L1 15. Directory Functionality/Features Directives p24 1.8 Directory Functionality Control with the Options Directive p16 The Allow Directive for the OS root should be configured appropriately (1) all | hostname/IP address/environment variable (1) Allow directive L1 13. Access Control Directives p21 1.7 Restricting Access p14-15 The Allow directive for the specified Directory directive should be configured appropriately. (1) all | hostname/IP address/environment variable (1) Allow directive L1 13. Access Control Directives p21 1.7 Restricting Access p14-15 The Apache "KeepAlive" directive should be configured appropriately. (1) On / Off (1) Apache configuration file: KeepAlive directive L1 10. Denial of Service (DoS) Protective General Directives pg 16 1.13 Denial of Service Prevention Tuning p21 The Apache "KeepAliveTimeout" directive should be configured appropriately. (1) Number value (in seconds) (1) Apache configuration file: KeepAliveTimeout directive L1 10. Denial of Service (DoS) Protective General Directives pg 16 1.13 Denial of Service Prevention Tuning p21 The Apache "LimitRequestBody" directive should be configured appropriately. (1) Number value (in bytes) (1) Apache configuration file: LimitRequestBody directive L2 7. Buffer Overflow Protections p42 1.14 Buffer Overflow Protection Tuning p23 The Apache "LimitRequestFields" directive should be configured appropriately (1) Number value (1) Apache configuration file: LimitRequestFields directive L2 7. Buffer Overflow Protections p42 1.14 Buffer Overflow Protection Tuning p24 The Apache "LimitRequestFieldSizeBody" directive should be configured appropriately. (1) Number value (in bytes) (1) Apache configuration file: LimitRequestFieldSizeBody directive L2 7. Buffer Overflow Protections p42 1.14 Buffer Overflow Protection Tuning p24 The Apache "LimitRequestline" directive should be configured appropriatley. (1) Number value (in bytes) (1) Apache configuration file: LimitRequestLine directive L2 7. Buffer Overflow Protections p42 1.14 Buffer Overflow Protection Tuning p24 The Apache "LogLevel" directive should be configured appropriately. (1) debug / info / notice / warn / error / crit / alert / emerg (1) Apache configuration file: LogLevel directive L1 17. Logging General Directives p26 1.17 Logging p31 The Apache "MaxClients" directive should be configured appropriately. (1) Number value (1) Apache configuration file: MaxClients directive L1 10. Denial of Service (DoS) Protective General Directives pg 16 1.13 Denial of Service Prevention Tuning p22 The Apache "ServerTokens" directive should be configured appropriately. (1) Prod[uctOnly] / Major / Minor / Min[imal] / OS / Full (1) Apache configuration file: ServerTokens directive L1 11. Web Server Software Obfuscation General Directives p17 1.16 Software Information Leakage Protection p29 The Apache "Timeout" directive should be configured appropriately. (1) Number value (in seconds) (1) Apache configuration file: Timeout directive L1 10. Denial of Service (DoS) Protective General Directives pg 16 1.13 Denial of Service Prevention Tuning p21 The Apache access log file data should be configured to contain the appropriate data elements. (1) LogFormat Format String (1) Apache configuration file: LogFormat directive L1 17. Logging General Directives p26 1.17 Logging p30 The Apache AllowOverride Directive should be configured appropriately for operating system root directories. (1) AuthConfig / FileInfo / Indexes / Limit / Options / All / None (1) Apache configuration file: AllowOverride directive L1 15. Directory Functionality/Features Directives p24 1.8 Directory Functionality Control with the Options Directive p17 The Apache AllowOverride directive should be configured appropriately for web site root directories. (1) AuthConfig / FileInfo / Indexes / Limit / Options / All / None (1) Apache configuration file: AllowOverride directive L1 15. Directory Functionality/Features Directives p24 1.8 Directory Functionality Control with the Options Directive p17 The Apache ErrorDocument directive should be set correctly for HTTP 400 errors. (1) message/document (1) Apache configuration file: 'ErrorDocument 400' directive L1 11. Web Server Software Obfuscation General Directives p17 2.7 Additional Software Information Leakage Protection p50 The Apache Group directive should be set correctly. (1) group name (1) Apache configuration file: Group directive L1 8. User Oriented General Directives p14 1.6 Creating the Apache User and Group Accounts p14 The Apache runtime rewriting engine should be enabled or disabled as appropriate. (1) off/on (1) Apache configuration file: RewriteEngine directive L1 21. Deny HTTP TRACE Requests with Mod_Rewrite p33 1.11 Restrict HTTP Protocol Version p19 The Apache ServerSignature directive should be set appropriately. (1) On/Off/EMail (1) Apache configuration file: ServerSignature directive L1 11. Web Server Software Obfuscation General Directives p17 1.16 Software Information Leakage Protection p29 The Apache system logging should be configured appropriately. (1) File path | pipe (2) LogFormat | nickname (1) Apache configuration file: CustomLog directive L1 17. Logging General Directives p26 1.17 Logging p31 The Apache user account should be allowed root privileges as appropriate. (1) allowed/not allowed (1) via /etc/passwd L1 4. Create the Apache Web User Account p11 1.6 Creating the Apache User and Group Accounts p14 The Apache User directive should be set correctly. (1) user name (1) Apache configuration file: User directive L1 8. User Oriented General Directives p13 1.6 Creating the Apache User and Group Accounts p14 The ApacheErrorDocument directive should be set correctly for HTTP 401 errors. (1) message/document (1) Apache configuration file: 'ErrorDocument 401' directive L1 11. Web Server Software Obfuscation General Directives p17 2.7 Additional Software Information Leakage Protection p50 The ApacheErrorDocument directive should be set correctly for HTTP 403 errors. (1) message/document (1) Apache configuration file: 'ErrorDocument 403' directive L1 11. Web Server Software Obfuscation General Directives p17 2.7 Additional Software Information Leakage Protection p50 The ApacheErrorDocument directive should be set correctly for HTTP 404 errors. (1) message/document (1) Apache configuration file: 'ErrorDocument 404' directive L1 11. Web Server Software Obfuscation General Directives p17 2.7 Additional Software Information Leakage Protection p50 The ApacheErrorDocument directive should be set correctly for HTTP 405 errors. (1) message/document (1) Apache configuration file: 'ErrorDocument 405' directive L1 11. Web Server Software Obfuscation General Directives p17 2.7 Additional Software Information Leakage Protection p50 The ApacheErrorDocument directive should be set correctly for HTTP 500 errors. (1) message/document (1) Apache configuration file: 'ErrorDocument 500' directive L1 11. Web Server Software Obfuscation General Directives p17 2.7 Additional Software Information Leakage Protection p50 The Deny Directive for the OS root should be configured appropriately (1) all | hostname/IP address/environment variable (1) Deny directive L1 13. Access Control Directives p21 1.7 Restricting Access p14-15 The Deny directive for the specified Directory directive should be configured appropriately. (1) all | hostname/IP address/environment variable (1) Deny directive L1 13. Access Control Directives p21 1.7 Restricting Access p14-15 The group membership of any Apache files in /var/log/httpd/ should be set correctly. (1) group (1) via chgrp L1 19. Updating Ownership and Permissions for Enhanced Security p27 1.19 Updating Ownership and Permissions p34 The group membership of the Apache /etc/httpd/conf.d file should be set correctly. (1) group (1) via chgrp L1 19. Updating Ownership and Permissions for Enhanced Security p27 1.19 Updating Ownership and Permissions p34 The group membership of the Apache /etc/httpd/conf/passwd file should be set correctly. (1) group (1) via chgrp L1 19. Updating Ownership and Permissions for Enhanced Security p27 1.19 Updating Ownership and Permissions p34 The group membership of the Apache /usr/sbin/apachectl file should be set correctly. (1) group (1) via chgrp L1 19. Updating Ownership and Permissions for Enhanced Security p27 1.19 Updating Ownership and Permissions p34 The group membership of the Apache /usr/sbin/httpd file should be set correctly. (1) group (1) via chgrp L1 19. Updating Ownership and Permissions for Enhanced Security p27 1.19 Updating Ownership and Permissions p34 The group membership of the Apache /var/www/html file should be set correctly. (1) group (1) via chgrp L1 19. Updating Ownership and Permissions for Enhanced Security p27 1.19 Updating Ownership and Permissions p34 The group membership of the Apache user account should be set correctly. (1) group (1) via /etc/group L1 4. Create the Apache Web User Account p11 1.6 Creating the Apache User and Group Accounts p14 The ownership of log files in Apache /var/log/httpd/ should be set correctly. (1) owner (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 1.19 Updating Ownership and Permissions p34 The ownership of the Apache /etc/httpd/conf.d file should be set correctly. (1) owner (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 1.19 Updating Ownership and Permissions p34 The ownership of the Apache /etc/httpd/conf/passwd file should be set correctly. (1) owner (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 1.19 Updating Ownership and Permissions p34 The ownership of the Apache /usr/sbin/apachectl file should be set correctly. (1) owner (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 1.19 Updating Ownership and Permissions p34 The ownership of the Apache /usr/sbin/httpd file should be set correctly. (1) owner (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 1.19 Updating Ownership and Permissions p34 The ownership of the Apache /var/www/html file should be set correctly. (1) owner (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 1.19 Updating Ownership and Permissions p34 The path for Apache sites error log files should be configured appropriately. (1) File path (1) Apache configuration file: ErrorLog directive L2 4. ErrorLog - Syslog p70-71 2.5 Syslog Logging p44-45 The permissions for the Apache /etc/httpd/conf.d file should be set correctly. (1) permissions (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 1.19 Updating Ownership and Permissions p34 The permissions for the Apache /etc/httpd/conf/passwd file should be set correctly. (1) permissions (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 1.19 Updating Ownership and Permissions p34 The permissions for the Apache /usr/sbin/apachectl file should be set correctly. (1) permissions (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 1.19 Updating Ownership and Permissions p34 The permissions for the Apache /usr/sbin/httpd file should be set correctly. (1) permissions (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 1.19 Updating Ownership and Permissions p34 The permissions for the Apache/var/www/html file should be set correctly. (1) permissions (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 1.19 Updating Ownership and Permissions p34 The permissions of any Apache files in /var/log/httpd/ should be set correctly. (1) permissions (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 1.19 Updating Ownership and Permissions p34 The Unix permissions of Apache's configuration directory should be configred appropriately (1) permissions (1) via chmod L1 19. Updating Ownership and Permissions for Enhanced Security p27 1.19 Updating Ownership and Permissions p34 The"Includes" setting of the DocumentRoot should be enabled or disabled as appropriate. (1) Includes / -Includes / +Includes / None (1) Apache configuration file: Options directive (in DocumentRoot Directory directive) L1 15. Directory Functionality/Features Directives p24 1.8 Directory Functionality Control with the Options Directive p16 The"MultiViews" setting of the DocumentRoot should be enabled or disabled as appropriate. (1) MultiViews / -MultiViews / +MultiViews / None (1) Apache configuration file: Options directive (in DocumentRoot Directory directive) L1 15. Directory Functionality/Features Directives p24-25 1.8 Directory Functionality Control with the Options Directive p17 The Order directive for the OS root should be configured appropriately. (1) Allow,Deny / Deny,Allow / Mutual-failure (1) Order directive L1 13. Access Control Directives p21 Permitted HTTP request methods should be configured appropriately. (1) methods (2) access control directives (1) Apache configuration file: LimitExecpt directive L1 16. Limiting HTTP Request Methods p25 Access to Apache's httpd.conf file should be configured appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by (ServerRoot)\conf\httpd.conf's DACL L1 19. Updating Ownership and Permissions for Enhanced Security p27 The Windows permissions for all files specified by CustomLog directives should be configured appropriately (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL L1 19. Updating Ownership and Permissions for Enhanced Security p27 The Windows permissions for all files specified by ErrorLog directives should be configured appropriately (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL L1 19. Updating Ownership and Permissions for Enhanced Security p27 The location of the Apache htpasswd file should be set correctly. (1) directory path (1) Directory of htpasswd file L1 14. Authentication Mechanisms p22 The Apache Server Administrator email address should be set correctly. (1) email address (1) 'ServerAdmin' line in Apache configuration file L1 8. User Oriented General Directives p14 The Apache user account should be locked or unlocked as appropriate. (1) locked/unlocked (1) via /etc/passwd L1 5. Lock Down the Apache Web User Account p11 File permissions for httpd.conf should be set correctly. (1) permissions (1) via chmod 1.19 Updating Ownership and Permissions p34 The httpd.conf file should be owned by the appropriate user. (1) user (1) via chown 1.19 Updating Ownership and Permissions p34 The httpd.conf file should be owned by the appropriate group. (1) group (1) via chown 1.19 Updating Ownership and Permissions p34 The Unix permissions of Apache's htpasswd file should be configured appropriately. (1) permissions (1) via chmod 1.19 Updating Ownership and Permissions p34 The htpasswd should be owned by the appropriate user. (1) user (1) via chown 1.19 Updating Ownership and Permissions p34 The htpasswd file should be owned by the appropriate group. (1) group (1) via chown 1.19 Updating Ownership and Permissions p34 The Apache "StartServers" directive should be configured appropriately. (1) Number value (1) Apache configuration file: StartServers directive 1.13 Denial of Service Prevention Tuning p22 The Apache "MinSpareServers" directive should be configured appropriately. (1) Number value (1) Apache configuration file: MinSpareServers directive 1.13 Denial of Service Prevention Tuning p22 The Apache "MaxSpareServers" directive should be configured appropriately. (1) Number value (1) Apache configuration file: MaxSpareServers directive 1.13 Denial of Service Prevention Tuning p22 The "ExecCGI" setting of the DocumentRoot should be enabled or disabled as appropriate. (1) ExecCGI / -ExecCGI/ +ExecCGI / None (1) Apache configuration file: Options directive (in DocumentRoot Directory directive) 1.8 Directory Functionality Control with the Options Directive p16 The Order directive for all DocumentRoot directives should be configured appropriately. (1) Allow,Deny / Deny,Allow / Mutual-failure (1) Apache configuration file: Order directive (in DocumentRoot Directory directive) 1.7 Restricting Access p15 The Order directive for the specified Directory directive should be configured appropriately. (1) Allow,Deny / Deny,Allow / Mutual-failure (1) TARGET: Directory directive (2) Apache configuration file: Order directive 1.7 Restricting Access p15 The Apache Action directive shoud be configured appropriately. (1) action-type (2) cgi-script (1) Apache configuration file: Action directive Rule Title: MIME types for csh or sh shell programs must be disabled. STIG ID: WG370 A22 Rule ID: SV-36309r1_rule Vuln ID: V-2225 Severity: CAT II Class: Unclass The Apache AddHandler directive should be configured appropriately. (1) handler-name (2) extension (1) Apache configuration file: AddHandler directive Rule Title: MIME types for csh or sh shell programs must be disabled. STIG ID: WG370 A22 Rule ID: SV-36309r1_rule Vuln ID: V-2225 Severity: CAT II Class: Unclass Anonymous sharing of Apache's web content directories with nfs should be configured appropriately. (1) Set of shares (1) via /etc/exports Rule Title: Web content directories must not be anonymously shared. STIG ID: WG210 A22 Rule ID: SV-33022r1_rule Vuln ID: V-2226 Severity: CAT II Class: Unclass Anonymous sharing of Apache's web content directories with smb should be configured appropriately. (1) Set of shares (1) via /etc/samba/smb.conf Rule Title: Web content directories must not be anonymously shared. STIG ID: WG210 A22 Rule ID: SV-33022r1_rule Vuln ID: V-2226 Severity: CAT II Class: Unclass The Apache AllowOverride directive should be configured appropriately for web site root directories. (1) AuthConfig / FileInfo / Indexes / Limit / Options / All / None (1) Apache configuration file: AllowOverride directive L1 15. Directory Functionality/Features Directives p24 Rule Title: All interactive programs must be placed in a designated directory with appropriate permissions. STIG ID: WG400 A22 Rule ID: SV-6928r4_rule Vuln ID: V-2228 Severity: CAT II Class: Unclass Rule Title: All interactive programs must be placed in a designated directory with appropriate permissions. STIG ID: WG400 W22 Rule ID: SV-36644r1_rule Vuln ID: V-2228 Severity: CAT II Class: Unclass The Apachce "MaxKeepAliveRequests" directive should be configured appropriately. (1) Number value (1) Apache configuration file: MaxKeepAliveRequests directive Rule Title: The number of allowed simultaneous requests must be set. STIG ID: WG110 A22 Rule ID: SV-33018r1_rule Vuln ID: V-2240 Severity: CAT II Class: Unclass Rule Title: The number of allowed simultaneous requests must be set. STIG ID: WG110 W22 Rule ID: SV-33105r1_rule Vuln ID: V-2240 Severity: CAT II Class: Unclass All readable Apache web document directories should have their default webpage configured appropriately. (1) exist / not exist (1) Directories (from Apache configuration file: DocumentRoot directive) Rule Title: Each readable web document directory must contain either a default, home, index, or equivalent file. STIG ID: WG170 A22 Rule ID: SV-33020r1_rule Vuln ID: V-2245 Severity: CAT III Class: Unclass Rule Title: Each readable web document directory must contain either a default, home, index, or equivalent file. STIG ID: WG170 W22 Rule ID: SV-33107r1_rule Vuln ID: V-2245 Severity: CAT III Class: Unclass File permissions for httpd.conf should be set correctly. (1) permissions (1) via chmod Rule Title: Web administration tools must be restricted to the web manager and the web manager’s designees. STIG ID: WG220 A22 Rule ID: SV-32948r1_rule Vuln ID: V-2248 Severity: CAT II Class: Unclass The httpd.conf file should be owned by the appropriate user. (1) user (1) via chown Rule Title: Web administration tools must be restricted to the web manager and the web manager’s designees. STIG ID: WG220 A22 Rule ID: SV-32948r1_rule Vuln ID: V-2248 Severity: CAT II Class: Unclass The httpd.conf file should be owned by the appropriate group. (1) group (1) via chown Rule Title: Web administration tools must be restricted to the web manager and the web manager’s designees. STIG ID: WG220 A22 Rule ID: SV-32948r1_rule Vuln ID: V-2248 Severity: CAT II Class: Unclass Apache's log_config_module should be enabled or disabled as appropriate. (1) log_config_module (1) Apache configuration file: LoadModule directive Rule Title: Logs of web server access and errors must be established and maintained. STIG ID: WG240 A22 Rule ID: SV-33025r1_rule Vuln ID: V-2250 Severity: CAT II Class: Unclass Rule Title: Logs of web server access and errors must be established and maintained. STIG ID: WG240 W20 Rule ID: SV-36668r1_rule Vuln ID: V-2250 Severity: CAT II Class: Unclass The file permissions for all files specified by CustomLog directives should be configured appropriately (1) permissions (1) via chmod Rule Title: Log file access must be restricted to System Administrators, Web Administrators or Auditors. STIG ID: WG250 A22 Rule ID: SV-33033r1_rule Vuln ID: V-2252 Severity: CAT II Class: Unclass All files specified by CustomLog directives should be owned by the appropriate user (1) user (1) via chown Rule Title: Log file access must be restricted to System Administrators, Web Administrators or Auditors. STIG ID: WG250 A22 Rule ID: SV-33033r1_rule Vuln ID: V-2252 Severity: CAT II Class: Unclass All files specified by CustomLog directives should be owned by the appropriate group (1) group (1) via chown Rule Title: Log file access must be restricted to System Administrators, Web Administrators or Auditors. STIG ID: WG250 A22 Rule ID: SV-33033r1_rule Vuln ID: V-2252 Severity: CAT II Class: Unclass The Unix permissions for all files specified by ErrorLog directives should be configured appropriately (1) permissions (1) via chmod Rule Title: Log file access must be restricted to System Administrators, Web Administrators or Auditors. STIG ID: WG250 A22 Rule ID: SV-33033r1_rule Vuln ID: V-2252 Severity: CAT II Class: Unclass All files specified by ErrorLog directives should be owned by the appropriate user (1) user (1) via chown Rule Title: Log file access must be restricted to System Administrators, Web Administrators or Auditors. STIG ID: WG250 A22 Rule ID: SV-33033r1_rule Vuln ID: V-2252 Severity: CAT II Class: Unclass All files specified by ErrorLog directives should be owned by the appropriate group (1) group (1) via chown Rule Title: Log file access must be restricted to System Administrators, Web Administrators or Auditors. STIG ID: WG250 A22 Rule ID: SV-33033r1_rule Vuln ID: V-2252 Severity: CAT II Class: Unclass The Unix permissions of Apache's htpasswd file should be configured appropriately. (1) permissions (1) via chmod Rule Title: The web server’s htpasswd files (if present) must reflect proper ownership and permissions. STIG ID: WG270 A22 Rule ID: SV-36478r1_rule Vuln ID: V-2255 Severity: CAT II Class: Unclass The htpasswd should be owned by the appropriate user. (1) user (1) via chown Rule Title: The web server’s htpasswd files (if present) must reflect proper ownership and permissions. STIG ID: WG270 A22 Rule ID: SV-36478r1_rule Vuln ID: V-2255 Severity: CAT II Class: Unclass The htpasswd file should be owned by the appropriate group. (1) group (1) via chown Rule Title: The web server’s htpasswd files (if present) must reflect proper ownership and permissions. STIG ID: WG270 A22 Rule ID: SV-36478r1_rule Vuln ID: V-2255 Severity: CAT II Class: Unclass The Unix permissions for all directories specified by ScriptAlias directives should be configured appropriately. (1) permissions (1) via chmod Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass All directories specified by ScriptAlias directives should be owned by the appropriate user. (1) user (1) via chown Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass All directories specified by ScriptAlias directives should be owned by the appropriate group. (1) group (1) via chown Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass The Unix permissions for all directories specified by ScriptAliasMatch directives should be configured appropriately. (1) permissions (1) via chmod Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass All directories specified by ScriptAliasMatch directives should be owned by the appropriate user. (1) user (1) via chown Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass All directories specified by ScriptAliasMatch directives should be owned by the appropriate group. (1) group (1) via chown Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass The Unix permissions for all directories specified by DocumentRoot directives should be configured appropriately. (1) permissions (1) via chmod Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass All directories specified by DocumentRoot directives should be owned by the appropriate user. (1) user (1) via chown Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass All directories specified by DocumentRoot directives should be owned by the appropriate group. (1) group (1) via chown Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass The Unix permissions for all directories specified by Alias directives should be configured appropriately. (1) permissions (1) via chmod Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass All directories specified by Alias directives should be owned by the appropriate user. (1) user (1) via chown Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass All directories specified by Alias directives should be owned by the appropriate group. (1) group (1) via chown Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass The Unix permissions for all directories specified by ServerRoot directives should be configred appropriately (1) permissions (1) via chmod Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass All directories specified by ServerRoot directives should be owned by the appropriate user. (1) user (1) via chown Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass All directories specified by ServerRoot directives should be owned by the appropriate group. (1) group (1) via chown Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The Unix permissions of Apache's configuration directory should be configred appropriately (1) permissions (1) via chmod L1 19. Updating Ownership and Permissions for Enhanced Security p27 Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass Apache's configuration directory should be owned by the appropriate user. (1) user (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass Apache's configuration directory should be owned by the appropriate group. (1) group (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The Unix permissions of Apache's /bin directory should be configred appropriately (1) permissions (1) via chmod Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass Apache's /bin directory should be owned by the appropriate user. (1) user (1) via chown Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass Apache's /bin directory should be owned by the appropriate group. (1) group (1) via chown Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The Unix permissions of Apache's /logs directory should be configred appropriately (1) permissions (1) via chmod Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass Apache's /logs directory should be owned by the appropriate user. (1) user (1) via chown Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass Apache's /logs directory should be owned by the appropriate group. (1) group (1) via chown Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The Unix permissions of Apache's /htdocs directory should be configred appropriately (1) permissions (1) via chmod Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass Apache's /htdocs directory should be owned by the appropriate user. (1) user (1) via chown Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass Apache's /htdocs directory should be owned by the appropriate group. (1) group (1) via chown Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The Unix permissions of Apache's /cgi-bin directory should be configred appropriately (1) permissions (1) via chmod Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass Apache's /cgi-bin directory should be owned by the appropriate user. (1) user (1) via chown Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass Apache's /cgi-bin directory should be owned by the appropriate group. (1) group (1) via chown Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The Apache site's robots.txt should be configured to disallow paths and files as appropriate. (1) User-Agent (2) Disallowed path(s)|file(s) (1) robots.txt Rule Title: A private web server must not respond to requests from public search engines. STIG ID: WG310 A22 Rule ID: SV-33028r1_rule Vuln ID: V-2260 Severity: CAT II Class: Unclass Rule Title: A private web server must not respond to requests from public search engines. STIG ID: WG310 W22 Rule ID: SV-28798r2_rule Vuln ID: V-2260 Severity: CAT II Class: Unclass Apache's ssl_module should be enabled or disabled as appropriate. (1) ssl_module (1) Apache configuration file: LoadModule directive Rule Title: A private web server must utilize TLS v 1.0 or greater. STIG ID: WG340 A22 Rule ID: SV-33029r1_rule Vuln ID: V-2262 Severity: CAT II Class: Unclass Rule Title: A private web server must utilize TLS v 1.0 or greater. STIG ID: WG340 W20 Rule ID: SV-36740r1_rule Vuln ID: V-2262 Severity: CAT II Class: Unclass The Apache SSLProtocol directive should be configured appropriately. (1) SSLv2 / SSLv3 / TLSv1 / All (1) Apache configuration file: SSLProtocol directive Rule Title: A private web server must utilize TLS v 1.0 or greater. STIG ID: WG340 A22 Rule ID: SV-33029r1_rule Vuln ID: V-2262 Severity: CAT II Class: Unclass Rule Title: A private web server must utilize TLS v 1.0 or greater. STIG ID: WG340 W20 Rule ID: SV-36740r1_rule Vuln ID: V-2262 Severity: CAT II Class: Unclass The Apache SSLEngine directive should be configured appropriately. (1) On / Off (1) Apache configuration file: SSLEngine directive Rule Title: A private web server must utilize TLS v 1.0 or greater. STIG ID: WG340 A22 Rule ID: SV-33029r1_rule Vuln ID: V-2262 Severity: CAT II Class: Unclass Rule Title: A private web server must utilize TLS v 1.0 or greater. STIG ID: WG340 W20 Rule ID: SV-36740r1_rule Vuln ID: V-2262 Severity: CAT II Class: Unclass The Apache "ServerTokens" directive should be configured appropriately. (1) Prod[uctOnly] / Major / Minor / Min[imal] / OS / Full (1) Apache configuration file: ServerTokens directive L1 11. Web Server Software Obfuscation General Directives p17 Rule Title: Web server and/or operating system information must be protected. STIG ID: WG520 A22 Rule ID: SV-36672r1_rule Vuln ID: V-6724 Severity: CAT III Class: Unclass Rule Title: Web server and/or operating system information must be protected. STIG ID: WG520 W22 Rule ID: SV-33098r1_rule Vuln ID: V-6724 Severity: CAT III Class: Unclass All Apache's online manual should be available or removed as appropriate. (1) exist / not exist (1) manual in the Server Root directory Rule Title: All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. STIG ID: WG385 A22 Rule ID: SV-32933r1_rule Vuln ID: V-13621 Severity: CAT I Class: Unclass Rule Title: All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. STIG ID: WG385 W22 Rule ID: SV-33087r1_rule Vuln ID: V-13621 Severity: CAT I Class: Unclass Apache's demo CGI printenv.pl should be available or removed as appropriate (1) exist / not exist (1) (ServerRoot)\cgi-bin\printenv.pl (2) (ServerRoot)/cgi-bin/printenv.pl L1 18. Remove Default/Unneeded Apache Files p27 Rule Title: All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. STIG ID: WG385 A22 Rule ID: SV-32933r1_rule Vuln ID: V-13621 Severity: CAT I Class: Unclass Rule Title: All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. STIG ID: WG385 W22 Rule ID: SV-33087r1_rule Vuln ID: V-13621 Severity: CAT I Class: Unclass The Apache access log file data should be configured to contain the appropriate data elements. (1) LogFormat Format String (1) Apache configuration file: LogFormat directive L1 17. Logging General Directives p26 Rule Title: Log file data must contain required data elements. STIG ID: WG242 A22 Rule ID: SV-36642r1_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass Rule Title: Log file data must contain required data elements. STIG ID: WG242 W22 Rule ID: SV-28654r2_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass The Apache "Timeout" directive should be configured appropriately. (1) Number value (in seconds) (1) Apache configuration file: Timeout directive L1 10. Denial of Service (DoS) Protective General Directives pg 16 Rule Title: The Timeout directive must be properly set. STIG ID: WA000-WWA020 A22 Rule ID: SV-32977r1_rule Vuln ID: V-13724 Severity: CAT II Class: Unclass Rule Title: The Timeout directive must be properly set. STIG ID: WA000-WWA020 W22 Rule ID: SV-32980r1_rule Vuln ID: V-13724 Severity: CAT II Class: Unclass The Apache "KeepAlive" directive should be configured appropriately. (1) On / Off (1) Apache configuration file: KeepAlive directive L1 10. Denial of Service (DoS) Protective General Directives pg 16 Rule Title: The KeepAlive directive must be enabled. STIG ID: WA000-WWA022 A22 Rule ID: SV-32844r1_rule Vuln ID: V-13725 Severity: CAT II Class: Unclass Rule Title: The KeepAlive directive must be enabled. STIG ID: WA000-WWA022 W22 Rule ID: SV-32987r1_rule Vuln ID: V-13725 Severity: CAT II Class: Unclass The Apache "KeepAliveTimeout" directive should be configured appropriately. (1) Number value (in seconds) (1) Apache configuration file: KeepAliveTimeout directive L1 10. Denial of Service (DoS) Protective General Directives pg 16 Rule Title: The KeepAliveTimeout directive must be defined. STIG ID: WA000-WWA024 A22 Rule ID: SV-32877r1_rule Vuln ID: V-13726 Severity: CAT II Class: Unclass Rule Title: The KeepAliveTimeout directive must be defined. STIG ID: WA000-WWA024 W22 Rule ID: SV-32880r1_rule Vuln ID: V-13726 Severity: CAT II Class: Unclass The Apache "StartServers" directive should be configured appropriately. (1) Number value (1) Apache configuration file: StartServers directive Rule Title: The httpd.conf StartServers directive must be set properly. STIG ID: WA000-WWA026 A22 Rule ID: SV-36645r1_rule Vuln ID: V-13727 Severity: CAT II Class: Unclass The Apache "MinSpareServers" directive should be configured appropriately. (1) Number value (1) Apache configuration file: MinSpareServers directive Rule Title: The httpd.conf MinSpareServers directive must be set properly. STIG ID: WA000-WWA028 A22 Rule ID: SV-36646r1_rule Vuln ID: V-13728 Severity: CAT II Class: Unclass The Apache "MaxSpareServers" directive should be configured appropriately. (1) Number value (1) Apache configuration file: MaxSpareServers directive Rule Title: The httpd.conf MaxSpareServers directive must be set properly. STIG ID: WA000-WWA030 A22 Rule ID: SV-36648r1_rule Vuln ID: V-13729 Severity: CAT III Class: Unclass The Apache "MaxClients" directive should be configured appropriately. (1) Number value (1) Apache configuration file: MaxClients directive L1 10. Denial of Service (DoS) Protective General Directives pg 16 Rule Title: The httpd.conf MaxClients directive must be set properly. STIG ID: WA000-WWA032 A22 Rule ID: SV-36649r1_rule Vuln ID: V-13730 Severity: CAT II Class: Unclass The Apache "FollowSymLinks" setting for all "Options" directives should be configured appropriately. (1) FollowSymLinks / -FollowSymLinks / +FollowSymLinks / None (1) Apache configuration file: Options directive Rule Title: The FollowSymLinks setting must be disabled. STIG ID: WA000-WWA052 A22 Rule ID: SV-40129r1_rule Vuln ID: V-13732 Severity: CAT II Class: Unclass The Apache "Includes" setting for all "Options" directives should be configured appropriately. (1) Includes / -Includes / +Includes / None (1) Apache configuration file: Options directive Rule Title: Server side includes (SSIs) must run with execution capability disabled. STIG ID: WA000-WWA054 A22 Rule ID: SV-32753r1_rule Vuln ID: V-13733 Severity: CAT I Class: Unclass The Apache "IncludesNoExec" setting for all "Options" directives should be configured appropriately. (1) IncludesNoExec / -IncludesNoExec / +IncludesNoExec / None (1) Apache configuration file: Options directive Rule Title: Server side includes (SSIs) must run with execution capability disabled. STIG ID: WA000-WWA054 A22 Rule ID: SV-32753r1_rule Vuln ID: V-13733 Severity: CAT I Class: Unclass The Apache "MultiViews" setting for all "Options" directives should be configured appropriately. (1) MultiViews / -MultiViews / +MultiViews / None (1) Apache configuration file: Options directive Rule Title: The MultiViews directive must be disabled. STIG ID: WA000-WWA056 A22 Rule ID: SV-32754r1_rule Vuln ID: V-13734 Severity: CAT II Class: Unclass The Apache "Indexes" setting for all "Options" directives should be configured appropriately. (1) Indexes / -Indexes / +Indexes / None (1) Apache configuration file: Options directive Rule Title: Directory indexing must be disabled on directories not containing index files. STIG ID: WA000-WWA058 A22 Rule ID: SV-32755r1_rule Vuln ID: V-13735 Severity: CAT II Class: Unclass The Apache "LimitRequestBody" directive should be configured appropriately. (1) Number value (in bytes) (1) Apache configuration file: LimitRequestBody directive L2 7. Buffer Overflow Protections p42 Rule Title: The HTTP request message body size must be limited. STIG ID: WA000-WWA060 A22 Rule ID: SV-32756r1_rule Vuln ID: V-13736 Severity: CAT II Class: Unclass+G66 Rule Title: The HTTP request message body size must be limited. STIG ID: WA000-WWA060 W22 Rule ID: SV-33008r1_rule Vuln ID: V-13736 Severity: CAT II Class: Unclass The Apache "LimitRequestFields" directive should be configured appropriately (1) Number value (1) Apache configuration file: LimitRequestFields directive L2 7. Buffer Overflow Protections p42 Rule Title: The HTTP request header fields must be limited. STIG ID: WA000-WWA062 A22 Rule ID: SV-32757r1_rule Vuln ID: V-13737 Severity: CAT II Class: Unclass Rule Title: The HTTP request header fields must be limited. STIG ID: WA000-WWA062 W22 Rule ID: SV-33009r1_rule Vuln ID: V-13737 Severity: CAT II Class: Unclass The Apache "LimitRequestFieldSizeBody" directive should be configured appropriately. (1) Number value (in bytes) (1) Apache configuration file: LimitRequestFieldSizeBody directive L2 7. Buffer Overflow Protections p42 Rule Title: The HTTP request header field size must be limited. STIG ID: WA000-WWA064 A22 Rule ID: SV-32766r1_rule Vuln ID: V-13738 Severity: CAT II Class: Unclass Rule Title: The HTTP request header field size must be limited. STIG ID: WA000-WWA064 W22 Rule ID: SV-33010r1_rule Vuln ID: V-13738 Severity: CAT II Class: Unclass The Apache "LimitRequestline" directive should be configured appropriatley. (1) Number value (in bytes) (1) Apache configuration file: LimitRequestLine directive L2 7. Buffer Overflow Protections p42 Rule Title: The HTTP request line must be limited. STIG ID: WA000-WWA066 A22 Rule ID: SV-32768r1_rule Vuln ID: V-13739 Severity: CAT II Class: Unclass Rule Title: The HTTP request line must be limited. STIG ID: WA000-WWA066 W22 Rule ID: SV-33011r1_rule Vuln ID: V-13739 Severity: CAT II Class: Unclass The path for Apache sites error log files should be configured appropriately. (1) File path (1) Apache configuration file: ErrorLog directive L2 4. ErrorLog - Syslog p70-71 Rule Title: Error logging must be enabled. STIG ID: WA00605 A22 Rule ID: SV-33192r1_rule Vuln ID: V-26279 Severity: CAT II Class: Unclass Rule Title: Error logging must be enabled. STIG ID: WA00605 W22 Rule ID: SV-33147r1_rule Vuln ID: V-26279 Severity: CAT II Class: Unclass The Apache system logging should be configured appropriately. (1) File path | pipe (2) LogFormat | nickname (1) Apache configuration file: CustomLog directive L1 17. Logging General Directives p26 Rule Title: System logging must be enabled. STIG ID: WA00615 A22 Rule ID: SV-33206r1_rule Vuln ID: V-26281 Severity: CAT II Class: Unclass Rule Title: System logging must be enabled. STIG ID: WA00615 W22 Rule ID: SV-33151r1_rule Vuln ID: V-26281 Severity: CAT II Class: Unclass The Apache "LogLevel" directive should be configured appropriately. (1) debug / info / notice / warn / error / crit / alert / emerg (1) Apache configuration file: LogLevel directive L1 17. Logging General Directives p26 Rule Title: The LogLevel directive must be enabled. STIG ID: WA00620 A22 Rule ID: SV-33207r1_rule Vuln ID: V-26282 Severity: CAT II Class: Unclass Rule Title: The LogLevel directive must be enabled. STIG ID: WA00620 W22 Rule ID: SV-33153r1_rule Vuln ID: V-26282 Severity: CAT II Class: Unclass Web Distributed Authoring and Versioning (WebDav) dav_module should be enabled or disabled as appropriate. (1) dav_module (1) Apache configuration file: LoadModule directive Rule Title: Web Distributed Authoring and Versioning (WebDAV) must be disabled. STIG ID: WA00505 A22 Rule ID: SV-33216r1_rule Vuln ID: V-26287 Severity: CAT II Class: Unclass Rule Title: Web Distributed Authoring and Versioning (WebDAV) must be disabled. STIG ID: WA00505 W20 Rule ID: SV-36611r1_rule Vuln ID: V-26287 Severity: CAT II Class: Unclass Web Distributed Authoring and Versioning (WebDav) dav_fs_module should be enabled or disabled as appropriate. (1) dav_fs_module (1) Apache configuration file: LoadModule directive Rule Title: Web Distributed Authoring and Versioning (WebDAV) must be disabled. STIG ID: WA00505 A22 Rule ID: SV-33216r1_rule Vuln ID: V-26287 Severity: CAT II Class: Unclass Rule Title: Web Distributed Authoring and Versioning (WebDAV) must be disabled. STIG ID: WA00505 W20 Rule ID: SV-36611r1_rule Vuln ID: V-26287 Severity: CAT II Class: Unclass Apache's info_module should be enabled or disabled as appropriate. (1) info_module (1) Apache configuration file: LoadModule directive Rule Title: Web server status module will be disabled. STIG ID: WA00510 A22 Rule ID: SV-33218r1_rule Vuln ID: V-26294 Severity: CAT II Class: Unclass Rule Title: Web server status module will be disabled. STIG ID: WA00510 W20 Rule ID: SV-36612r1_rule Vuln ID: V-26294 Severity: CAT II Class: Unclass Apache's status_module should be enabled or disabled as appropriate. (1) status_module (1) Apache configuration file: LoadModule directive Rule Title: Web server status module will be disabled. STIG ID: WA00510 A22 Rule ID: SV-33218r1_rule Vuln ID: V-26294 Severity: CAT II Class: Unclass Rule Title: Web server status module will be disabled. STIG ID: WA00510 W20 Rule ID: SV-36612r1_rule Vuln ID: V-26294 Severity: CAT II Class: Unclass Apache's proxy_module should be enabled or disabled as appropriate. (1) proxy_module (1) Apache configuration file: LoadModule directive Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 A22 Rule ID: SV-33220r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 W20 Rule ID: SV-36613r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass Apache's proxy_ftp_module should be enabled or disabled as appropriate. (1) proxy_ftp_module (1) Apache configuration file: LoadModule directive Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 A22 Rule ID: SV-33220r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 W20 Rule ID: SV-36613r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass Apache's proxy_http_module should be enabled or disabled as appropriate. (1) proxy_http_module (1) Apache configuration file: LoadModule directive Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 A22 Rule ID: SV-33220r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 W20 Rule ID: SV-36613r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass Apache's proxy_connect_module should be enabled or disabled as appropriate. (1) proxy_connect_module (1) Apache configuration file: LoadModule directive Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 A22 Rule ID: SV-33220r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 W20 Rule ID: SV-36613r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass User-specific directories should be enabled or disabled as appropriate. (1) userdir_module (1) Apache configuration file: LoadModule directive Rule Title: User specific directories must not be globally enabled. STIG ID: WA00525 A22 Rule ID: SV-33221r1_rule Vuln ID: V-26302 Severity: CAT II Class: Unclass Rule Title: User specific directories must not be globally enabled. STIG ID: WA00525 W20 Rule ID: SV-36614r1_rule Vuln ID: V-26302 Severity: CAT II Class: Unclass Apache's process ID (PID) file's Unix permissions should be configured appropriately. (1) permissions (1) via chmod Rule Title: The process ID (PID) file must be properly secured. STIG ID: WA00530 A22 Rule ID: SV-33222r1_rule Vuln ID: V-26305 Severity: CAT II Class: Unclass Apache's process ID (PID) file should be owned by the appropriate user. (1) user (1) via chown Rule Title: The process ID (PID) file must be properly secured. STIG ID: WA00530 A22 Rule ID: SV-33222r1_rule Vuln ID: V-26305 Severity: CAT II Class: Unclass Apache's process ID (PID) file should be owned by the appropriate group. (1) group (1) via chown Rule Title: The process ID (PID) file must be properly secured. STIG ID: WA00530 A22 Rule ID: SV-33222r1_rule Vuln ID: V-26305 Severity: CAT II Class: Unclass Apache's Scoreboard file's Unix permissions should be configured appropriately. (1) permissions (1) via chmod Rule Title: The ScoreBoard file must be properly secured. STIG ID: WA00535 A22 Rule ID: SV-33223r1_rule Vuln ID: V-26322 Severity: CAT II Class: Unclass Apache's scoreboard file should be owned by the appropriate user. (1) user (1) via chown Rule Title: The ScoreBoard file must be properly secured. STIG ID: WA00535 A22 Rule ID: SV-33223r1_rule Vuln ID: V-26322 Severity: CAT II Class: Unclass Apache's scoreboard (PID) file should be owned by the appropriate group. (1) group (1) via chown Rule Title: The ScoreBoard file must be properly secured. STIG ID: WA00535 A22 Rule ID: SV-33223r1_rule Vuln ID: V-26322 Severity: CAT II Class: Unclass The Order directive for the OS root should be configured appropriately. (1) Allow,Deny / Deny,Allow / Mutual-failure (1) Order directive L1 13. Access Control Directives p21 Rule Title: The web server must be configured to explicitly deny access to the OS root. STIG ID: WA00540 A22 Rule ID: SV-33226r1_rule Vuln ID: V-26323 Severity: CAT II Class: Unclass Rule Title: The web server must be configured to explicitly deny access to the OS root. STIG ID: WA00540 W22 Rule ID: SV-33180r1_rule Vuln ID: V-26323 Severity: CAT II Class: Unclass The Allow Directive for the OS root should be configured appropriately (1) all | hostname/IP address/environment variable (1) Allow directive L1 13. Access Control Directives p21 Rule Title: The web server must be configured to explicitly deny access to the OS root. STIG ID: WA00540 A22 Rule ID: SV-33226r1_rule Vuln ID: V-26323 Severity: CAT II Class: Unclass Rule Title: The web server must be configured to explicitly deny access to the OS root. STIG ID: WA00540 W22 Rule ID: SV-33180r1_rule Vuln ID: V-26323 Severity: CAT II Class: Unclass The Deny Directive for the OS root should be configured appropriately (1) all | hostname/IP address/environment variable (1) Deny directive L1 13. Access Control Directives p21 Rule Title: The web server must be configured to explicitly deny access to the OS root. STIG ID: WA00540 A22 Rule ID: SV-33226r1_rule Vuln ID: V-26323 Severity: CAT II Class: Unclass Rule Title: The web server must be configured to explicitly deny access to the OS root. STIG ID: WA00540 W22 Rule ID: SV-33180r1_rule Vuln ID: V-26323 Severity: CAT II Class: Unclass The Apache "ExecCGI" setting for all "Options" directives for the OS root should be configured appropriately. (1) ExecCGI / -ExecCGI/ +ExecCGI / None (1) Apache configuration file: Options directive (in OS root Directory directive) Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 A22 Rule ID: SV-33213r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclass The Apache "FollowSymLinks" setting for all "Options" directives for the OS root should be configured appropriately. (1) FollowSymLinks / -FollowSymLinks / +FollowSymLinks / None (1) Apache configuration file: Options directive (in OS root Directory directive) Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 A22 Rule ID: SV-33213r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclass The Apache "Includes" setting for all "Options" directives for the OS root should be configured appropriately. (1) Includes / -Includes / +Includes / None (1) Apache configuration file: Options directive (in OS root Directory directive) Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 A22 Rule ID: SV-33213r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclass The Apache "IncludesNoExec" setting for all "Options" directives for the OS root should be configured appropriately. (1) IncludesNoExec / -IncludesNoExec / +IncludesNoExec / None (1) Apache configuration file: Options directive (in OS root Directory directive) Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 A22 Rule ID: SV-33213r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclass The Apache "Indexes" setting for all "Options" directives for the OS root should be configured appropriately. (1) Indexes / -Indexes / +Indexes / None (1) Apache configuration file: Options directive (in OS root Directory directive) Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 A22 Rule ID: SV-33213r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclass The Apache "MultiViews" setting for all "Options" directives for the OS root should be configured appropriately. (1) MultiViews / -MultiViews / +MultiViews / None (1) Apache configuration file: Options directive (in OS root Directory directive) Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 A22 Rule ID: SV-33213r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclass The Apache "SymLinksIfOwnerMatch" setting for all "Options" directives for the OS root should be configured appropriately. (1) SymLinksIfOwnerMatch / -SymLinksIfOwnerMatch / +SymLinksIfOwnerMatch / None (1) Apache configuration file: Options directive (in OS root Directory directive) Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 A22 Rule ID: SV-33213r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclass The Apache "TraceEnable" directive should be configured appropriatley. (1) on / off / extended (1) Apache configuration file: TraceEnable directive Rule Title: The TRACE method must be disabled. STIG ID: WA00550 A22 Rule ID: SV-33227r1_rule Vuln ID: V-26325 Severity: CAT II Class: Unclass Rule Title: The TRACE method must be disabled. STIG ID: WA00550 W22 Rule ID: SV-33183r1_rule Vuln ID: V-26325 Severity: CAT II Class: Unclass Apache's listening IP address should be configured appropriately. (1) IP-address (1) Apache configuration file: Listen directive Rule Title: The web server must be configured to listen on a specific IP address and port. STIG ID: WA00555 A22 Rule ID: SV-33228r1_rule Vuln ID: V-26326 Severity: CAT II Class: Unclass Rule Title: The web server must be configured to listen on a specific IP address and port. STIG ID: WA00555 W22 Rule ID: SV-33184r1_rule Vuln ID: V-26326 Severity: CAT II Class: Unclass Apache's listening port should be configured appropriately. (1) port number (1) Apache configuration file: Listen directive Rule Title: The web server must be configured to listen on a specific IP address and port. STIG ID: WA00555 A22 Rule ID: SV-33228r1_rule Vuln ID: V-26326 Severity: CAT II Class: Unclass Rule Title: The web server must be configured to listen on a specific IP address and port. STIG ID: WA00555 W22 Rule ID: SV-33184r1_rule Vuln ID: V-26326 Severity: CAT II Class: Unclass The ScriptAlias for the specified directory should be configured appropriately. (1) url-path (2) TARGET: directory path (1) Apache configuration file: ScriptAlias directive Rule Title: The URL-path name must be set to the file path name or the directory path name. STIG ID: WA00560 A22 Rule ID: SV-33229r1_rule Vuln ID: V-26327 Severity: CAT II Class: Unclass Rule Title: The URL-path name must be set to the file path name or the directory path name. STIG ID: WA00560 W22 Rule ID: SV-33185r1_rule Vuln ID: V-26327 Severity: CAT II Class: Unclass Automatic directory indexing should be enabled or disabled as appropriate. (1) autoindex_module (1) Apache configuration file: LoadModule directive Rule Title: Automatic directory indexing must be disabled. STIG ID: WA00515 A22 Rule ID: SV-33219r1_rule Vuln ID: V-26368 Severity: CAT II Class: Unclass Rule Title: Automatic directory indexing must be disabled. STIG ID: WA00515 W20 Rule ID: SV-36620r1_rule Vuln ID: V-26368 Severity: CAT II Class: Unclass The Apache AllowOverride Directive should be configured appropriately for operating system root directories. (1) AuthConfig / FileInfo / Indexes / Limit / Options / All / None (1) Apache configuration file: AllowOverride directive L1 15. Directory Functionality/Features Directives p24 Rule Title: The ability to override the access configuration for the OS root directory must be disabled. STIG ID: WA00547 A22 Rule ID: SV-33232r1_rule Vuln ID: V-26393 Severity: CAT II Class: Unclass Rule Title: The ability to override the access configuration for the OS root directory must be disabled. STIG ID: WA00547 W22 Rule ID: SV-33237r1_rule Vuln ID: V-26393 Severity: CAT II Class: Unclass Permitted HTTP request methods should be configured appropriately. (1) methods (2) access control directives (1) Apache configuration file: LimitExecpt directive L1 16. Limiting HTTP Request Methods p25 Rule Title: HTTP request methods must be limited. STIG ID: WA00565 A22 Rule ID: SV-33236r1_rule Vuln ID: V-26396 Severity: CAT II Class: Unclass Rule Title: HTTP request methods must be limited. STIG ID: WA00565 W22 Rule ID: SV-33238r1_rule Vuln ID: V-26396 Severity: CAT II Class: Unclass Anonymous sharing of Apache's web content directories should be configured appropriately. (1) Set of shares (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares (2) defined by Local or Group Policy Rule Title: Web content directories must not be anonymously shared. STIG ID: WG210 W22 Rule ID: SV-33109r1_rule Vuln ID: V-2226 Severity: CAT II Class: Unclass The maximum password age setting for Apache's service account should be configured appropriately. (1) number of days (1) defined by Local or Group Policy Rule Title: The service account used to run the web service must have its password changed at least annually. STIG ID: WG060 W22 Rule ID: SV-36489r1_rule Vuln ID: V-2235 Severity: CAT II Class: Unclass Access to Apache's httpd.conf file should be configured appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by (ServerRoot)\conf\httpd.conf's DACL L1 19. Updating Ownership and Permissions for Enhanced Security p27 Rule Title: Web administration tools must be restricted to the web manager and the web manager’s designees. STIG ID: WG220 W22 Rule ID: SV-33072r1_rule Vuln ID: V-2248 Severity: CAT II Class: Unclass The Windows permissions for all files specified by CustomLog directives should be configured appropriately (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL L1 19. Updating Ownership and Permissions for Enhanced Security p27 Rule Title: Log file access must be restricted to System Administrators, Web Administrators or Auditors. STIG ID: WG250 W22 Rule ID: SV-33135r1_rule Vuln ID: V-2252 Severity: CAT II Class: Unclass The Windows permissions for all files specified by ErrorLog directives should be configured appropriately (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL L1 19. Updating Ownership and Permissions for Enhanced Security p27 Rule Title: Log file access must be restricted to System Administrators, Web Administrators or Auditors. STIG ID: WG250 W22 Rule ID: SV-33135r1_rule Vuln ID: V-2252 Severity: CAT II Class: Unclass The Windows permissions of Apache's htpasswd.exe file(s) should be configured appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: The web server’s htpasswd files (if present) must reflect proper ownership and permissions. STIG ID: WG270 W22 Rule ID: SV-36561r1_rule Vuln ID: V-2255 Severity: CAT II Class: Unclass The Windows permissions for all directories specified by ScriptAlias directives should be configured appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 W22 Rule ID: SV-33136r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass The Windows permissions for all directories specified by ScriptAliasMatch directives should be configured appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 W22 Rule ID: SV-33136r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass The Windows permissions for all directories specified by DocumentRoot directives should be configured appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 W22 Rule ID: SV-33136r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass The Windows permissions for all directories specified by Alias directives should be configured appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 W22 Rule ID: SV-33136r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass The Windows permissions for all directories specified by ServerRoot directives should be configred appropriately (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 W22 Rule ID: SV-33078r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The Windows permissions of Apache's /config directory should be configred appropriately (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 W22 Rule ID: SV-33078r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The Windows permissions of Apache's /bin directory should be configred appropriately (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 W22 Rule ID: SV-33078r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The Windows permissions of Apache's /logs directory should be configred appropriately (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 W22 Rule ID: SV-33078r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The Windows permissions of Apache's /htdocs directory should be configred appropriately (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 W22 Rule ID: SV-33078r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The requried permssions for the file %SystemRoot%\System32\wscript.exe should be assigned. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the %SystemRoot%\System32\wscript.exe DACL Rule Title: Wscript.exe and Cscript.exe must only be accessible by the SA and/or the web administrator. STIG ID: WG470 W22 Rule ID: SV-33095r1_rule Vuln ID: V-2264 Severity: CAT II Class: Unclass The required permissions for the file %SystemRoot%\System32\cscript.exe should be assigned (1) set of accounts (2) list of permissions (3) applicability (1) defined by the %SystemRoot%\System32\cscript.exe DACL Rule Title: Wscript.exe and Cscript.exe must only be accessible by the SA and/or the web administrator. STIG ID: WG470 W22 Rule ID: SV-33095r1_rule Vuln ID: V-2264 Severity: CAT II Class: Unclass The Apache web server be run with the appropriate privileges. (1) Account type: ( privileged / non privileged ) (1) My Computer / Manage / Configuration / Local Users and Groups / <account name> Rule Title: The web server, although started by superuser or privileged account, must run using a non-privileged account. STIG ID: WG275 W22 Rule ID: SV-36607r1_rule Vuln ID: V-13619 Severity: CAT II Class: Unclass Apache's process ID (PID) file's Windows permissions should be configured appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: The process ID (PID) file must be properly secured. STIG ID: WA00530 W22 Rule ID: SV-33177r1_rule Vuln ID: V-26305 Severity: CAT II Class: Unclass Apache's Scoreboard file's Windows permissions should be configured appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: The ScoreBoard file must be properly secured. STIG ID: WA00535 W22 Rule ID: SV-33178r1_rule Vuln ID: V-26322 Severity: CAT II Class: Unclass The location of the Apache htpasswd file should be set correctly. (1) directory path (1) Directory of htpasswd file L1 14. Authentication Mechanisms p22 The Apache User directive should be set correctly. (1) user name (1) Apache configuration file: User directive L1 8. User Oriented General Directives p13 The Apache Group directive should be set correctly. (1) group name (1) Apache configuration file: Group directive L1 8. User Oriented General Directives p14 The Apache Server Administrator email address should be set correctly. (1) email address (1) 'ServerAdmin' line in Apache configuration file L1 8. User Oriented General Directives p14 The Apache ServerSignature directive should be set appropriately. (1) On/Off/EMail (1) Apache configuration file: ServerSignature directive L1 11. Web Server Software Obfuscation General Directives p17 The Apache runtime rewriting engine should be enabled or disabled as appropriate. (1) off/on (1) Apache configuration file: RewriteEngine directive L1 21. Deny HTTP TRACE Requests with Mod_Rewrite p33 The Apache ErrorDocument directive should be set correctly for HTTP 400 errors. (1) message/document (1) Apache configuration file: 'ErrorDocument 400' directive L1 11. Web Server Software Obfuscation General Directives p17 The ApacheErrorDocument directive should be set correctly for HTTP 401 errors. (1) message/document (1) Apache configuration file: 'ErrorDocument 401' directive L1 11. Web Server Software Obfuscation General Directives p17 The ApacheErrorDocument directive should be set correctly for HTTP 403 errors. (1) message/document (1) Apache configuration file: 'ErrorDocument 403' directive L1 11. Web Server Software Obfuscation General Directives p17 The ApacheErrorDocument directive should be set correctly for HTTP 404 errors. (1) message/document (1) Apache configuration file: 'ErrorDocument 404' directive L1 11. Web Server Software Obfuscation General Directives p17 The ApacheErrorDocument directive should be set correctly for HTTP 405 errors. (1) message/document (1) Apache configuration file: 'ErrorDocument 405' directive L1 11. Web Server Software Obfuscation General Directives p17 The ApacheErrorDocument directive should be set correctly for HTTP 500 errors. (1) message/document (1) Apache configuration file: 'ErrorDocument 500' directive L1 11. Web Server Software Obfuscation General Directives p17 The Apache user account should be locked or unlocked as appropriate. (1) locked/unlocked (1) via /etc/passwd L1 5. Lock Down the Apache Web User Account p11 The Apache user account should be allowed root privileges as appropriate. (1) allowed/not allowed (1) via /etc/passwd L1 4. Create the Apache Web User Account p11 The group membership of the Apache user account should be set correctly. (1) group (1) via /etc/group L1 4. Create the Apache Web User Account p11 The ownership of the Apache /etc/httpd/conf/passwd file should be set correctly. (1) owner (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 The group membership of the Apache /etc/httpd/conf/passwd file should be set correctly. (1) group (1) via chgrp L1 19. Updating Ownership and Permissions for Enhanced Security p27 The permissions for the Apache /etc/httpd/conf/passwd file should be set correctly. (1) permissions (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 The ownership of the Apache /var/www/html file should be set correctly. (1) owner (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 The group membership of the Apache /var/www/html file should be set correctly. (1) group (1) via chgrp L1 19. Updating Ownership and Permissions for Enhanced Security p27 The permissions for the Apache/var/www/html file should be set correctly. (1) permissions (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 The ownership of log files in Apache /var/log/httpd/ should be set correctly. (1) owner (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 The group membership of any Apache files in /var/log/httpd/ should be set correctly. (1) group (1) via chgrp L1 19. Updating Ownership and Permissions for Enhanced Security p27 The permissions of any Apache files in /var/log/httpd/ should be set correctly. (1) permissions (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 The ownership of the Apache /etc/httpd/conf.d file should be set correctly. (1) owner (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 The group membership of the Apache /etc/httpd/conf.d file should be set correctly. (1) group (1) via chgrp L1 19. Updating Ownership and Permissions for Enhanced Security p27 The permissions for the Apache /etc/httpd/conf.d file should be set correctly. (1) permissions (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 The ownership of the Apache /usr/sbin/httpd file should be set correctly. (1) owner (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 The group membership of the Apache /usr/sbin/httpd file should be set correctly. (1) group (1) via chgrp L1 19. Updating Ownership and Permissions for Enhanced Security p27 The permissions for the Apache /usr/sbin/httpd file should be set correctly. (1) permissions (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 The ownership of the Apache /usr/sbin/apachectl file should be set correctly. (1) owner (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 The group membership of the Apache /usr/sbin/apachectl file should be set correctly. (1) group (1) via chgrp L1 19. Updating Ownership and Permissions for Enhanced Security p27 The permissions for the Apache /usr/sbin/apachectl file should be set correctly. (1) permissions (1) via chown L1 19. Updating Ownership and Permissions for Enhanced Security p27 The Allow directive for the specified Directory directive should be configured appropriately. (1) all | hostname/IP address/environment variable (1) Allow directive L1 13. Access Control Directives p21 The Deny directive for the specified Directory directive should be configured appropriately. (1) all | hostname/IP address/environment variable (1) Deny directive L1 13. Access Control Directives p21 The "FollowSymLinks" setting of the DocumentRoot should be enabled or disabled as appropriate. (1) FollowSymLinks / -FollowSymLinks / +FollowSymLinks / None (1) Apache configuration file: Options directive (in DocumentRoot Directory directive) L1 15. Directory Functionality/Features Directives p23 The"Includes" setting of the DocumentRoot should be enabled or disabled as appropriate. (1) Includes / -Includes / +Includes / None (1) Apache configuration file: Options directive (in DocumentRoot Directory directive) L1 15. Directory Functionality/Features Directives p24 The "IncludesNOEXEC" setting of the DocumentRoot should be enabled or disabled as appropriate. (1) IncludesNoExec / -IncludesNoExec / +IncludesNoExec / None (1) Apache configuration file: Options directive (in DocumentRoot Directory directive) L1 15. Directory Functionality/Features Directives p24 The "Indexes" setting of the DocumentRoot should be enabled or disabled as appropriate. (1) Indexes / -Indexes / +Indexes / None (1) Apache configuration file: Options directive (in DocumentRoot Directory directive) L1 15. Directory Functionality/Features Directives p24 The"MultiViews" setting of the DocumentRoot should be enabled or disabled as appropriate. (1) MultiViews / -MultiViews / +MultiViews / None (1) Apache configuration file: Options directive (in DocumentRoot Directory directive) L1 15. Directory Functionality/Features Directives p24-25 testcgi should be installed as appropriate. (1) exist/not exist (1) cgi-script directory L1 18. Remove Default/Unneeded Apache Files p27 Anonymous sharing of Apache's web content directories should be configured appropriately. (1) Set of shares (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares (2) defined by Local or Group Policy Rule Title: Web content directories must not be anonymously shared. STIG ID: WG210 W22 Rule ID: SV-33109r1_rule Vuln ID: V-2226 Severity: CAT II Class: Unclass The Apache AllowOverride directive should be configured appropriately for web site root directories. (1) AuthConfig / FileInfo / Indexes / Limit / Options / All / None (1) Apache configuration file: AllowOverride directive 1.8 Directory Functionality Control with the Options Directive p17 Rule Title: All interactive programs must be placed in a designated directory with appropriate permissions. STIG ID: WG400 W22 Rule ID: SV-36644r1_rule Vuln ID: V-2228 Severity: CAT II Class: Unclass The maximum password age setting for Apache's service account should be configured appropriately. (1) number of days (1) defined by Local or Group Policy Rule Title: The service account used to run the web service must have its password changed at least annually. STIG ID: WG060 W22 Rule ID: SV-36489r1_rule Vuln ID: V-2235 Severity: CAT II Class: Unclass The Apachce "MaxKeepAliveRequests" directive should be configured appropriately. (1) Number value (1) Apache configuration file: MaxKeepAliveRequests directive 1.9.1 Denial of Service Mitigation (Level 1, Scorable) Add or modify the MaxKeepAliveRequests directive in the Apache configuration to have a value of 100 or more. p71 Rule Title: The number of allowed simultaneous requests must be set. STIG ID: WG110 W22 Rule ID: SV-33105r1_rule Vuln ID: V-2240 Severity: CAT II Class: Unclass Rule Title: The number of allowed simultaneous requests must be set. STIG ID: WG110 A22 Rule ID: SV-33018r1_rule Vuln ID: V-2240 Severity: CAT II Class: Unclass All readable Apache web document directories should have their default webpage configured appropriately. (1) exist / not exist (1) Directories (from Apache configuration file: DocumentRoot directive) Rule Title: Each readable web document directory must contain either a default, home, index, or equivalent file. STIG ID: WG170 W22 Rule ID: SV-33107r1_rule Vuln ID: V-2245 Severity: CAT III Class: Unclass Access to Apache's httpd.conf file should be configured appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by (ServerRoot)\conf\httpd.conf's DACL Rule Title: Web administration tools must be restricted to the web manager and the web manager’s designees. STIG ID: WG220 W22 Rule ID: SV-33072r1_rule Vuln ID: V-2248 Severity: CAT II Class: Unclass Apache's log_config_module should be enabled or disabled as appropriate. (1) log_config_module (1) Apache configuration file: LoadModule directive 1.2.2 Enable the Log Config Module (Level 1, Scorable) For dynamically loaded modules, add or modify the LoadModule directive so that it is present in the apache configuration as below and not commented out : LoadModule log_config_module modules/mod_log_config.so p12 Rule Title: Logs of web server access and errors must be established and maintained. STIG ID: WG240 W22 Rule ID: SV-33132r1_rule Vuln ID: V-2250 Severity: CAT II Class: Unclass Rule Title: Logs of web server access and errors must be established and maintained. STIG ID: WG240 A22 Rule ID: SV-33025r1_rule Vuln ID: V-2250 Severity: CAT II Class: Unclass The Windows permissions for all files specified by CustomLog directives should be configured appropriately (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Log file access must be restricted to System Administrators, Web Administrators or Auditors. STIG ID: WG250 W22 Rule ID: SV-33135r1_rule Vuln ID: V-2252 Severity: CAT II Class: Unclass The Windows permissions for all files specified by ErrorLog directives should be configured appropriately (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Log file access must be restricted to System Administrators, Web Administrators or Auditors. STIG ID: WG250 W22 Rule ID: SV-33135r1_rule Vuln ID: V-2252 Severity: CAT II Class: Unclass The Windows permissions of Apache's htpasswd.exe file(s) should be configured appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: The web server’s htpasswd files (if present) must reflect proper ownership and permissions. STIG ID: WG270 W22 Rule ID: SV-36561r1_rule Vuln ID: V-2255 Severity: CAT II Class: Unclass The Windows permissions for all directories specified by ScriptAlias directives should be configured appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 W22 Rule ID: SV-33136r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass The Windows permissions for all directories specified by ScriptAliasMatch directives should be configured appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 W22 Rule ID: SV-33136r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass The Windows permissions for all directories specified by DocumentRoot directives should be configured appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 W22 Rule ID: SV-33136r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass The Windows permissions for all directories specified by Alias directives should be configured appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 W22 Rule ID: SV-33136r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass The Windows permissions for all directories specified by ServerRoot directives should be configred appropriately (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 W22 Rule ID: SV-33078r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The Windows permissions of Apache's /config directory should be configred appropriately (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 W22 Rule ID: SV-33078r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The Windows permissions of Apache's /bin directory should be configred appropriately (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 W22 Rule ID: SV-33078r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The Windows permissions of Apache's /logs directory should be configred appropriately (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 W22 Rule ID: SV-33078r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The Windows permissions of Apache's /htdocs directory should be configred appropriately (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 W22 Rule ID: SV-33078r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The Apache site's robots.txt should be configured to disallow paths and files as appropriate. (1) User-Agent (2) Disallowed path(s)|file(s) (1) robots.txt Rule Title: A private web server must not respond to requests from public search engines. STIG ID: WG310 W22 Rule ID: SV-28798r2_rule Vuln ID: V-2260 Severity: CAT II Class: Unclass Rule Title: A private web server must not respond to requests from public search engines. STIG ID: WG310 A22 Rule ID: SV-33028r1_rule Vuln ID: V-2260 Severity: CAT II Class: Unclass Apache's ssl_module should be enabled or disabled as appropriate. (1) ssl_module (1) Apache configuration file: LoadModule directive 1.7.1 Install mod_ssl and/or mod_nss (Level 1, Scorable) Ensure the mod_ssl and/or mod_nss is loaded in the Apache configuration: # httpd -M | egrep 'ssl_module|nss_module' p59 Rule Title: A private web server must utilize TLS v 1.0 or greater. STIG ID: WG340 W22 Rule ID: SV-14297r4_rule Vuln ID: V-2262 Severity: CAT II Class: Unclass Rule Title: A private web server must utilize TLS v 1.0 or greater. STIG ID: WG340 A22 Rule ID: SV-33029r1_rule Vuln ID: V-2262 Severity: CAT II Class: Unclass The Apache SSLProtocol directive should be configured appropriately. (1) SSLv2 / SSLv3 / TLSv1 / All (1) Apache configuration file: SSLProtocol directive 1.7.4 Restrict weak SSL Protocols and Ciphers (Level 1, Scorable) Add or modify the following line in the Apache server level configuration and every virtual host that is SSL enabled: SSLProtocol -ALL +SSLv3 +TLSv1 p65 Rule Title: A private web server must utilize TLS v 1.0 or greater. STIG ID: WG340 W22 Rule ID: SV-14297r4_rule Vuln ID: V-2262 Severity: CAT II Class: Unclass Rule Title: A private web server must utilize TLS v 1.0 or greater. STIG ID: WG340 A22 Rule ID: SV-33029r1_rule Vuln ID: V-2262 Severity: CAT II Class: Unclass The Apache SSLEngine directive should be configured appropriately. (1) On / Off (1) Apache configuration file: SSLEngine directive Rule Title: A private web server must utilize TLS v 1.0 or greater. STIG ID: WG340 W22 Rule ID: SV-14297r4_rule Vuln ID: V-2262 Severity: CAT II Class: Unclass Rule Title: A private web server must utilize TLS v 1.0 or greater. STIG ID: WG340 A22 Rule ID: SV-33029r1_rule Vuln ID: V-2262 Severity: CAT II Class: Unclass The requried permssions for the file %SystemRoot%\System32\wscript.exe should be assigned. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the %SystemRoot%\System32\wscript.exe DACL Rule Title: Wscript.exe and Cscript.exe must only be accessible by the SA and/or the web administrator. STIG ID: WG470 W22 Rule ID: SV-33095r1_rule Vuln ID: V-2264 Severity: CAT II Class: Unclass The required permissions for the file %SystemRoot%\System32\cscript.exe should be assigned (1) set of accounts (2) list of permissions (3) applicability (1) defined by the %SystemRoot%\System32\cscript.exe DACL Rule Title: Wscript.exe and Cscript.exe must only be accessible by the SA and/or the web administrator. STIG ID: WG470 W22 Rule ID: SV-33095r1_rule Vuln ID: V-2264 Severity: CAT II Class: Unclass The Apache "ServerTokens" directive should be configured appropriately. (1) Prod[uctOnly] / Major / Minor / Min[imal] / OS / Full (1) Apache configuration file: ServerTokens directive 1.8.1 Limit Information in the Server Token (Level 1, Scorable) Add or modify the ServerTokens directive as shown below to have the value of Prod or ProductOnly: ServerTokens Prod page 68 1.16 Software Information Leakage Protection p29 Rule Title: Web server and/or operating system information must be protected. STIG ID: WG520 W22 Rule ID: SV-33098r1_rule Vuln ID: V-6724 Severity: CAT III Class: Unclass Rule Title: Web server and/or operating system information must be protected. STIG ID: WG520 A22 Rule ID: SV-36672r1_rule Vuln ID: V-6724 Severity: CAT III Class: Unclass The Apache web server be run with the appropriate privileges. (1) Account type: ( privileged / non privileged ) (1) My Computer / Manage / Configuration / Local Users and Groups / <account name> Rule Title: The web server, although started by superuser or privileged account, must run using a non-privileged account. STIG ID: WG275 W22 Rule ID: SV-36607r1_rule Vuln ID: V-13619 Severity: CAT II Class: Unclass All Apache's online manual should be available or removed as appropriate. (1) exist / not exist (1) manual in the Server Root directory 1.5.4 Remove Default HTML Content (Level 1, Scorable) Remove the Apache user manual content or comment out configurations referencing the manual # yum erase httpd-manual page 37 Rule Title: All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. STIG ID: WG385 W22 Rule ID: SV-33087r1_rule Vuln ID: V-13621 Severity: CAT I Class: Unclass Rule Title: All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. STIG ID: WG385 A22 Rule ID: SV-32933r1_rule Vuln ID: V-13621 Severity: CAT I Class: Unclass Apache's demo CGI printenv.pl should be available or removed as appropriate (1) exist / not exist (1) (ServerRoot)\cgi-bin\printenv.pl (2) (ServerRoot)/cgi-bin/printenv.pl 1.5.5 Remove Default CGI Content printenv (Level 1, Scorable) Remove the printenv default CGI in cgi-bin directory if it is installed. # rm $APACHE_PREFIX/cgi-bin/printenv page 39 1.18 Remove Default Content p33 Rule Title: All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. STIG ID: WG385 W22 Rule ID: SV-33087r1_rule Vuln ID: V-13621 Severity: CAT I Class: Unclass Rule Title: All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. STIG ID: WG385 A22 Rule ID: SV-32933r1_rule Vuln ID: V-13621 Severity: CAT I Class: Unclass The Apache access log file data should be configured to contain the appropriate data elements. (1) LogFormat Format String (1) Apache configuration file: LogFormat directive 1.6.2 Configure the Access Log (Level 1, Scorable) Add or modify the LogFormat directives in the Apache configuration to use the standard and recommended combined format show as shown below. LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined 1.17 Logging p30 Rule Title: Log file data must contain required data elements. STIG ID: WG242 W22 Rule ID: SV-28654r2_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass Rule Title: Log file data must contain required data elements. STIG ID: WG242 A22 Rule ID: SV-36642r1_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass The Apache "Timeout" directive should be configured appropriately. (1) Number value (in seconds) (1) Apache configuration file: Timeout directive 1.9.1 Denial of Service Mitigation (Level 1, Scorable) Add or modify the Timeout directive in the Apache configuration to have a value of 10 seconds or shorter. Timeout 10 page 71 1.13 Denial of Service Prevention Tuning p21 Rule Title: The Timeout directive must be properly set. STIG ID: WA000-WWA020 W22 Rule ID: SV-32980r1_rule Vuln ID: V-13724 Severity: CAT II Class: Unclass Rule Title: The Timeout directive must be properly set. STIG ID: WA000-WWA020 A22 Rule ID: SV-32977r1_rule Vuln ID: V-13724 Severity: CAT II Class: Unclass The Apache "KeepAlive" directive should be configured appropriately. (1) On / Off (1) Apache configuration file: KeepAlive directive 1.9.1 Denial of Service Mitigation (Level 1, Scorable) Add or modify the KeepAlive directive in the Apache configuration to have a value of On, so that Keepalive connections are enabled. KeepAlive On page 71 1.13 Denial of Service Prevention Tuning p21 Rule Title: The KeepAlive directive must be enabled. STIG ID: WA000-WWA022 W22 Rule ID: SV-32987r1_rule Vuln ID: V-13725 Severity: CAT II Class: Unclass Rule Title: The KeepAlive directive must be enabled. STIG ID: WA000-WWA022 A22 Rule ID: SV-32844r1_rule Vuln ID: V-13725 Severity: CAT II Class: Unclass The Apache "KeepAliveTimeout" directive should be configured appropriately. (1) Number value (in seconds) (1) Apache configuration file: KeepAliveTimeout directive 1.9.1 Denial of Service Mitigation (Level 1, Scorable) Add or modify the KeepAliveTimeout directive in the Apache configuration to have a value of 15 or less. KeepAliveTimeout 15 page 71 1.13 Denial of Service Prevention Tuning p21 Rule Title: The KeepAliveTimeout directive must be defined. STIG ID: WA000-WWA024 W22 Rule ID: SV-32880r1_rule Vuln ID: V-13726 Severity: CAT II Class: Unclass Rule Title: The KeepAliveTimeout directive must be defined. STIG ID: WA000-WWA024 A22 Rule ID: SV-32877r1_rule Vuln ID: V-13726 Severity: CAT II Class: Unclass The Apache "FollowSymLinks" setting for all "Options" directives should be configured appropriately. (1) FollowSymLinks / -FollowSymLinks / +FollowSymLinks / None (1) Apache configuration file: Options directive 1.5.3 Minimize Options for Other Directories (Level 1, Scorable) FollowSymLinks & SymLinksIfOwnerMatch – The following of symbolic links is not recommended and should be disabled if possible. Page 35 Rule Title: The FollowSymLinks setting must be disabled. STIG ID: WA000-WWA052 W22 Rule ID: SV-33001r1_rule Vuln ID: V-13732 Severity: CAT II Class: Unclass Rule Title: The FollowSymLinks setting must be disabled. STIG ID: WA000-WWA052 A22 Rule ID: SV-40129r1_rule Vuln ID: V-13732 Severity: CAT II Class: Unclass The Apache "Includes" setting for all "Options" directives should be configured appropriately. (1) Includes / -Includes / +Includes / None (1) Apache configuration file: Options directive 1.5.3 Minimize Options for Other Directories Includes & IncludesNOEXEC – The IncludesNOEXEC option should only be needed when server side includes are required. The full Includes option should not be used as it also allows execution of arbitrary shell commands. Page 35 Rule Title: Server side includes (SSIs) must run with execution capability disabled. STIG ID: WA000-WWA054 W22 Rule ID: SV-33003r1_rule Vuln ID: V-13733 Severity: CAT I Class: Unclass Rule Title: Server side includes (SSIs) must run with execution capability disabled. STIG ID: WA000-WWA054 A22 Rule ID: SV-32753r1_rule Vuln ID: V-13733 Severity: CAT I Class: Unclass The Apache "IncludesNoExec" setting for all "Options" directives should be configured appropriately. (1) IncludesNoExec / -IncludesNoExec / +IncludesNoExec / None (1) Apache configuration file: Options directive 1.5.3 Minimize Options for Other Directories Includes & IncludesNOEXEC – The IncludesNOEXEC option should only be needed when server side includes are required. The full Includes option should not be used as it also allows execution of arbitrary shell commands. Page 35 Rule Title: Server side includes (SSIs) must run with execution capability disabled. STIG ID: WA000-WWA054 W22 Rule ID: SV-33003r1_rule Vuln ID: V-13733 Severity: CAT I Class: Unclass Rule Title: Server side includes (SSIs) must run with execution capability disabled. STIG ID: WA000-WWA054 A22 Rule ID: SV-32753r1_rule Vuln ID: V-13733 Severity: CAT I Class: Unclass The Apache "MultiViews" setting for all "Options" directives should be configured appropriately. (1) MultiViews / -MultiViews / +MultiViews / None (1) Apache configuration file: Options directive 1.5.3 Minimize Options for Other Directories (Level 1, Scorable) Multiviews – Is appropriate if content negotiation is required such as for multiple language are supported. Page 35 Rule Title: The MultiViews directive must be disabled. STIG ID: WA000-WWA056 W22 Rule ID: SV-33004r1_rule Vuln ID: V-13734 Severity: CAT II Class: Unclass Rule Title: The MultiViews directive must be disabled. STIG ID: WA000-WWA056 A22 Rule ID: SV-32754r1_rule Vuln ID: V-13734 Severity: CAT II Class: Unclass The Apache "Indexes" setting for all "Options" directives should be configured appropriately. (1) Indexes / -Indexes / +Indexes / None (1) Apache configuration file: Options directive 1.5.3 Minimize Options for Other Directories (Level 1, Scorable) Indexes – The Indexes option causes automatic generation of indexes, if the default index page is missing, and should be disabled unless required. Page 35 Rule Title: Directory indexing must be disabled on directories not containing index files. STIG ID: WA000-WWA058 W22 Rule ID: SV-33006r1_rule Vuln ID: V-13735 Severity: CAT II Class: Unclass Rule Title: Directory indexing must be disabled on directories not containing index files. STIG ID: WA000-WWA058 A22 Rule ID: SV-32755r1_rule Vuln ID: V-13735 Severity: CAT II Class: Unclass The Apache "LimitRequestBody" directive should be configured appropriately. (1) Number value (in bytes) (1) Apache configuration file: LimitRequestBody directive 1.9.2 Buffer Overflow Mitigation (Level 2, Scorable) Add or modify the LimitRequestBody directive in the Apache configuration to have a value of 102400 (100K) or less. Please read the Apache documentation so that it is understood that this directive will limit the size of file up-loads to the web server. LimitRequestBody 102400 page 73 1.14 Buffer Overflow Protection Tuning p23 Rule Title: The HTTP request message body size must be limited. STIG ID: WA000-WWA060 W22 Rule ID: SV-33008r1_rule Vuln ID: V-13736 Severity: CAT II Class: Unclass Rule Title: The HTTP request message body size must be limited. STIG ID: WA000-WWA060 A22 Rule ID: SV-32756r1_rule Vuln ID: V-13736 Severity: CAT II Class: Unclass+G66 The Apache "LimitRequestFields" directive should be configured appropriately (1) Number value (1) Apache configuration file: LimitRequestFields directive 1.9.2 Buffer Overflow Mitigation (Level 2, Scorable) Add or modify the LimitRequestFields directive in the Apache configuration to have a value of 100 or less. If the directive is not present the default depends on a compile time configuration, but defaults to a value of 100. LimitRequestFields 100 page 73 1.14 Buffer Overflow Protection Tuning p24 Rule Title: The HTTP request header fields must be limited. STIG ID: WA000-WWA062 W22 Rule ID: SV-33009r1_rule Vuln ID: V-13737 Severity: CAT II Class: Unclass Rule Title: The HTTP request header fields must be limited. STIG ID: WA000-WWA062 A22 Rule ID: SV-32757r1_rule Vuln ID: V-13737 Severity: CAT II Class: Unclass The Apache "LimitRequestFieldSizeBody" directive should be configured appropriately. (1) Number value (in bytes) (1) Apache configuration file: LimitRequestFieldSizeBody directive 1.9.2 Buffer Overflow Mitigation (Level 2, Scorable) Add or modify the LimitRequestFieldsize directive in the Apache configuration to have a value of 1024 or less. LimitRequestFieldsize 1024 page 73 1.14 Buffer Overflow Protection Tuning p24 Rule Title: The HTTP request header field size must be limited. STIG ID: WA000-WWA064 W22 Rule ID: SV-33010r1_rule Vuln ID: V-13738 Severity: CAT II Class: Unclass Rule Title: The HTTP request header field size must be limited. STIG ID: WA000-WWA064 A22 Rule ID: SV-32766r1_rule Vuln ID: V-13738 Severity: CAT II Class: Unclass The Apache "LimitRequestline" directive should be configured appropriatley. (1) Number value (in bytes) (1) Apache configuration file: LimitRequestLine directive 1.9.2 Buffer Overflow Mitigation (Level 2, Scorable) Add or modify the LimitRequestline directive in the Apache configuration to have a value of 512 or shorter. LimitRequestline 512 page 72 1.14 Buffer Overflow Protection Tuning p24 Rule Title: The HTTP request line must be limited. STIG ID: WA000-WWA066 W22 Rule ID: SV-33011r1_rule Vuln ID: V-13739 Severity: CAT II Class: Unclass Rule Title: The HTTP request line must be limited. STIG ID: WA000-WWA066 A22 Rule ID: SV-32768r1_rule Vuln ID: V-13739 Severity: CAT II Class: Unclass The path for Apache sites error log files should be configured appropriately. (1) File path (1) Apache configuration file: ErrorLog directive 1.6.1 Configure the Error Log (Level 1, Scorable) Add an ErrorLog directive if not already configured. The file path may be relative or absolute, or the logs may be configured to be sent to a syslog server. ErrorLog "logs/error_log" Add a similar ErrorLog directive for each virtual host configured if the virtual host will have different people responsible for the web site. Each responsible individual or organization needs access to their own web logs, and needs the skills/training/tools for monitor the logs. page 50 2.5 Syslog Logging p44-45 Rule Title: Error logging must be enabled. STIG ID: WA00605 W22 Rule ID: SV-33147r1_rule Vuln ID: V-26279 Severity: CAT II Class: Unclass Rule Title: Error logging must be enabled. STIG ID: WA00605 A22 Rule ID: SV-33192r1_rule Vuln ID: V-26279 Severity: CAT II Class: Unclass The Apache system logging should be configured appropriately. (1) File path | pipe (2) LogFormat | nickname (1) Apache configuration file: CustomLog directive 1.6.2 Configure the Access Log (Level 1, Scorable) Add or modify the CustomLog directives in the Apache configuration to use the combined format with an appropriate log file, syslog facility or piped logging utility. CustomLog log/access_log combined Add a similar CustomLog directives for each virtual host configured if the virtual host will have different people responsible for the web site. Each responsible individual or organization needs access to their own web logs, and needs the skills/training/tools for monitor the logs. page 51 1.17 Logging p31 Rule Title: System logging must be enabled. STIG ID: WA00615 W22 Rule ID: SV-33151r1_rule Vuln ID: V-26281 Severity: CAT II Class: Unclass Rule Title: System logging must be enabled. STIG ID: WA00615 A22 Rule ID: SV-33206r1_rule Vuln ID: V-26281 Severity: CAT II Class: Unclass The Apache "LogLevel" directive should be configured appropriately. (1) debug / info / notice / warn / error / crit / alert / emerg (1) Apache configuration file: LogLevel directive 1.6.1 Configure the Error Log (Level 1, Scorable) Add or modify the LogLevel in the apache configuration to have a value of notice or lower. Note that is it is compliant to have a value of info or debug if there is a need for a more verbose log and the storage and monitoring processes are capable of handling the extra load. The recommended value is notice. LogLevel notice page 50 1.17 Logging p31 Rule Title: The LogLevel directive must be enabled. STIG ID: WA00620 W22 Rule ID: SV-33153r1_rule Vuln ID: V-26282 Severity: CAT II Class: Unclass Rule Title: The LogLevel directive must be enabled. STIG ID: WA00620 A22 Rule ID: SV-33207r1_rule Vuln ID: V-26282 Severity: CAT II Class: Unclass Web Distributed Authoring and Versioning (WebDav) dav_module should be enabled or disabled as appropriate. (1) dav_module (1) Apache configuration file: LoadModule directive 1.2.3 Disable WebDAV modules (Level 1, Scorable) For dynamically loaded modules comment out or remove the LoadModule directive for mod_dav, and mod_dav_fs modules the from the httpd.conf file. ##LoadModule dav_module modules/mod_dav.so ##LoadModule dav_fs_module modules/mod_dav_fs.so page 13 Rule Title: Web Distributed Authoring and Versioning (WebDAV) must be disabled. STIG ID: WA00505 W22 Rule ID: SV-33169r1_rule Vuln ID: V-26287 Severity: CAT II Class: Unclass Rule Title: Web Distributed Authoring and Versioning (WebDAV) must be disabled. STIG ID: WA00505 A22 Rule ID: SV-33216r1_rule Vuln ID: V-26287 Severity: CAT II Class: Unclass Web Distributed Authoring and Versioning (WebDav) dav_fs_module should be enabled or disabled as appropriate. (1) dav_fs_module (1) Apache configuration file: LoadModule directive 1.2.3 Disable WebDAV modules (Level 1, Scorable) For dynamically loaded modules comment out or remove the LoadModule directive for mod_dav, and mod_dav_fs modules the from the httpd.conf file. ##LoadModule dav_module modules/mod_dav.so ##LoadModule dav_fs_module modules/mod_dav_fs.so page 13 Rule Title: Web Distributed Authoring and Versioning (WebDAV) must be disabled. STIG ID: WA00505 W22 Rule ID: SV-33169r1_rule Vuln ID: V-26287 Severity: CAT II Class: Unclass Rule Title: Web Distributed Authoring and Versioning (WebDAV) must be disabled. STIG ID: WA00505 A22 Rule ID: SV-33216r1_rule Vuln ID: V-26287 Severity: CAT II Class: Unclass Web Distributed Authoring and Versioning (WebDav) dav_lock_module should be enabled or disabled as appropriate. (1) dav_lock_module (1) Apache configuration file: LoadModule directive Rule Title: Web Distributed Authoring and Versioning (WebDAV) must be disabled. STIG ID: WA00505 W22 Rule ID: SV-33169r1_rule Vuln ID: V-26287 Severity: CAT II Class: Unclass Rule Title: Web Distributed Authoring and Versioning (WebDAV) must be disabled. STIG ID: WA00505 A22 Rule ID: SV-33216r1_rule Vuln ID: V-26287 Severity: CAT II Class: Unclass Apache's info_module should be enabled or disabled as appropriate. (1) info_module (1) Apache configuration file: LoadModule directive 1.2.8 Disable Info module (Level 1, Scorable) a) For source builds with static modules run the Apache ./configure script without including the mod_info in the --enable-modules= configure script options. $ cd $DOWNLOAD/httpd-2.2.22 $ ./configure b) For dynamically loaded modules comment out or remove the LoadModule directive for the mod_info module from the httpd.conf file. ##LoadModule info_module modules/mod_info.so Page 18 Rule Title: Web server status module will be disabled. STIG ID: WA00510 W22 Rule ID: SV-33171r1_rule Vuln ID: V-26294 Severity: CAT II Class: Unclass Rule Title: Web server status module will be disabled. STIG ID: WA00510 A22 Rule ID: SV-33218r1_rule Vuln ID: V-26294 Severity: CAT II Class: Unclass Apache's status_module should be enabled or disabled as appropriate. (1) status_module (1) Apache configuration file: LoadModule directive 1.2.4 Disable Status module (Level 1, Scorable) a) For source builds with static modules run the Apache ./configure script with the --disable-status configure script options. $ cd $DOWNLOAD/httpd-2.2.22 $ ./configure --disable-status b) For dynamically loaded modules comment out or remove the LoadModule directive for the mod_status module from the httpd.conf file. ##LoadModule status_module modules/mod_status.so page 14 Rule Title: Web server status module will be disabled. STIG ID: WA00510 W22 Rule ID: SV-33171r1_rule Vuln ID: V-26294 Severity: CAT II Class: Unclass Rule Title: Web server status module will be disabled. STIG ID: WA00510 A22 Rule ID: SV-33218r1_rule Vuln ID: V-26294 Severity: CAT II Class: Unclass Apache's proxy_module should be enabled or disabled as appropriate. (1) proxy_module (1) Apache configuration file: LoadModule directive 1.2.6 Disable Proxy Modules (Level 1, Scorable) a) For source builds with static modules run the Apache ./configure script without including the mod_proxy in the --enable-modules= configure script options. $ cd $DOWNLOAD/httpd-2.2.22 $ ./configure b) For dynamically loaded modules comment out or remove the LoadModule directive for mod_proxy module and all other proxy modules the from the httpd.conf file. ##LoadModule proxy_module modules/mod_proxy.so Page 16 Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 W22 Rule ID: SV-33173r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 A22 Rule ID: SV-33220r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass Apache's proxy_ftp_module should be enabled or disabled as appropriate. (1) proxy_ftp_module (1) Apache configuration file: LoadModule directive 1.2.6 Disable Proxy Modules (Level 1, Scorable) a) For source builds with static modules run the Apache ./configure script without including the mod_proxy in the --enable-modules= configure script options. $ cd $DOWNLOAD/httpd-2.2.22 $ ./configure b) For dynamically loaded modules comment out or remove the LoadModule directive for mod_proxy module and all other proxy modules the from the httpd.conf file. ##LoadModule proxy_ftp_module modules/mod_proxy_ftp.so Page 16 Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 W22 Rule ID: SV-33173r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 A22 Rule ID: SV-33220r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass Apache's proxy_http_module should be enabled or disabled as appropriate. (1) proxy_http_module (1) Apache configuration file: LoadModule directive 1.2.6 Disable Proxy Modules (Level 1, Scorable) a) For source builds with static modules run the Apache ./configure script without including the mod_proxy in the --enable-modules= configure script options. $ cd $DOWNLOAD/httpd-2.2.22 $ ./configure b) For dynamically loaded modules comment out or remove the LoadModule directive for mod_proxy module and all other proxy modules the from the httpd.conf file. ##LoadModule proxy_http_module modules/mod_proxy_http.so Page 16 Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 W22 Rule ID: SV-33173r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 A22 Rule ID: SV-33220r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass Apache's proxy_connect_module should be enabled or disabled as appropriate. (1) proxy_connect_module (1) Apache configuration file: LoadModule directive 1.2.6 Disable Proxy Modules (Level 1, Scorable) a) For source builds with static modules run the Apache ./configure script without including the mod_proxy in the --enable-modules= configure script options. $ cd $DOWNLOAD/httpd-2.2.22 $ ./configure b) For dynamically loaded modules comment out or remove the LoadModule directive for mod_proxy module and all other proxy modules the from the httpd.conf file. ##LoadModule proxy_connect_module modules/mod_proxy_connect.so Page 16 Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 W22 Rule ID: SV-33173r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 A22 Rule ID: SV-33220r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass Apache's proxy_ajp_module should be enabled or disabled as appropriate (1) proxy_ajp_module (1) Apache configuration file: LoadModule directive 1.2.6 Disable Proxy Modules (Level 1, Scorable) a) For source builds with static modules run the Apache ./configure script without including the mod_proxy in the --enable-modules= configure script options. $ cd $DOWNLOAD/httpd-2.2.22 $ ./configure b) For dynamically loaded modules comment out or remove the LoadModule directive for mod_proxy module and all other proxy modules the from the httpd.conf file. ##LoadModule proxy_connect_module modules/mod_proxy_ajp.so Page 16 Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 W22 Rule ID: SV-33173r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 A22 Rule ID: SV-33220r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass Apache's proxy_balancer_module should be enabled or disabled as appropriate. (1) proxy_balancer_module (1) Apache configuration file: LoadModule directive 1.2.6 Disable Proxy Modules (Level 1, Scorable) a) For source builds with static modules run the Apache ./configure script without including the mod_proxy in the --enable-modules= configure script options. $ cd $DOWNLOAD/httpd-2.2.22 $ ./configure b) For dynamically loaded modules comment out or remove the LoadModule directive for mod_proxy module and all other proxy modules the from the httpd.conf file. ##LoadModule proxy_balancer_module modules/mod_proxy_balancer.so Page 16 Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 W22 Rule ID: SV-33173r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 A22 Rule ID: SV-33220r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass User-specific directories should be enabled or disabled as appropriate. (1) userdir_module (1) Apache configuration file: LoadModule directive 1.2.7 Disable User Directories Modules (Level 1, Scorable) 1. For source builds with static modules run the Apache ./configure script with the --disable-userdir configure script options. $ cd $DOWNLOAD/httpd-2.2.22 $ ./configure --disable-userdir 2. For dynamically loaded modules comment out or remove the LoadModule directive for mod_userdir module from the httpd.conf file. ##LoadModule userdir_module modules/mod_userdir.so Page 17 Rule Title: User specific directories must not be globally enabled. STIG ID: WA00525 W22 Rule ID: SV-33175r1_rule Vuln ID: V-26302 Severity: CAT II Class: Unclass Rule Title: User specific directories must not be globally enabled. STIG ID: WA00525 A22 Rule ID: SV-33221r1_rule Vuln ID: V-26302 Severity: CAT II Class: Unclass Apache's process ID (PID) file's Windows permissions should be configured appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: The process ID (PID) file must be properly secured. STIG ID: WA00530 W22 Rule ID: SV-33177r1_rule Vuln ID: V-26305 Severity: CAT II Class: Unclass Apache's Scoreboard file's Windows permissions should be configured appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: The ScoreBoard file must be properly secured. STIG ID: WA00535 W22 Rule ID: SV-33178r1_rule Vuln ID: V-26322 Severity: CAT II Class: Unclass The Order directive for the OS root should be configured appropriately. (1) Allow,Deny / Deny,Allow / Mutual-failure (1) Order directive 1.4.1 Deny Access to OS Root Directory (Level 1, Scorable) Ensure there is a single Order directive and set the value to deny, allow Page 27 Rule Title: The web server must be configured to explicitly deny access to the OS root. STIG ID: WA00540 W22 Rule ID: SV-33180r1_rule Vuln ID: V-26323 Severity: CAT II Class: Unclass Rule Title: The web server must be configured to explicitly deny access to the OS root. STIG ID: WA00540 A22 Rule ID: SV-33226r1_rule Vuln ID: V-26323 Severity: CAT II Class: Unclass The Allow Directive for the OS root should be configured appropriately (1) all | hostname/IP address/environment variable (1) Allow directive 1.4.1 Deny Access to OS Root Directory (Level 1, Scorable) Remove any Allow directives from the root <Directory> element. allow Page 27 1.7 Restricting Access p14-15 Rule Title: The web server must be configured to explicitly deny access to the OS root. STIG ID: WA00540 W22 Rule ID: SV-33180r1_rule Vuln ID: V-26323 Severity: CAT II Class: Unclass Rule Title: The web server must be configured to explicitly deny access to the OS root. STIG ID: WA00540 A22 Rule ID: SV-33226r1_rule Vuln ID: V-26323 Severity: CAT II Class: Unclass The Deny Directive for the OS root should be configured appropriately (1) all | hostname/IP address/environment variable (1) Deny directive 1.4.1 Deny Access to OS Root Directory (Level 1, Scorable) Ensure there is a Deny directive, and set the value to from all. allow Page 27 1.7 Restricting Access p14-15 Rule Title: The web server must be configured to explicitly deny access to the OS root. STIG ID: WA00540 W22 Rule ID: SV-33180r1_rule Vuln ID: V-26323 Severity: CAT II Class: Unclass Rule Title: The web server must be configured to explicitly deny access to the OS root. STIG ID: WA00540 A22 Rule ID: SV-33226r1_rule Vuln ID: V-26323 Severity: CAT II Class: Unclass The Apache "ExecCGI" setting for all "Options" directives for the OS root should be configured appropriately. (1) ExecCGI / -ExecCGI/ +ExecCGI / None (1) Apache configuration file: Options directive (in OS root Directory directive) 1.5.1 Restrict Options for the OS Root Directory (Level 1, Scorable) Set the value for Options to None. Page 33 Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 W22 Rule ID: SV-33182r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclass Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 A22 Rule ID: SV-33213r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclass The Apache "FollowSymLinks" setting for all "Options" directives for the OS root should be configured appropriately. (1) FollowSymLinks / -FollowSymLinks / +FollowSymLinks / None (1) Apache configuration file: Options directive (in OS root Directory directive) 1.5.1 Restrict Options for the OS Root Directory (Level 1, Scorable) Set the value for Options to None. Page 33 Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 W22 Rule ID: SV-33182r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclass Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 A22 Rule ID: SV-33213r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclass The Apache "Includes" setting for all "Options" directives for the OS root should be configured appropriately. (1) Includes / -Includes / +Includes / None (1) Apache configuration file: Options directive (in OS root Directory directive) 1.5.1 Restrict Options for the OS Root Directory (Level 1, Scorable) Set the value for Options to None. Page 33 Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 W22 Rule ID: SV-33182r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclass Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 A22 Rule ID: SV-33213r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclass The Apache "IncludesNoExec" setting for all "Options" directives for the OS root should be configured appropriately. (1) IncludesNoExec / -IncludesNoExec / +IncludesNoExec / None (1) Apache configuration file: Options directive (in OS root Directory directive) 1.5.1 Restrict Options for the OS Root Directory (Level 1, Scorable) Set the value for Options to None. Page 33 Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 W22 Rule ID: SV-33182r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclass Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 A22 Rule ID: SV-33213r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclass The Apache "Indexes" setting for all "Options" directives for the OS root should be configured appropriately. (1) Indexes / -Indexes / +Indexes / None (1) Apache configuration file: Options directive (in OS root Directory directive) 1.5.1 Restrict Options for the OS Root Directory (Level 1, Scorable) Set the value for Options to None. Page 33 Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 W22 Rule ID: SV-33182r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclass Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 A22 Rule ID: SV-33213r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclass The Apache "MultiViews" setting for all "Options" directives for the OS root should be configured appropriately. (1) MultiViews / -MultiViews / +MultiViews / None (1) Apache configuration file: Options directive (in OS root Directory directive) 1.5.1 Restrict Options for the OS Root Directory (Level 1, Scorable) Set the value for Options to None. Page 33 Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 W22 Rule ID: SV-33182r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclass Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 A22 Rule ID: SV-33213r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclass The Apache "SymLinksIfOwnerMatch" setting for all "Options" directives for the OS root should be configured appropriately. (1) SymLinksIfOwnerMatch / -SymLinksIfOwnerMatch / +SymLinksIfOwnerMatch / None (1) Apache configuration file: Options directive (in OS root Directory directive) 1.5.1 Restrict Options for the OS Root Directory (Level 1, Scorable) Set the value for Options to None. Page 33 Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 W22 Rule ID: SV-33182r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclass Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 A22 Rule ID: SV-33213r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclass The Apache "TraceEnable" directive should be configured appropriatley. (1) on / off / extended (1) Apache configuration file: TraceEnable directive 1.5.8 Disable HTTP TRACE Method (Level 1, Scorable) Add a TraceEnable directive to the server level configuration with a value of off. Server level configuration is the top level configuration, not nested within any other directives like <Directory> or <Location>. TraceEnable off Page 42-43 Rule Title: The TRACE method must be disabled. STIG ID: WA00550 W22 Rule ID: SV-33183r1_rule Vuln ID: V-26325 Severity: CAT II Class: Unclass Rule Title: The TRACE method must be disabled. STIG ID: WA00550 A22 Rule ID: SV-33227r1_rule Vuln ID: V-26325 Severity: CAT II Class: Unclass Apache's listening IP address should be configured appropriately. (1) IP-address (1) Apache configuration file: Listen directive 1.9.3 Restrict Listen Directive (Level 2, Scorable) The Apache Listen directive specifies the IP addresses and port numbers the Apache web server will listen for requests. Rather than be unrestricted to listen on all IP addresses available to the system, the specific IP address or addresses intended should be explicitly specified. Specifically a Listen directive with no IP address specified, or with an IP address of zeros should not be used. Page 74 Rule Title: The web server must be configured to listen on a specific IP address and port. STIG ID: WA00555 W22 Rule ID: SV-33184r1_rule Vuln ID: V-26326 Severity: CAT II Class: Unclass Rule Title: The web server must be configured to listen on a specific IP address and port. STIG ID: WA00555 A22 Rule ID: SV-33228r1_rule Vuln ID: V-26326 Severity: CAT II Class: Unclass Apache's listening port should be configured appropriately. (1) port number (1) Apache configuration file: Listen directive 1.9.3 Restrict Listen Directive (Level 2, Scorable) The Apache Listen directive specifies the IP addresses and port numbers the Apache web server will listen for requests. Rather than be unrestricted to listen on all IP addresses available to the system, the specific IP address or addresses intended should be explicitly specified. Specifically a Listen directive with no IP address specified, or with an IP address of zeros should not be used. Page 74 Rule Title: The web server must be configured to listen on a specific IP address and port. STIG ID: WA00555 W22 Rule ID: SV-33184r1_rule Vuln ID: V-26326 Severity: CAT II Class: Unclass Rule Title: The web server must be configured to listen on a specific IP address and port. STIG ID: WA00555 A22 Rule ID: SV-33228r1_rule Vuln ID: V-26326 Severity: CAT II Class: Unclass The ScriptAlias for the specified directory should be configured appropriately. (1) url-path (2) TARGET: directory path (1) Apache configuration file: ScriptAlias directive Rule Title: The URL-path name must be set to the file path name or the directory path name. STIG ID: WA00560 W22 Rule ID: SV-33185r1_rule Vuln ID: V-26327 Severity: CAT II Class: Unclass Rule Title: The URL-path name must be set to the file path name or the directory path name. STIG ID: WA00560 A22 Rule ID: SV-33229r1_rule Vuln ID: V-26327 Severity: CAT II Class: Unclass Automatic directory indexing should be enabled or disabled as appropriate. (1) autoindex_module (1) Apache configuration file: LoadModule directive 1.2.5 Disable Autoindex module (Level 1, Scorable) For source builds with static modules run the Apache ./configure script with the --disable-autoindex configure script options. $ cd $DOWNLOAD/httpd-2.2.22 $ ./configure –disable-autoindex b) For dynamically loaded modules comment out or remove the LoadModule directive for mod_autoindex module the from the httpd.conf file. ## LoadModule autoindex_module modules/mod_autoindex.so Page 14-15 Rule Title: Automatic directory indexing must be disabled. STIG ID: WA00515 W22 Rule ID: SV-33225r1_rule Vuln ID: V-26368 Severity: CAT II Class: Unclass Rule Title: Automatic directory indexing must be disabled. STIG ID: WA00515 A22 Rule ID: SV-33219r1_rule Vuln ID: V-26368 Severity: CAT II Class: Unclass The Apache AllowOverride Directive should be configured appropriately for operating system root directories. (1) AuthConfig / FileInfo / Indexes / Limit / Options / All / None (1) Apache configuration file: AllowOverride directive 1.4.3 Restrict OverRide for the OS Root Directory (Level 1, Scorable) Set the value for AllowOverride to None. Page 30-31 1.8 Directory Functionality Control with the Options Directive p17 Rule Title: The ability to override the access configuration for the OS root directory must be disabled. STIG ID: WA00547 W22 Rule ID: SV-33237r1_rule Vuln ID: V-26393 Severity: CAT II Class: Unclass Rule Title: The ability to override the access configuration for the OS root directory must be disabled. STIG ID: WA00547 A22 Rule ID: SV-33232r1_rule Vuln ID: V-26393 Severity: CAT II Class: Unclass Permitted HTTP request methods should be configured appropriately. (1) methods (2) access control directives (1) Apache configuration file: LimitExecpt directive 1.5.7 Limit HTTP Request Methods (Level 1, Scorable) For normal web server operation, you will typically need to allow only the GET, HEAD and POST request methods. Page 40-41 Rule Title: HTTP request methods must be limited. STIG ID: WA00565 W22 Rule ID: SV-33238r1_rule Vuln ID: V-26396 Severity: CAT II Class: Unclass Rule Title: HTTP request methods must be limited. STIG ID: WA00565 A22 Rule ID: SV-33236r1_rule Vuln ID: V-26396 Severity: CAT II Class: Unclass Anonymous sharing of Apache's web content directories with nfs should be configured appropriately. (1) Set of shares (1) via /etc/exports Rule Title: Web content directories must not be anonymously shared. STIG ID: WG210 A22 Rule ID: SV-33022r1_rule Vuln ID: V-2226 Severity: CAT II Class: Unclass AC-3(4).1 CM-6.1 (ii) CM-7.1 (ii) CCI-001362 CCI-001588 CCI-000381 Anonymous sharing of Apache's web content directories with smb should be configured appropriately. (1) Set of shares (1) via /etc/samba/smb.conf Rule Title: Web content directories must not be anonymously shared. STIG ID: WG210 A22 Rule ID: SV-33022r1_rule Vuln ID: V-2226 Severity: CAT II Class: Unclass File permissions for httpd.conf should be set correctly. (1) permissions (1) via chmod 1.19 Updating Ownership and Permissions p34 Rule Title: Web administration tools must be restricted to the web manager and the web manager’s designees. STIG ID: WG220 A22 Rule ID: SV-32948r1_rule Vuln ID: V-2248 Severity: CAT II Class: Unclass The httpd.conf file should be owned by the appropriate user. (1) user (1) via chown 1.19 Updating Ownership and Permissions p34 Rule Title: Web administration tools must be restricted to the web manager and the web manager’s designees. STIG ID: WG220 A22 Rule ID: SV-32948r1_rule Vuln ID: V-2248 Severity: CAT II Class: Unclass The httpd.conf file should be owned by the appropriate group. (1) group (1) via chown 1.19 Updating Ownership and Permissions p34 Rule Title: Web administration tools must be restricted to the web manager and the web manager’s designees. STIG ID: WG220 A22 Rule ID: SV-32948r1_rule Vuln ID: V-2248 Severity: CAT II Class: Unclass The file permissions for all files specified by CustomLog directives should be configured appropriately (1) permissions (1) via chmod Rule Title: Log file access must be restricted to System Administrators, Web Administrators or Auditors. STIG ID: WG250 A22 Rule ID: SV-33033r1_rule Vuln ID: V-2252 Severity: CAT II Class: Unclass All files specified by CustomLog directives should be owned by the appropriate user (1) user (1) via chown Rule Title: Log file access must be restricted to System Administrators, Web Administrators or Auditors. STIG ID: WG250 A22 Rule ID: SV-33033r1_rule Vuln ID: V-2252 Severity: CAT II Class: Unclass All files specified by CustomLog directives should be owned by the appropriate group (1) group (1) via chown Rule Title: Log file access must be restricted to System Administrators, Web Administrators or Auditors. STIG ID: WG250 A22 Rule ID: SV-33033r1_rule Vuln ID: V-2252 Severity: CAT II Class: Unclass The Unix permissions for all files specified by ErrorLog directives should be configured appropriately (1) permissions (1) via chmod Rule Title: Log file access must be restricted to System Administrators, Web Administrators or Auditors. STIG ID: WG250 A22 Rule ID: SV-33033r1_rule Vuln ID: V-2252 Severity: CAT II Class: Unclass All files specified by ErrorLog directives should be owned by the appropriate user (1) user (1) via chown Rule Title: Log file access must be restricted to System Administrators, Web Administrators or Auditors. STIG ID: WG250 A22 Rule ID: SV-33033r1_rule Vuln ID: V-2252 Severity: CAT II Class: Unclass All files specified by ErrorLog directives should be owned by the appropriate group (1) group (1) via chown Rule Title: Log file access must be restricted to System Administrators, Web Administrators or Auditors. STIG ID: WG250 A22 Rule ID: SV-33033r1_rule Vuln ID: V-2252 Severity: CAT II Class: Unclass The Unix permissions of Apache's htpasswd file should be configured appropriately. (1) permissions (1) via chmod 1.19 Updating Ownership and Permissions p34 Rule Title: The web server’s htpasswd files (if present) must reflect proper ownership and permissions. STIG ID: WG270 A22 Rule ID: SV-36478r1_rule Vuln ID: V-2255 Severity: CAT II Class: Unclass The htpasswd should be owned by the appropriate user. (1) user (1) via chown 1.19 Updating Ownership and Permissions p34 Rule Title: The web server’s htpasswd files (if present) must reflect proper ownership and permissions. STIG ID: WG270 A22 Rule ID: SV-36478r1_rule Vuln ID: V-2255 Severity: CAT II Class: Unclass The htpasswd file should be owned by the appropriate group. (1) group (1) via chown 1.19 Updating Ownership and Permissions p34 Rule Title: The web server’s htpasswd files (if present) must reflect proper ownership and permissions. STIG ID: WG270 A22 Rule ID: SV-36478r1_rule Vuln ID: V-2255 Severity: CAT II Class: Unclass The Unix permissions for all directories specified by ScriptAlias directives should be configured appropriately. (1) permissions (1) via chmod 1.3.5 Apache Directory and File Permissions (Level 1, Scorable) The permission on the Apache directories should be rwxr-xr-x (755) and the file permissions should be similar except not executable if executable is not appropriate. Page 22-23 Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass All directories specified by ScriptAlias directives should be owned by the appropriate user. (1) user (1) via chown 1.3.4 Apache Directory and File Ownership (Level 1, Scorable) The Apache directories and files should be owned by root with the root (or root equivalent) group. Page 21-22 Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass All directories specified by ScriptAlias directives should be owned by the appropriate group. (1) group (1) via chown 1.3.4 Apache Directory and File Ownership (Level 1, Scorable) The Apache directories and files should be owned by root with the root (or root equivalent) group. Page 21-22 Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass The Unix permissions for all directories specified by ScriptAliasMatch directives should be configured appropriately. (1) permissions (1) via chmod 1.3.5 Apache Directory and File Permissions (Level 1, Scorable) The permission on the Apache directories should be rwxr-xr-x (755) and the file permissions should be similar except not executable if executable is not appropriate. Page 22-23 Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass All directories specified by ScriptAliasMatch directives should be owned by the appropriate user. (1) user (1) via chown 1.3.4 Apache Directory and File Ownership (Level 1, Scorable) The Apache directories and files should be owned by root with the root (or root equivalent) group. Page 21-22 Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass All directories specified by ScriptAliasMatch directives should be owned by the appropriate group. (1) group (1) via chown 1.3.4 Apache Directory and File Ownership (Level 1, Scorable) The Apache directories and files should be owned by root with the root (or root equivalent) group. Page 21-22 Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass The Unix permissions for all directories specified by DocumentRoot directives should be configured appropriately. (1) permissions (1) via chmod 1.3.5 Apache Directory and File Permissions (Level 1, Scorable) The permission on the Apache directories should be rwxr-xr-x (755) and the file permissions should be similar except not executable if executable is not appropriate. Page 22-23 Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass All directories specified by DocumentRoot directives should be owned by the appropriate user. (1) user (1) via chown 1.3.4 Apache Directory and File Ownership (Level 1, Scorable) The Apache directories and files should be owned by root with the root (or root equivalent) group. Page 21-22 Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass All directories specified by DocumentRoot directives should be owned by the appropriate group. (1) group (1) via chown 1.3.4 Apache Directory and File Ownership (Level 1, Scorable) The Apache directories and files should be owned by root with the root (or root equivalent) group. Page 21-22 Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass The Unix permissions for all directories specified by Alias directives should be configured appropriately. (1) permissions (1) via chmod 1.3.5 Apache Directory and File Permissions (Level 1, Scorable) The permission on the Apache directories should be rwxr-xr-x (755) and the file permissions should be similar except not executable if executable is not appropriate. Page 22-23 Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass All directories specified by Alias directives should be owned by the appropriate user. (1) user (1) via chown 1.3.4 Apache Directory and File Ownership (Level 1, Scorable) The Apache directories and files should be owned by root with the root (or root equivalent) group. Page 21-22 Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass All directories specified by Alias directives should be owned by the appropriate group. (1) group (1) via chown 1.3.4 Apache Directory and File Ownership (Level 1, Scorable) The Apache directories and files should be owned by root with the root (or root equivalent) group. Page 21-22 Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: Unclass The Unix permissions for all directories specified by ServerRoot directives should be configred appropriately (1) permissions (1) via chmod Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass All directories specified by ServerRoot directives should be owned by the appropriate user. (1) user (1) via chown Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass All directories specified by ServerRoot directives should be owned by the appropriate group. (1) group (1) via chown Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The Unix permissions of Apache's configuration directory should be configred appropriately (1) permissions (1) via chmod 1.3.5 Apache Directory and File Permissions (Level 1, Scorable) The permission on the Apache directories should be rwxr-xr-x (755) and the file permissions should be similar except not executable if executable is not appropriate. Page 22-23 1.19 Updating Ownership and Permissions p34 Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass Apache's configuration directory should be owned by the appropriate user. (1) user (1) via chown 1.3.4 Apache Directory and File Ownership (Level 1, Scorable) The Apache directories and files should be owned by root with the root (or root equivalent) group. Page 21-22 1.19 Updating Ownership and Permissions p34 Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass Apache's configuration directory should be owned by the appropriate group. (1) group (1) via chown 1.3.4 Apache Directory and File Ownership (Level 1, Scorable) The Apache directories and files should be owned by root with the root (or root equivalent) group. Page 21-22 1.19 Updating Ownership and Permissions p34 Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The Unix permissions of Apache's /bin directory should be configred appropriately (1) permissions (1) via chmod 1.3.5 Apache Directory and File Permissions (Level 1, Scorable) Perform the following to set the permissions on the $APACHE_PREFIX directories, and then remove other read permissions on the bin directory and its contents: 23 | P a g e # chmod –R u=rwX,g=rX,o=rX $APACHE_PREFIX # chmod –R u=rwX,g=rX,o=X $APACHE_PREFIX/bin Page 22-23 Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass Apache's /bin directory should be owned by the appropriate user. (1) user (1) via chown 1.3.4 Apache Directory and File Ownership (Level 1, Scorable) The Apache directories and files should be owned by root with the root (or root equivalent) group. Page 21-22 Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass Apache's /bin directory should be owned by the appropriate group. (1) group (1) via chown 1.3.4 Apache Directory and File Ownership (Level 1, Scorable) The Apache directories and files should be owned by root with the root (or root equivalent) group. Page 21-22 Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The Unix permissions of Apache's /logs directory should be configred appropriately (1) permissions (1) via chmod 1.3.5 Apache Directory and File Permissions (Level 1, Scorable) The permission on the Apache directories should be rwxr-xr-x (755) and the file permissions should be similar except not executable if executable is not appropriate. Page 22-23 Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass Apache's /logs directory should be owned by the appropriate user. (1) user (1) via chown 1.3.4 Apache Directory and File Ownership (Level 1, Scorable) The Apache directories and files should be owned by root with the root (or root equivalent) group. Page 21-22 Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass Apache's /logs directory should be owned by the appropriate group. (1) group (1) via chown 1.3.4 Apache Directory and File Ownership (Level 1, Scorable) The Apache directories and files should be owned by root with the root (or root equivalent) group. Page 21-22 Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The Unix permissions of Apache's /htdocs directory should be configred appropriately (1) permissions (1) via chmod 1.3.5 Apache Directory and File Permissions (Level 1, Scorable) The permission on the Apache directories should be rwxr-xr-x (755) and the file permissions should be similar except not executable if executable is not appropriate. … exception in some cases may have a designated group with write access for the Apache web document root ($APACHE_PREFIX/htdocs) are likely to need a designated group to allow web content to be updated. Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass Apache's /htdocs directory should be owned by the appropriate user. (1) user (1) via chown 1.3.4 Apache Directory and File Ownership (Level 1, Scorable) The Apache directories and files should be owned by root with the root (or root equivalent) group. Page 21 Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass Apache's /htdocs directory should be owned by the appropriate group. (1) group (1) via chown 1.3.4 Apache Directory and File Ownership (Level 1, Scorable) the Apache web document root ($APACHE_PREFIX/htdocs) are likely to need a designated group to allow web content to be updated (such as webupdate) through a change management process. Page 21 Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The Unix permissions of Apache's /cgi-bin directory should be configred appropriately (1) permissions (1) via chmod 1.3.5 Apache Directory and File Permissions (Level 1, Scorable) The permission on the Apache directories should be rwxr-xr-x (755) and the file permissions should be similar except not executable if executable is not appropriate. Page 22-23 Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass Apache's /cgi-bin directory should be owned by the appropriate user. (1) user (1) via chown 1.3.4 Apache Directory and File Ownership (Level 1, Scorable) The Apache directories and files should be owned by root with the root (or root equivalent) group. Page 21-22 Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass Apache's /cgi-bin directory should be owned by the appropriate group. (1) group (1) via chown 1.3.4 Apache Directory and File Ownership (Level 1, Scorable) The Apache directories and files should be owned by root with the root (or root equivalent) group. Page 21-22 Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: Unclass The Apache "StartServers" directive should be configured appropriately. (1) Number value (1) Apache configuration file: StartServers directive 1.13 Denial of Service Prevention Tuning p22 Rule Title: The httpd.conf StartServers directive must be set properly. STIG ID: WA000-WWA026 A22 Rule ID: SV-36645r1_rule Vuln ID: V-13727 Severity: CAT II Class: Unclass The Apache "MinSpareServers" directive should be configured appropriately. (1) Number value (1) Apache configuration file: MinSpareServers directive 1.13 Denial of Service Prevention Tuning p22 Rule Title: The httpd.conf MinSpareServers directive must be set properly. STIG ID: WA000-WWA028 A22 Rule ID: SV-36646r1_rule Vuln ID: V-13728 Severity: CAT II Class: Unclass The Apache "MaxSpareServers" directive should be configured appropriately. (1) Number value (1) Apache configuration file: MaxSpareServers directive 1.13 Denial of Service Prevention Tuning p22 Rule Title: The httpd.conf MaxSpareServers directive must be set properly. STIG ID: WA000-WWA030 A22 Rule ID: SV-36648r1_rule Vuln ID: V-13729 Severity: CAT III Class: Unclass The Apache "MaxClients" directive should be configured appropriately. (1) Number value (1) Apache configuration file: MaxClients directive 1.13 Denial of Service Prevention Tuning p22 Rule Title: The httpd.conf MaxClients directive must be set properly. STIG ID: WA000-WWA032 A22 Rule ID: SV-36649r1_rule Vuln ID: V-13730 Severity: CAT II Class: Unclass Apache's process ID (PID) file's Unix permissions should be configured appropriately. (1) permissions (1) via chmod 1.3.8 Pid File Security (Level 1, Scorable) Change the permissions so that the directory is only writable by root, or the user under which apache initially starts up (default is root), Page 25 Rule Title: The process ID (PID) file must be properly secured. STIG ID: WA00530 A22 Rule ID: SV-33222r1_rule Vuln ID: V-26305 Severity: CAT II Class: Unclass Apache's process ID (PID) file should be owned by the appropriate user. (1) user (1) via chown 1.3.8 Pid File Security (Level 1, Scorable) Change the ownership and group to be root:root, if not already. Page 25 Rule Title: The process ID (PID) file must be properly secured. STIG ID: WA00530 A22 Rule ID: SV-33222r1_rule Vuln ID: V-26305 Severity: CAT II Class: Unclass Apache's process ID (PID) file should be owned by the appropriate group. (1) group (1) via chown 1.3.8 Pid File Security (Level 1, Scorable) Change the ownership and group to be root:root, if not already. Page 25 Rule Title: The process ID (PID) file must be properly secured. STIG ID: WA00530 A22 Rule ID: SV-33222r1_rule Vuln ID: V-26305 Severity: CAT II Class: Unclass Apache's Scoreboard file's Unix permissions should be configured appropriately. (1) permissions (1) via chmod 1.3.9 ScoreBoard File Security (Level 1, Scorable) Change the permissions so that the directory is only writable by root, or the user under which apache initially starts up (default is root), Page 26 Rule Title: The ScoreBoard file must be properly secured. STIG ID: WA00535 A22 Rule ID: SV-33223r1_rule Vuln ID: V-26322 Severity: CAT II Class: Unclass Apache's scoreboard file should be owned by the appropriate user. (1) user (1) via chown 1.3.9 ScoreBoard File Security (Level 1, Scorable) Change the ownership and group to be root:root, if not already. Page 26 Rule Title: The ScoreBoard file must be properly secured. STIG ID: WA00535 A22 Rule ID: SV-33223r1_rule Vuln ID: V-26322 Severity: CAT II Class: Unclass Apache's scoreboard (PID) file should be owned by the appropriate group. (1) group (1) via chown 1.3.9 ScoreBoard File Security (Level 1, Scorable) Change the ownership and group to be root:root, if not already. Page 26 Rule Title: The ScoreBoard file must be properly secured. STIG ID: WA00535 A22 Rule ID: SV-33223r1_rule Vuln ID: V-26322 Severity: CAT II Class: Unclass The location of the Apache htpasswd file should be set correctly. (1) directory path (1) Directory of htpasswd file 1.5.10 Restrict Access to .ht* files (Level 1, Scorable) Also a common name for web password and group files is .htpasswd and .htgroup. Neither of these files should be placed in the document root Page 45 The Apache User directive should be set correctly. (1) user name (1) Apache configuration file: User directive 1.3.1 Run the Apache Web Server as a non-root user (Level 1, Scorable) Configure the Apache user and group in the Apache configuration file httpd.conf: User apache Page 19 1.6 Creating the Apache User and Group Accounts p14 The Apache Group directive should be set correctly. (1) group name (1) Apache configuration file: Group directive 1.3.1 Run the Apache Web Server as a non-root user (Level 1, Scorable) Configure the Apache user and group in the Apache configuration file httpd.conf: Group apache Page 19 1.6 Creating the Apache User and Group Accounts p14 The Apache ServerSignature directive should be set appropriately. (1) On/Off/EMail (1) Apache configuration file: ServerSignature directive 1.8.2 Limit Information in the Server Signature (Level 1, Scorable) Add or modify the ServerSignature directive as shown below to have the value of Off: ServerSignature Off Page 68-69 1.16 Software Information Leakage Protection p29 The Apache runtime rewriting engine should be enabled or disabled as appropriate. (1) off/on (1) Apache configuration file: RewriteEngine directive 1.5.9 Restrict HTTP Protocol Versions (Level 1, Scorable) Add the RewriteEngine directive to the configuration within the global server context with the value of on so that the rewrite engine is enabled. RewriteEngine On Page 43-44 1.11 Restrict HTTP Protocol Version p19 The Apache ErrorDocument directive should be set correctly for HTTP 400 errors. (1) message/document (1) Apache configuration file: 'ErrorDocument 400' directive 2.7 Additional Software Information Leakage Protection p50 The ApacheErrorDocument directive should be set correctly for HTTP 401 errors. (1) message/document (1) Apache configuration file: 'ErrorDocument 401' directive 2.7 Additional Software Information Leakage Protection p50 The ApacheErrorDocument directive should be set correctly for HTTP 403 errors. (1) message/document (1) Apache configuration file: 'ErrorDocument 403' directive 2.7 Additional Software Information Leakage Protection p50 The ApacheErrorDocument directive should be set correctly for HTTP 404 errors. (1) message/document (1) Apache configuration file: 'ErrorDocument 404' directive 2.7 Additional Software Information Leakage Protection p50 The ApacheErrorDocument directive should be set correctly for HTTP 405 errors. (1) message/document (1) Apache configuration file: 'ErrorDocument 405' directive 2.7 Additional Software Information Leakage Protection p50 The ApacheErrorDocument directive should be set correctly for HTTP 500 errors. (1) message/document (1) Apache configuration file: 'ErrorDocument 500' directive 2.7 Additional Software Information Leakage Protection p50 The Apache user account should be locked or unlocked as appropriate. (1) locked/unlocked (1) via /etc/passwd 1.3.3 Lock the Apache User Account (Level 1, Scorable) Use the passwd command to lock the apache account: # passwd -l apache Page 21 The Apache user account should be allowed root privileges as appropriate. (1) allowed/not allowed (1) via /etc/passwd 1.3.1 Run the Apache Web Server as a non-root user (Level 1, Scorable) Although Apache typically is started with root privileges in order to listen on port 80 and 443, it can and should run as another non-root user in order to perform the web services. Page 19 1.6 Creating the Apache User and Group Accounts p14 The group membership of the Apache user account should be set correctly. (1) group (1) via /etc/group 1.3.1 Run the Apache Web Server as a non-root user (Level 1, Scorable) Although Apache typically is started with root privileges in order to listen on port 80 and 443, it can and should run as another non-root user in order to perform the web services. Page 19 1.6 Creating the Apache User and Group Accounts p14 The ownership of the Apache /etc/httpd/conf/passwd file should be set correctly. (1) owner (1) via chown 1.19 Updating Ownership and Permissions p34 The group membership of the Apache /etc/httpd/conf/passwd file should be set correctly. (1) group (1) via chgrp 1.19 Updating Ownership and Permissions p34 The permissions for the Apache /etc/httpd/conf/passwd file should be set correctly. (1) permissions (1) via chown 1.19 Updating Ownership and Permissions p34 The ownership of the Apache /var/www/html file should be set correctly. (1) owner (1) via chown 1.19 Updating Ownership and Permissions p34 The group membership of the Apache /var/www/html file should be set correctly. (1) group (1) via chgrp 1.19 Updating Ownership and Permissions p34 The permissions for the Apache/var/www/html file should be set correctly. (1) permissions (1) via chown 1.19 Updating Ownership and Permissions p34 The ownership of log files in Apache /var/log/httpd/ should be set correctly. (1) owner (1) via chown 1.3.6 Core Dump Directory Security (Level 1, Scorable) must be owned by root and have a group ownership of the Apache group (as defined via the Group directive) # chown root:apache /var/log/httpd Page 23 1.19 Updating Ownership and Permissions p34 The group membership of any Apache files in /var/log/httpd/ should be set correctly. (1) group (1) via chgrp 1.3.6 Core Dump Directory Security (Level 1, Scorable) must be owned by root and have a group ownership of the Apache group (as defined via the Group directive) # chown root:apache /var/log/httpd Page 23 1.19 Updating Ownership and Permissions p34 The permissions of any Apache files in /var/log/httpd/ should be set correctly. (1) permissions (1) via chown 1.3.6 Core Dump Directory Security (Level 1, Scorable) must have no read-write-search access permission for other users. # chmod o-rwx /var/log/httpd Page 23 1.19 Updating Ownership and Permissions p34 The ownership of the Apache /etc/httpd/conf.d file should be set correctly. (1) owner (1) via chown 1.19 Updating Ownership and Permissions p34 The group membership of the Apache /etc/httpd/conf.d file should be set correctly. (1) group (1) via chgrp 1.19 Updating Ownership and Permissions p34 The permissions for the Apache /etc/httpd/conf.d file should be set correctly. (1) permissions (1) via chown 1.19 Updating Ownership and Permissions p34 The ownership of the Apache /usr/sbin/httpd file should be set correctly. (1) owner (1) via chown 1.19 Updating Ownership and Permissions p34 The group membership of the Apache /usr/sbin/httpd file should be set correctly. (1) group (1) via chgrp 1.19 Updating Ownership and Permissions p34 The permissions for the Apache /usr/sbin/httpd file should be set correctly. (1) permissions (1) via chown 1.19 Updating Ownership and Permissions p34 The ownership of the Apache /usr/sbin/apachectl file should be set correctly. (1) owner (1) via chown 1.19 Updating Ownership and Permissions p34 The group membership of the Apache /usr/sbin/apachectl file should be set correctly. (1) group (1) via chgrp 1.19 Updating Ownership and Permissions p34 The permissions for the Apache /usr/sbin/apachectl file should be set correctly. (1) permissions (1) via chown 1.19 Updating Ownership and Permissions p34 The "FollowSymLinks" setting of the DocumentRoot should be enabled or disabled as appropriate. (1) FollowSymLinks / -FollowSymLinks / +FollowSymLinks / None (1) Apache configuration file: Options directive (in DocumentRoot Directory directive) 1.5.2 Restrict Options for the Web Root Directory (Level 1, Scorable) Add or modify any existing Options directive to have a value of None or Multiviews, if multiviews are needed. Page 34 1.8 Directory Functionality Control with the Options Directive p16 The"Includes" setting of the DocumentRoot should be enabled or disabled as appropriate. (1) Includes / -Includes / +Includes / None (1) Apache configuration file: Options directive (in DocumentRoot Directory directive) 1.5.2 Restrict Options for the Web Root Directory (Level 1, Scorable) Add or modify any existing Options directive to have a value of None or Multiviews, if multiviews are needed. Page 34 1.8 Directory Functionality Control with the Options Directive p16 The "IncludesNOEXEC" setting of the DocumentRoot should be enabled or disabled as appropriate. (1) IncludesNoExec / -IncludesNoExec / +IncludesNoExec / None (1) Apache configuration file: Options directive (in DocumentRoot Directory directive) 1.5.2 Restrict Options for the Web Root Directory (Level 1, Scorable) Add or modify any existing Options directive to have a value of None or Multiviews, if multiviews are needed. Page 34 1.8 Directory Functionality Control with the Options Directive p16 The "Indexes" setting of the DocumentRoot should be enabled or disabled as appropriate. (1) Indexes / -Indexes / +Indexes / None (1) Apache configuration file: Options directive (in DocumentRoot Directory directive) 1.5.2 Restrict Options for the Web Root Directory (Level 1, Scorable) Add or modify any existing Options directive to have a value of None or Multiviews, if multiviews are needed. Page 34 1.8 Directory Functionality Control with the Options Directive p16 The"MultiViews" setting of the DocumentRoot should be enabled or disabled as appropriate. (1) MultiViews / -MultiViews / +MultiViews / None (1) Apache configuration file: Options directive (in DocumentRoot Directory directive) 1.5.2 Restrict Options for the Web Root Directory (Level 1, Scorable) Add or modify any existing Options directive to have a value of None or Multiviews, if multiviews are needed. Page 34 1.8 Directory Functionality Control with the Options Directive p17 The "ExecCGI" setting of the DocumentRoot should be enabled or disabled as appropriate. (1) ExecCGI / -ExecCGI/ +ExecCGI / None (1) Apache configuration file: Options directive (in DocumentRoot Directory directive) 1.5.2 Restrict Options for the Web Root Directory (Level 1, Scorable) Add or modify any existing Options directive to have a value of None or Multiviews, if multiviews are needed. Page 34 1.8 Directory Functionality Control with the Options Directive p16 The Order directive for all DocumentRoot directives should be configured appropriately. (1) Allow,Deny / Deny,Allow / Mutual-failure (1) Apache configuration file: Order directive (in DocumentRoot Directory directive) 1.5.7 Limit HTTP Request Methods (Level 1, Scorable) Search for the <Directory> directive on the document root directory … Ensure that the access control order within the <Directory> directive is allow, deny. Order allow,deny Page 41 1.7 Restricting Access p15 The Order directive for the specified Directory directive should be configured appropriately. (1) Allow,Deny / Deny,Allow / Mutual-failure (1) TARGET: Directory directive (2) Apache configuration file: Order directive 1.4.2 Allow Appropriate Access to Web Content (Level 1, Not Scorable) Search the Apache configuration files (httpd.conf and any included configuration files) to find all <Directory> and <Location> elements … Add a single Order directive and set the value to deny, allow. Page 28-29 1.7 Restricting Access p15 The Allow directive for the specified Directory directive should be configured appropriately. (1) all | hostname/IP address/environment variable (1) Allow directive 1.4.2 Allow Appropriate Access to Web Content (Level 1, Not Scorable) Search the Apache configuration files (httpd.conf and any included configuration files) to find all <Directory> and <Location> elements … Include the appropriate Allow and Deny directives, with values that are appropriate for the purposes of the directory. Page 28-29 1.7 Restricting Access p14-15 The Deny directive for the specified Directory directive should be configured appropriately. (1) all | hostname/IP address/environment variable (1) Deny directive 1.4.2 Allow Appropriate Access to Web Content (Level 1, Not Scorable) Search the Apache configuration files (httpd.conf and any included configuration files) to find all <Directory> and <Location> elements … Include the appropriate Allow and Deny directives, with values that are appropriate for the purposes of the directory. Page 28-29 1.7 Restricting Access p14-15 testcgi should be installed as appropriate. (1) exist/not exist (1) cgi-script directory 1.5.6 Remove Default CGI Content test-cgi (Level 1, Scorable) Remove the test-cgi default CGI in cgi-bin directory if it is installed. # rm $APACHE_PREFIX/cgi-bin/test-cgi Page 39-40 1.18 Remove Default Content p33 The "Allow basic authentication" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType AllowBasicAuthentication |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Allow simple passwords" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType AllowSimplePasswords |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Allow unmanaged devices" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType AllowUnmanagedDevices |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Configure dial plan security" setting should be configured correctly. Unsecured, SIPSecured, Secured (1) Powershell: Get-ExchangeConfiguration -configType DialPlanSecure |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Configure login authentication for IMAP4" setting should be configured correctly. PlainTextLogin, PlainTextAuthentication, SecureLogin (1) Powershell: Get-ExchangeConfiguration -configType IMAP4LoginType |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Configure login authentication for POP3" setting should be configured correctly. PlainTextLogin, PlainTextAuthentication, SecureLogin (1) Powershell: Get-ExchangeConfiguration -configType POP3LoginType |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Configure Protocol logging" setting should be configured correctly. Verbose, None (1) Powershell: Get-ExchangeConfiguration -configType ProtocolLogging |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Configure Sender Filtering" setting should be configured correctly. StampStatus, Reject (1) Powershell: Get-ExchangeConfiguration -configType SenderFiltering |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Do not permamently delete items until the database has been backed up" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType RetainDeletedItemsUntilBackup |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Enable automatic forwards to remote domains" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType AutomaticForwardsRemoteDomains |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Enable automatic replies to remote domains" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType AutomaticRepliesRemoteDomains |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Enable non-delivery reports to remote domains" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType NonDeliveryReportsRemoteDomains |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Enable OOF messages to remote domains" setting should be configured correctly. External, ExternalLegacy, None, and InternalLegacy (1) Powershell: Get-ExchangeConfiguration -configType OofMessagesRemoteDomains |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Enable S/MIME for OWA 2007" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType SMimeEnabled2007 |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Enable Sender ID agent" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType SenderID |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Enable Sender Reputation" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType SenderReputation |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Enforce Password History" setting should be configured correctly. 0 - 50 passwords (1) Powershell: Get-ExchangeConfiguration -configType EnforcePasswordHistory |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "External send connector authentication: DNS Routing" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType ExternalSendConnectorAuthDNSRoutingEnabled |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "External send connector authentication: Domain Security" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType ExternalSendConnectorAuthDomainSecureEnabled |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "External send connector authentication: Ignore Start TLS" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType ExternalSendConnectorAuthIgnoreSTARTTLS |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Keep deleted mailboxes for the specified number of days" setting should be configured correctly. 0 - 24855 Days (1) Powershell: Get-ExchangeConfiguration -configType KeepDeletedMailboxes |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Mailbox quotas: Issue warning at" setting should be configured correctly. 0 - 2147483647 KB (1) Powershell: Get-ExchangeConfiguration -configType MailboxApproachingStorageLimitWarning |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Mailbox quotas: Prohibit send and receive at" setting should be configured correctly. 0 - 2147483647 KB (1) Powershell: Get-ExchangeConfiguration -configType ProhibitSendReceiveQuota |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Mailbox quotas: Prohibit send at" setting should be configured correctly. 0 - 2147483647 KB (1) Powershell: Get-ExchangeConfiguration -configType ProhibitSendQuota |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Maximum number of recipients - organization level" setting should be configured correctly. 0 - 2147483647 recipients (1) Powershell: Get-ExchangeConfiguration -configType MaximumNumberRecipients |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Maximum receive size - connector level" setting should be configured correctly. 64 - 2147483647 KB (1) Powershell: Get-ExchangeConfiguration -configType MaximumReceiveSizeConnector |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Maximum receive size - organization level" setting should be configured correctly. 0 - 2097151 KB (1) Powershell: Get-ExchangeConfiguration -configType MaximumReceiveSizeOrganization |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Maximum send size - connector level" setting should be configured correctly. 64 - 2147483647 KB (1) Powershell: Get-ExchangeConfiguration -configType MaximumSendSizeConnector |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Maximum send size - organization level" setting should be configured correctly. 0 - 2097151 KB (1) Powershell: Get-ExchangeConfiguration -configType MaximumSendSizeOrganization |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Message tracking logging - Mailbox" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType MessageTrackingLoggingMailbox |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Message tracking logging - Transport" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType MessageTrackingLoggingTransport |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Active Directory Topology" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Active Directory Topology (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeADTopology\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange ADAM" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange ADAM (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ADAM_MSExchange\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Anti-spam Update" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Anti-spam Update (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeAntispamUpdate\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Credential Service (Exchange 2007)" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Credential Service (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EdgeCredentialSvc\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange EdgeSync Service" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange EdgeSync Service (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeEdgeSync\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange File Distribution" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange File Distribution (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeFDS\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange IMAP4" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange IMAP4 (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIMAP4\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Information Store" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Information Store (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Mail Submission Service" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Mail Submission Service (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeMailSubmission\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Mailbox Assistants" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Mailbox Assistants (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeMailboxAssistants\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Monitoring" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Monitoring (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeMonitoring\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange POP3" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange POP3 (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangePOP3\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Replication Service" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Replication Service (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeRepl\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Search Indexer" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Search Indexer (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSearch\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Server Extension for Windows Server Backup" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Server Extension for Windows Server Backup (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wsbexchange\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Service Host" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Service Host (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeServiceHost\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Speech Engine Service" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Speech Engine Service (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSSpeechService\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange System Attendant" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange System Attendant (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Transport" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Transport (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeTransport\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Transport Log Search" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Transport Log Search (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeTransportLogSearch\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Unified Messaging" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Unified Messaging (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeUM\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Search (Exchange)" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Search (Exchange) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msftesql-Exchange\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Minimum password length" setting should be configured correctly. 1 - 16 (1) Powershell: Get-ExchangeConfiguration -configType MinimumPasswordLength |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Mount database at startup" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType MountDatabaseAtStartup |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Number of attempts allowed" setting should be configured correctly. 4 - 16 Attempts (1) Powershell: Get-ExchangeConfiguration -configType NumberAttemptsAllowed |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Password Expiration" setting should be configured correctly. 1:00:00:00 - 730:00:00:00 Days (1) Powershell: Get-ExchangeConfiguration -configType PasswordExpiration |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Refresh interval" setting should be configured correctly. 0 - 596523 Hours (1) Powershell: Get-ExchangeConfiguration -configType RefreshInterval |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Require alphanumeric password" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType RequireAlphanumericPassword |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Require Client Certificates" setting should be configured correctly. Ignore, Accepted, or Required (1) Powershell: Get-ExchangeConfiguration -configType RequireClientCertificates |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Require encryption on device" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType RequireEncryptionOnDevice |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Require password" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType RequirePassword |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Retain deleted items for the specified number of days" setting should be configured correctly. 0 - 30 Days (1) Powershell: Get-ExchangeConfiguration -configType DeletedItemRetention |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Time without user input before password must be re-entered" setting should be configured correctly. 1 - 60 Minutes (1) Powershell: Get-ExchangeConfiguration -configType MaxInactivityTimeDeviceLock |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Turn on Connectivity logging" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType ConnectivityLogging |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Turn on script execution" setting should be configured correctly. Restricted/ AllSigned/ RemoteSigned/ Unrestricted (1) Powershell: Get-ExchangeConfiguration -configType ExecutionPolicy |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Allow access to voicemail without requiring a PIN" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType PinlessAccessToVoicemail |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Allow basic authentication" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType AllowBasicAuthentication |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Allow simple passwords" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType AllowSimplePasswords |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Allow unmanaged devices" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType AllowUnmanagedDevices |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Configure dial plan security" setting should be configured correctly. Unsecured, SIPSecured, Secured (1) Powershell: Get-ExchangeConfiguration -configType DialPlanSecure |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Configure login authentication for IMAP4" setting should be configured correctly. PlainTextLogin, PlainTextAuthentication, SecureLogin (1) Powershell: Get-ExchangeConfiguration -configType IMAP4LoginType |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Configure login authentication for POP3" setting should be configured correctly. PlainTextLogin, PlainTextAuthentication, SecureLogin (1) Powershell: Get-ExchangeConfiguration -configType POP3LoginType |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Configure Protocol logging" setting should be configured correctly. Verbose, None (1) Powershell: Get-ExchangeConfiguration -configType ProtocolLogging |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Configure Sender Filtering" setting should be configured correctly. StampStatus, Reject (1) Powershell: Get-ExchangeConfiguration -configType SenderFiltering |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Configure startup mode" setting should be configured correctly. TCP, Dual, TLS (1) Powershell: Get-ExchangeConfiguration -configType UMStartupMode |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Do not permamently delete items until the database has been backed up" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType RetainDeletedItemsUntilBackup |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Enable automatic forwards to remote domains" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType AutomaticForwardsRemoteDomains |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Enable automatic replies to remote domains" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType AutomaticRepliesRemoteDomains |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Enable non-delivery reports to remote domains" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType NonDeliveryReportsRemoteDomains |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Enable OOF messages to remote domains" setting should be configured correctly. External, ExternalLegacy, None, and InternalLegacy (1) Powershell: Get-ExchangeConfiguration -configType OofMessagesRemoteDomains |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Enable S/MIME for OWA 2010" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType SMimeEnabled2010 |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Enable Sender ID agent" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType SenderID |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Enable Sender Reputation" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType SenderReputation |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Enforce Password History" setting should be configured correctly. 0-50 passwords (1) Powershell: Get-ExchangeConfiguration -configType EnforcePasswordHistory |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "External send connector authentication: DNS Routing" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType ExternalSendConnectorAuthDNSRoutingEnabled |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "External send connector authentication: Domain Security" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType ExternalSendConnectorAuthDomainSecureEnabled |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "External send connector authentication: Ignore Start TLS" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType ExternalSendConnectorAuthIgnoreSTARTTLS |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Keep deleted mailboxes for the specified number of days" setting should be configured correctly. 0 - 24855 days (1) Powershell: Get-ExchangeConfiguration -configType KeepDeletedMailboxes |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Mailbox quotas: Issue warning at" setting should be configured correctly. 0 - 2147483647 KB (1) Powershell: Get-ExchangeConfiguration -configType MailboxApproachingStorageLimitWarning |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Mailbox quotas: Prohibit send and receive at" setting should be configured correctly. 0 - 2147483647 KB (1) Powershell: Get-ExchangeConfiguration -configType ProhibitSendReceiveQuota |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Mailbox quotas: Prohibit send at" setting should be configured correctly. 0 - 2147483647 KB (1) Powershell: Get-ExchangeConfiguration -configType ProhibitSendQuota |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Maximum number of recipients - organization level" setting should be configured correctly. 0 - 2147483647 recipients (1) Powershell: Get-ExchangeConfiguration -configType MaximumNumberRecipients |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Maximum receive size - connector level" setting should be configured correctly. 64 - 2147483647 KB (1) Powershell: Get-ExchangeConfiguration -configType MaximumReceiveSizeConnector |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Maximum receive size - organization level" setting should be configured correctly. 0 - 2097151 KB (1) Powershell: Get-ExchangeConfiguration -configType MaximumReceiveSizeOrganization |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Maximum send size - connector level" setting should be configured correctly. 64 - 2147483647 KB (1) Powershell: Get-ExchangeConfiguration -configType MaximumSendSizeConnector |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Maximum send size - organization level" setting should be configured correctly. 0 - 2097151 KB (1) Powershell: Get-ExchangeConfiguration -configType MaximumSendSizeOrganization |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Message tracking logging - Mailbox" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType MessageTrackingLoggingMailbox |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Message tracking logging - Transport" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType MessageTrackingLoggingTransport |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Active Directory Topology" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Active Directory Topology (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeADTopology\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange ADAM" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange ADAM (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ADAM_MSExchange\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Address Book" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Address Book (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeAB\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Anti-spam Update" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Anti-spam Update (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeAntispamUpdate\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Credential Service (Exchange 2010)" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Credential Service (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeEdgeCredential\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange EdgeSync Service" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange EdgeSync Service (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeEdgeSync\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange File Distribution" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange File Distribution (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeFDS\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Forms-Based Authentication service" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Forms-Based Authentication service (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeFBA\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange IMAP4" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange IMAP4 (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIMAP4\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Information Store" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Information Store (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Mail Submission Service" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Mail Submission Service (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeMailSubmission\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Mailbox Assistants" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Mailbox Assistants (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeMailboxAssistants\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Mailbox Replication" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Mailbox Replication (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeMailboxReplication\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Monitoring" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Monitoring (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeMonitoring\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange POP3" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange POP3 (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangePOP3\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Protected Service Host" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Protected Service Host (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeProtectedServiceHost\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Replication Service" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Replication Service (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeRepl\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange RPC Client Access" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange RPC Client Access (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeRPC\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Search Indexer" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Search Indexer (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSearch\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Server Extension for Windows Server Backup" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Server Extension for Windows Server Backup (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wsbexchange\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Service Host" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Service Host (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeServiceHost\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Speech Engine Service" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Speech Engine Service (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSSpeechService\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange System Attendant" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange System Attendant (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Throttling" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Throttling (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeThrottling\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Transport" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Transport (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeTransport\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Transport Log Search" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Transport Log Search (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeTransportLogSearch\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Exchange Unified Messaging" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Unified Messaging (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeUM\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The machine setting for the startup type of the "Microsoft Search (Exchange)" service should be configured correctly. Automatic = 2, Manual=3, Disabled=4 (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Search (Exchange) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msftesql-Exchange\Start Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Minimum password length" setting should be configured correctly. 1 to 16 characters (1) Powershell: Get-ExchangeConfiguration -configType MinimumPasswordLength |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Mount database at startup" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType MountDatabaseAtStartup |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Number of attempts allowed" setting should be configured correctly. 4 - 16 Attempts (1) Powershell: Get-ExchangeConfiguration -configType NumberAttemptsAllowed |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Password Expiration" setting should be configured correctly. 1:00:00:00 - 730:00:00:00 Days (1) Powershell: Get-ExchangeConfiguration -configType PasswordExpiration |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Refresh interval" setting should be configured correctly. 0 - 596523 Hours (1) Powershell: Get-ExchangeConfiguration -configType RefreshInterval |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Require alphanumeric password" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType RequireAlphanumericPassword |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Require Client Certificates" setting should be configured correctly. Ignore, Accepted, or Required (1) Powershell: Get-ExchangeConfiguration -configType RequireClientCertificates |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Require client MAPI encryption" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType RequireClientMAPIEncryption |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Require encryption on device" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType RequireEncryptionOnDevice |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Require password" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType RequirePassword |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Retain deleted items for the specified number of days" setting should be configured correctly. 0 - 30 Days (1) Powershell: Get-ExchangeConfiguration -configType DeletedItemRetention |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Time without user input before password must be re-entered" setting should be configured correctly. 1 - 60 Minutes (1) Powershell: Get-ExchangeConfiguration -configType MaxInactivityTimeDeviceLock |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Turn on Administrator Audit Logging" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType AdministratorAuditLogging |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Turn on Connectivity logging" setting should be configured correctly. True/False (1) Powershell: Get-ExchangeConfiguration -configType ConnectivityLogging |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID The "Turn on script execution" setting should be configured correctly. Restricted/ AllSigned/ RemoteSigned/ Unrestricted (1) Powershell: Get-ExchangeConfiguration -configType ExecutionPolicy |Select-Object -Property SettingData Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID /export/home should be configured on an appropriate filesystem logical volume logical volume via fstab 10.8.10.4.2.1 (5) /var should be configured on an appropriate filesystem logical volume logical volume via fstab 10.8.10.4.2.1 (5) /opt should be configured on an appropriate filesystem logical volume logical volume via fstab 10.8.10.4.2.1 (5) The shell for the root account should be located on the appropriate filesystem filesystem via /etc/passwd 10.8.10.4.2.1 (6) Core dump size limits should be set appropriately Size (0 to disable core dumps) via /etc/security/limits via ulimit 10.8.10.4.4 (3) The read-only SNMP community string should be set appropriately. string via /etc/snmp.conf 10.8.10.5.1 (1) c) The read/write SNMP community string should be set appropriately. string via /etc/snmp.conf 10.8.10.5.1 (1) c) Password policy should ban or allow usernames or UIDs in passwords as appropriate ban/allow 10.8.10.5.1 a) Password policy should ban or allow words found in a dictionary as appropriate. ban/allow via /etc/security/user 10.8.10.5.1 (2) a) Password policy should enforce the correct amount of special characters number of special characters via /etc/security/user 10.8.10.5.1 (2) a) Password policy should enforce or not enforce the requirement to have mixed case passwords as appropriate. enforce/not enforce via /etc/security/user 10.8.10.5.1 (2) a) The minimum password age should be set as appropriate number of days via /etc/security/user 10.8.10.5.1 (2) b) The minimum required password length should be set as appropriate number of characters via /etc/security/user 10.8.10.5.1 (2) c) Password history should be saved for an appropriate number of password changes number of password changes via /etc/security/user 10.8.10.5.1 (2) d) The number of consecutive failed login attempts required to trigger a lockout should be set as appropriate number of consecutive failed login attempts via /etc/security/user 10.8.10.5.1 (2) e) Login access to accounts without passwords should be enabled or disabled as appropriate enabled/disabled via passwd via /etc/shadow 10.8.10.5.1 (2) f) New users should be required or not required to change their password on first login as appropriate required/not required via /etc/security/passwd 10.8.10.5.1 (2) g) Access to single-user mode (maintainence mode) should require the root password or not as appropriate required/not required 10.8.10.5.1 (3) The delay between failed logins should be set as appropriate number of seconds 10.8.10.5.1 (5) All files should be owned by an existing account or not as appropriate. existing account required / existing account not required via chown 10.8.10.5.2 (3) All files should be owned by an existing group or not as appropriate. existing group required / existing group not required via chgrp via chown 10.8.10.5.2 (3) The console login banner should be set appropriately. banner text or null via /etc/security/login.cfg via /etc/motd 10.8.10.5.2 (5) a) The SSH login banner should be set appropriately. banner text or null via sshd.conf 10.8.10.5.2 (5) b) The telnet login banner should be set appropriately. banner text or null via telnetd 10.8.10.5.2 (5) c) The ftp login banner should be set appropriately. banner text or null 10.8.10.5.2 (5) d) The graphical login banner should be set appropriately. banner text or null via Xwindows 10.8.10.5.2 (5) e) Accounts other than root should be allowed to have the UID 0 or not as appropriate allowed/not allowed via passwd via /etc/passwd 10.8.10.5.2.1 (2) a) Accounts other than root and locked system accounts should be allowed to have a GID of 0 or not as appropriate allowed/not allowed via passwd via /etc/passwd 10.8.10.5.2.1 (2) b) Each account should be assigned a unique UID or not as appropriate unique/not unique via /etc/passwd 10.8.10.5.2.4 (3) The ftp account should exist or not as appropriate exist/not exist via /etc/passwd 10.8.10.5.2.4 (9) Login accounts should include an appropriate GECOS identifier or no GECOS identifier GECOS value, null via /etc/passwd 10.8.10.5.2.4.1 (1) The screen lock should activate after an appropriate period of inactivity number of minutes via Xscreensaver via dtsession 10.8.10.5.2.5 (1) File permissions should be set appropriately for all shell executables. permissions via chmod 10.8.10.5.2.6 (1) Remote (serial) consoles should be enabled or disabled as appropriate. enabled/disabled via inittab 10.8.10.5.2.6 (3) Root logins should be restricted to the console or not as appropriate. restricted/not restricted 10.8.10.5.2.6 (4) .netrc files should exist or not as appropriate for all users. exist/not exist via filesystem 10.8.10.5.2.6 (6) .rhosts files should exist or not as appropriate for all users. exist/not exist via filesystem 10.8.10.5.2.6 (6) .shosts files should exist or not as appropriate for all users. exist/not exist via filesystem 10.8.10.5.2.6 (6) The /etc/hosts.equiv file should exist or not as appropriate. exist/not exist via filesystem 10.8.10.5.2.6 (6) The /etc/shells file should exist or not as appropriate exist/not exist via /etc/shells 10.8.10.5.2.6 (11) Shells referenced in /etc/passwd should be included in /etc/shells or not as appropriate included/not included via /etc/shells 10.8.10.5.2.6 (12) The use of NIS special characters (+ or -) in the first field of the /etc/passwd file should be allowed or disallowed as appropriate. allowed/not allowed via Text editor 10.8.10.5.2.6 (7) The use of NIS special characters (+ or -) in the first field of the /etc/shadow file should be allowed or disallowed as appropriate. allowed/not allowed via Text editor 10.8.10.5.2.6 (7) The use of NIS special characters (+ or -) in the first field of the /etc/group file should be allowed or disallowed as appropriate. allowed/not allowed via Text editor 10.8.10.5.2.6 (7) Groups referenced in /etc/passwd should be included in /etc/group or not as appropriate. included/not included via /etc/group 10.8.10.5.2.6 (15) The home directory for the root account should be set appropriately. path via /etc/passwd 10.8.10.5.2.6 (16) The home directory for each user account should be set appropriately. path via /etc/passwd via /usr/sbin/useradd via /etc/default/useradd 10.8.10.5.2.6 (17) Home directories referenced in /etc/passwd should exist or not as appropriate exist/not exist via filesystem 10.8.10.5.2.6 (18) All device files should be located inside an appropriate path path via filesystem 10.8.10.5.2.6 (24) The ntpd service should be enabled or disabled as appropriate. enabled/disabled via RC scripts 10.8.10.5.3 (3) The Network Time Protocol (ntp) synchronization server should be set appropriately. timeserver via ntpd.conf The default gateway should be set appropriately. IP address/disabled via /etc/default/route.conf via /etc/gated.conf 10.8.10.5.4.1 (4) The inetd service should be enabled or disabled as appropriate. enabled/disabled via RC scripts 10.8.10.5.4.1 (5) echo service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #1 netstat service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #2 rcp service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #3 chargen service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #4 finger service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #5 tftpd service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #6 walld service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #7 rstatd service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #8 sprayd service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #9 rusersd service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #10 rlogin service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #11 rsh service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #12 ftp service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #13 telnet service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #14 DEPRECATED. inn service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #16 uucp service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #17 rexec service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #18 font-service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #20 imap2 service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #21 pop3 service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #22 ident service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #23 rexd service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #24 daytime service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #26 dtspc (cde-spc) service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #27 rquotad service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #28 cmsd service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #29 tooltalk service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #30 xdmcp service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #31 discard service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #32 DEPRECATED. vino-server service should be enabled or disabled as appropriate enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1 (11) #34 The bind service should be enabled or disabled as appropriate. enabled/disabled via inetd via inetd.conf 10.8.10.5.4.1.1 (2) The version string reported by the bind service should be configured appropriately. string via /etc/named.conf 10.8.10.5.4.1.1 (5) The nfsd service should be enabled or disabled as appropriate enabled/disabled via RC scripts 10.8.10.5.4.1.5 (1) The mountd service should be enabled or disabled as appropriate enabled/disabled via RC scripts 10.8.10.5.4.1.5 (1) The statd service should be enabled or disabled as appropriate enabled/disabled via RC scripts 10.8.10.5.4.1.5 (1) The lockd service should be enabled or disabled as appropriate enabled/disabled via RC scripts 10.8.10.5.4.1.5 (1) NFS should be configured with appropriate authentication methods list of auth methods via NFSvia via /etc/exports 10.8.10.5.4.1.5 (1) f) The read-only (ro) option should be enabled or disabled as appropriate for all NFS exports. enabled/disabled via /etc/exports 10.8.10.5.4.1.5 (1) g) The nosuid option should be enabled or disabled for all NFS mounts as appropriate enabled/disabled via /etc/fstab 10.8.10.5.4.1.5 (1) i) The nosgid option should be enabled or disabled for all NFS mounts as appropriate enabled/disabled via /etc/fstab 10.8.10.5.4.1.5 (1) i) Sendmail should be enabled or disabled as appropriate enabled/disabled via inetd via RC scripts 10.8.10.5.4.2.2 (1) The sendmail banner should be set appropriately. string via /etc/mail/sendmail.cf 10.8.10.5.4.2.2 (3) The decode sendmail alias should be enabled or disabled as appropriate. enabled/disabled via /etc/aliases via /usr/lib/aliases 10.8.10.5.4.2.2 (4) c) .forward files should be allowed or disallowed as appropriate for all users allow/disallow via rm 10.8.10.5.4.2.2 (4) e) Programs executed through the aliases file should be owned by an appropriate user user via chown 10.8.10.5.4.2.2 (4) f) Programs executed through the aliases file should reside a directory with an appropriate user owner user via chown 10.8.10.5.4.2.2 (4) f) Sendmail vrfy command should be allowed or not as appropriate allow/disallow via /etc/mail/sendmail.cf 10.8.10.5.4.2.2 (4) g) Sendmail expn command should be allowed or not as appropriate allow/disallow via /etc/mail/sendmail.cf 10.8.10.5.4.2.2 (4) h) Sendmail should be configured with an appropriate logging level logging level via /etc/mail/sendmail.cf 10.8.10.5.4.2.2 (4) i) Sendmail help command should be allowed or not as appropriate allow/disallow via sendmail via /etc/mail/sendmail.cf 10.8.10.5.4.2.2 (4) k) NIS+ server should operate at an appropriate security level security level via NIS+ 10.8.10.5.4.2.3 (1) b) X-Windows should be enabled or disabled as appropriate enabled/disabled via Xwindows 10.8.10.5.4.2.4 (1) Authorized X-clients should be listed or not in the X*.hosts file as appropriate listed/not listed via /etc/X*.hosts 10.8.10.5.4.2.4 (2) b) X-Windows should write .Xauthority files to users' home directories or not as appropriate write/not write via xdm via gdm via kdm 10.8.10.5.4.2.4 (2) d) X11 forwarding via SSH should be enabled or disabled as appropriate. enabled/disabled via sshd_config 10.8.10.5.4.2.4 (2) f) Samba should be enabled or disabled as appropriate enabled/disabled via smbd via RC scripts 10.8.10.5.4.2.6 (1) Samba 'hosts allow' option should be configured with an appropriate set of networks list of networks via smbd via smb.conf 10.8.10.5.4.2.6 (3) a) Samba 'security option' option should be set as appropriate via smbd via smb.conf 10.8.10.5.4.2.6 (3) b) Samba 'encrypt' passwords option should be set as appropriate yes/no via smbd via smb.conf 10.8.10.5.4.2.6 (3) c) Samba 'smb passwd file' option should be set to an appropriate password file or no password file file/nothing via smbd via smb.conf 10.8.10.5.4.2.6 (3) d) IPv6 should be enabled or disabled as appropriate enabled/disabled via ifconfig 10.8.10.5.4.3 (1) /dev/kmem file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #9 /dev/mem file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #10 /dev/null file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #11 resolv.conf file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #13 /etc/named.conf file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #14 /usr/bin/at file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #25 /usr/bin/rdist file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #26 /usr/sbin/sync file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #27 Superuser account home directories' permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #29 /etc/samba/smb.conf file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #31 smbpassword executable permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #32 Aliases file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #34 File permissions should be set as appropriate for the log file configured to capture critical sendmail messages. permissions via chmod 10.8.10-1 A.1 1) #35 All files executed through /etc/aliases file entries should have file permissions set appropriately permissions via chmod 10.8.10-1 A.1 1) #36 /bin/csh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #37 /bin/jsh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #38 /bin/ksh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #39 The /bin/rsh file should exist or not as appropriate exist/not exist via filesystem 10.8.10-1 A.1 1) #40 /bin/sh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #41 /bin/bash file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #42 /sbin/csh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #43 /sbin/jsh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #44 /sbin/ksh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #45 The /sbin/rsh file should exist or not as appropriate exist/not exist via filesystem 10.8.10-1 A.1 1) #46 /sbin/sh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #47 /sbin/bash file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #48 /usr/bin/csh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #49 /usr/bin/jsh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #50 /usr/bin/ksh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #51 The /usr/bin/rsh file should exist or not as appropriate exist/not exist via filesystem 10.8.10-1 A.1 1) #52 /usr/bin/sh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #53 snmpd.conf file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #56 /tmp file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #57 /usr/tmp file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #58 .Xauthority file permissions should be set appropriately for all users. permissions via chmod 10.8.10-1 A.1 1) #60 /etc/aliases file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #61 /etc/cron.d/at.allow file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #62 /etc/cron.d/cron.allow file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #63 /etc/csh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #64 /etc/default/* file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #65 /etc/default/login file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #66 The /etc/ftpusers file should exist or not as appropriate exist/not exist via filesystem 10.8.10-1 A.1 1) #69 /etc/host.lpd file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #70 /etc/hostname* file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #71 /etc/hosts file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #72 /etc/inetd.conf file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #73 /etc/issue file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #75 /etc/jsh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #76 /etc/ksh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #77 /etc/mail/aliases file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #78 /etc/motd file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #79 /etc/netconfig file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #80 /etc/notrouter file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #81 /etc/pam.conf file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #82 /etc/passwd file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #83 The /etc/rsh file should exist or not as appropriate exist/not exist via filesystem 10.8.10-1 A.1 1) #84 /etc/security file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #85 /etc/services file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #86 /etc/sh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #87 /etc/shadow file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #88 /etc/syslog.conf file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #89 DEPRECATED. /etc/fstab file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #91 DEPRECATED. /var/adm/loginlog file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #93 /var/adm/messages file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #94 /var/adm/sulog file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #95 /var/adm/utmp file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #96 /var/adm/wtmp file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #97 /var/adm/authlog file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #98 /var/adm/syslog file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #99 /var/mail file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #100 /var/tmp file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #101 /usr/lib/pt_chmod file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #103 /usr/lib/embedded_us file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #104 /usr/lib/sendmail file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #105 /usr/kerberos/bin/rsh file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #107 /var/spool/mail file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #108 smbpassword file permissions should be set appropriately permissions via chmod 10.8.10-1 A.1 1) #109 System files should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #8 System files should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #8 Default/skeleton dot files should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #9 Default/skeleton dot files should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #9 Global initialization files should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #10 Global initialization files should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #10 Home directories should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #11 Home directories should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #11 inetd.conf file should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #12 inetd.conf file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #12 /etc/services file should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #16 /etc/services file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #16 /etc/notrouter file should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #18 /etc/notrouter file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #18 DEPRECATED. DEPRECATED. /etc/passwd file should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #35 /etc/passwd file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #35 /etc/shadow file should be owned by an appropriate user list of users via chown 10.8.10-1 A.1 2) #36 /etc/shadow file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-1 A.1 2) #36 Environmental variable PATH for superuser accounts should or should not contain world-writable files as appropriate should/should not via chmod via profile 10.8.10-1 A.2 1) #1 Environmental variable PATH for superuser accounts should not contain the current directory as the first or last entry should/should not via local init files 10.8.10-1 A.2 1) #2 The current directory should or should not be added to the environmental variable PATH by global initialization files as appropriate should/should not via local init files 10.8.10-1 A.2 1) #3 The current directory should or should not be added to the environmental variable PATH by local initialization files as appropriate should/should not via local init files 10.8.10-1 A.2 1) #4 DEPRECATED. The system umask should be set appropriately umask via global init files 10.8.10-1 A.2 1) #8 The user umask should be set appropriately umask via local init files 10.8.10-1 A.2 1) #8 DEPRECATED. /etc/rc.config.d/auditing file should be owned by an appropriate user list of users via chown 10.8.10-4 D.1 1) #2 DEPRECATED. /etc/init.d file should be owned by an appropriate user list of users via chown 10.8.10-4 D.1 1) #5 /etc/hosts.lpd file should be owned by an appropriate user list of users via chown 10.8.10-4 D.1 1) #6 DEPRECATED. /etc/rc.config.d/auditing file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-4 D.1 1) #2 DEPRECATED. /etc/init.d file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-4 D.1 1) #5 /etc/hosts.lpd file should be owned by an appropriate group list of groups via chgrp via chown 10.8.10-4 D.1 1) #6 DEPRECATED. /etc/rc.config.d/auditing file permissions should be set appropriately permissions via chmod 10.8.10-4 D.1 1) #2 DEPRECATED in favor of CCE-8638-9, CCE-8647-0, and CCE-8187-7. /etc/auto.master file should be owned by an appropriate user list of users via chown 10.8.10-3 C.1 1) #9 /etc/auto.misc file should be owned by an appropriate user list of users via chown 10.8.10-3 C.1 1) #9 /etc/auto.net file should be owned by an appropriate user list of users via chown 10.8.10-3 C.1 1) #9 /etc/init.d file permissions should be set appropriately permissions via chmod 10.8.10-4 D.1 1) #5 /etc/hosts.lpd file permissions should be set appropriately permissions via chmod 10.8.10-4 D.1 1) #6 DEPRECATED. Auditing should be enabled or disabled for user accounts as appropriate enabled/disabled via /tcb/files/auth/* 10.8.10-4 D.3 1) Auditing should be enabled or disabled at boot time as appropriate enabled/disabled via /etc/rc.config.d/auditing 10.8.10-4 D.3 2) System logons should be audited or not as appropriate audited/not audited via /etc/rc.config.d/auditing 10.8.10-4 D.3 3) #1 System logoffs should be audited or not as appropriate audited/not audited via /etc/rc.config.d/auditing 10.8.10-4 D.3 3) #2 Password changes should be audited or not as appropriate audited/not audited via /etc/rc.config.d/auditing 10.8.10-4 D.3 3) #3 su usage should be audited or not as appropriate audited/not audited via /etc/rc.config.d/auditing 10.8.10-4 D.3 3) #4 Creation/modification of superuser groups should be audited or not as appropriate audited/not audited via /etc/rc.config.d/auditing 10.8.10-4 D.3 3) #5 Clearing of the audit log file should be audited or not as appropriate audited/not audited via /etc/rc.config.d/auditing 10.8.10-4 D.3 3) #8 Startup/shutdown of audit functions should be audited or not as appropriate audited/not audited via /etc/rc.config.d/auditing 10.8.10-4 D.3 3) #9 Use of identification/authorization mechanisms should be audited or not as appropriate audited/not audited via /etc/rc.config.d/auditing 10.8.10-4 D.3 3) #10 Remote access from outside the corporate network should be audited or not as appropriate audited/not audited via /etc/rc.config.d/auditing 10.8.10-4 D.3 3) #11 Change of permissions/privileges should be audited or not as appropriate audited/not audited via /etc/rc.config.d/auditing 10.8.10-4 D.3 3) #13 Global initialization files should allow or deny write access to the terminal as appropriate allow/deny via global init files 10.8.10-4 D.4 1) #1 PRI audit file should be specified appropriately file and path via /etc/rc.config.d/auditing 10.8.10-4 D.3 2) SEC audit file should be specified appropriately file and path via /etc/rc.config.d/auditing 10.8.10-4 D.3 2) FileSpaceSwitch should be set to an appropriate value percentage of free space via /etc/rc.config.d/auditing 10.8.10-4 D.3 2) Wakeup switchpoint frequency should be set to an appropriate time interval number of minutes via /etc/rc.config.d/auditing 10.8.10-4 D.3 2) Warning messages switchpoint distance should be set to an appropriate value switchpoint distance integer via /etc/rc.config.d/auditing 10.8.10-4 D.3 2) Hard core dump size limits should be set appropriately Size (0 to disable core dumps) via /etc/security/limits via ulimit 10.8.10.4.4 (3) Root logins should be allowed or not as appropriate from SSH consoles allowed/not allowed 10.8.10.5.2.6 (4) The "Security Zones: Use Only Machine Settings" setting should be configured correctly. enabled/disabled HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Use_HKLM_only Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only CCE-5 oval:org.mitre.oval:def:1277, oval:org.mitre.oval:def:2050 UseOnlyMachineSettings-LocalComputer, UseOnlyMachineSettings-LocalComputer-Disabled use_only_machine_settings_local_computer oval:gov.nist.fdcc.ie7:def:1277 Internet Explorer Processes (Restrict ActiveX Install) enabled/disabled HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\explorer.exe HKLM\Software\Policies\ Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Restrict ActiveX Install Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\(Reserved) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\explorer.exe [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\iexplore.exe CCE-119 oval:org.mitre.oval:def:658 IEProcesses-RestrictActiveXInstall-LocalComputer IEProcesses_RestrictActiveXInstall_LocalComputer oval:gov.nist.fdcc.ie7:def:658 The "Security Zones: Do Not Allow Users to Add/Delete Sites" setting should be configured correctly. enabled/disabled HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_Zones_Map_Edit Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_zones_map_edit CCE-146 oval:org.mitre.oval:def:1400 DoNotAllowUsersAddDeleteSites-LocalComputer DoNotAllowUsersAddDeleteSites_LocalComputer oval:gov.nist.fdcc.ie7:def:1400 The "Disable Periodic Check For Internet Explorer Software Updates" setting should be configured correctly. enabled/disabled HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\InfoDelivery\Restrictions\NoUpdateCheck Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoUpdateCheck CCE-212 oval:org.mitre.oval:def:1357 DisablePeriodicCheckForIESoftwareUpdates-LocalComputer DisablePeriodicCheckForIESoftwareUpdates_LocalComputer oval:gov.nist.fdcc.ie7:def:1357 Internet Explorer Processes (Zone Elevation Protection) enabled/disabled HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\explorer.exe HKLM\Software\Policies\Microsoft\Internet Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Protection From Zone Elevation Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\(Reserved) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\explorer.exe [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\iexplore.exe CCE-347 oval:org.mitre.oval:def:620 IEProcesses_ProtectionFromZoneElevation_LocalComputer oval:gov.nist.fdcc.ie7:def:620 The "Internet Explorer Processes (Consistent MIME Handling)" setting should be configured correctly. enabled/disabled HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\explorer.exe HKLM\Software\Policies\Microsoft\Internet E Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Binary Behavior Security Restriction Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\(Reserved) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\explorer.exe [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\iexplore.exe CCE-382 oval:org.mitre.oval:def:884 IEProcesses-ConsistentMimeHandling-LocalComputer IEProcesses_ConsistentMimeHandling_LocalComputer oval:gov.nist.fdcc.ie7:def:884 The "Allow Software to Run or Install Even if the Signature is Invalid" setting should be configured correctly. enabled/disabled HKLM\Software\Policies\Microsoft\Internet Explorer\Download\RunInvalidSignatures Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Advanced Page Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Download\RunInvalidSignatures CCE-449 oval:org.mitre.oval:def:680, oval:org.mitre.oval:def:1392 AllowSoftwareRunInstallSignatureInvalid-LocalComputer, AllowSoftwareToRununOrInstallEvenIfSignatureInvalid-LocalUser AllowSoftwareRunInstallSignatureInvalid_LocalComputer oval:gov.nist.fdcc.ie7:def:680 The "Internet Explorer Processes (MK Protocol)" setting should be configured correctly. enabled/disabled HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\explorer.exe HKLM\Software\Policies\Microsoft Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/MK Protocol Security Restriction Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\(Reserved) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\explorer.exe [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\iexplore.exe CCE-591 oval:org.mitre.oval:def:617 IEProcesses-MKProtocolSecurityRestriction-LocalComputer IEProcesses_MKProtocolSecurityRestriction_LocalComputer oval:gov.nist.fdcc.ie7:def:617 The "Disable Software Update Shell Notifications on Program Launch" setting should be configured correctly. enabled/disabled HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoMSAppLogo5ChannelNotify Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Restrict File Download Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\(Reserved) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\explorer.exe [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\iexplore.exe CCE-622 oval:org.mitre.oval:def:1188 DisableSoftwareUpdateShellNotifications-LocalComputer DisableSoftwareUpdateShellNotifications_LocalComputer oval:gov.nist.fdcc.ie7:def:1188 The "Internet Explorer Processes (Restrict File Download)" setting should be configured correctly. enabled/disabled HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\explorer.exe Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Restrict File Download Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\(Reserved) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\explorer.exe [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\iexplore.exe CCE-668 oval:org.mitre.oval:def:320 IEProcesses-RestrictFileDownload-LocalComputer IEProcesses_RestrictFileDownload_LocalComputer oval:gov.nist.fdcc.ie7:def:320 The "Disable Automatic Install of Internet Explorer Components" setting should be configured correctly. enabled/disabled HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\InfoDelivery\Restrictions\NoJITSetup Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoJITSetup CCE-684 oval:org.mitre.oval:def:1198 DisableAutomaticInstallOfIEComponents-LocalComputer DisableAutomaticInstallOfIEComponents_LocalComputer oval:gov.nist.fdcc.ie7:def:1198 The "Make Proxy Settings Per-Machine (Rather Then Per-User)" setting should be configured correctly. number of proxy settings HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser CCE-693 oval:org.mitre.oval:def:1181 MakeProxySettingsPerMachine-LocalComputer MakeProxySettingsPerMachine_LocalComputer oval:gov.nist.fdcc.ie7:def:1181 The "Do Not Allow Users to enable or Disable Add-Ons" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoExtensionManagement CCE-708 oval:org.mitre.oval:def:1380, oval:org.mitre.oval:def:1358, oval:org.mitre.oval:def:1694 DoNotAllowUsersEnableDisableAddOns-LocalComputer, DoNotAllowUsersEnableDisableAddOns-LocalUser DoNotAllowUsersEnableDisableAddOns_LocalComputer oval:gov.nist.fdcc.ie7:def:1694 The "Turn Off Crash Detection" setting should be configured correctly. enabled/disabled HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoCrashDetection Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoCrashDetection CCE-753 oval:org.mitre.oval:def:487 TurnOffCrashDetection-LocalComputer TurnOffCrashDetection_LocalComputer oval:gov.nist.fdcc.ie7:def:487 The "Internet Explorer Processes (Scripted Window Security Restrictions)" setting should be configured correctly. enabled/disabled HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\explorer.exe Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Scripted Window Security Restrictions Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\(Reserved) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\explorer.exe [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\iexplore.exe CCE-827 oval:org.mitre.oval:def:465 IEProcesses-ScriptedWindowSecurityRestrictions-LocalComputer IEProcesses_ScriptedWindowSecurityRestrictions_LocalComputer oval:gov.nist.fdcc.ie7:def:465 The "Security Zones: Do Not Allow Users to Change Policies" setting should be configured correctly. enabled/disabled HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_options_edit Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_options_edit CCE-833 oval:org.mitre.oval:def:1404 DoNotAllowUsersChangePolicies-LocalComputer DoNotAllowUsersChangePolicies_LocalComputer oval:gov.nist.fdcc.ie7:def:1404 The "Internet Explorer Processes (MIME Sniffing)" setting should be configured correctly. enabled/disabled HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\explorer.exe Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Mime Sniffing Safety Feature Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\(Reserved) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\explorer.exe [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\iexplore.exe CCE-985 oval:org.mitre.oval:def:317 IEProcesses-MimeSniffingSafetyFeature-LocalComputer IEProcesses_MimeSniffingSafetyFeature_LocalComputer oval:gov.nist.fdcc.ie7:def:317 The "Check for Signature on Downloaded Programs" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Advanced Page Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Download\CheckExeSignatures CCE-1025 oval:org.mitre.oval:def:395 CheckSignatureDownloadedPrograms-LocalComputer CheckSignatureDownloadedPrograms_LocalComputer oval:gov.nist.fdcc.ie7:def:395 The "Do Not Allow Resetting Internet Explorer Settings" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Advanced Page Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\DisableRIED CCE-42 oval:org.mitre.oval:def:583 DoNotAllowResettingIESettings-LocalComputer DoNotAllowResettingIESettings_LocalComputer oval:gov.nist.fdcc.ie7:def:583 The "Allow cut, copy, or paste operations from the clipboard via script" setting should be configured correctly for the Internet Zone. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1407 CCE-49 oval:org.mitre.oval:def:506, oval:org.mitre.oval:def:533 AllowCutCopyPasteOperationsFromClipboardViaScript-InternetZone-LocalComputer, AllowCutCopyPasteOperationsFromClipboardViaScript-InternetZone-LocalUser allow_cut_copy_paste_operations_from_clipboard_via_script_internet_zone_local_computer oval:gov.nist.fdcc.ie7:def:506 The "Turn Off First- Run Opt-In" setting should be configured correctly for the Internet Zone. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 CCE-863 oval:org.mitre.oval:def:1119 TurnOffFirst-RunOpt-In-InternetZone-LocalComputer TurnOffFirstRunOptIn_InternetZone_LocalComputer oval:gov.nist.fdcc.ie7:def:1119 The "Web Browser Applications" setting should be configured correctly for the Internet Zone. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2400 CCE-286 oval:org.mitre.oval:def:242 WebBrowserApplications-InternetZone-LocalComputer WebBrowserApplications_InternetZone_LocalComputer oval:gov.nist.fdcc.ie7:def:242 The "Allow cut, copy, or paste operations from the clipboard via script" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1407 CCE-1031 oval:org.mitre.oval:def:249, oval:org.mitre.oval:def:1393 AllowCutCopyPasteOperationsFromClipboardViaScript-RestrictedSitesZone-LocalComputer, AllowCutCopyPasteOperationsFromClipboardViaScript-RestrictedSitesZone-LocalUser AllowCutCopyPasteOperationsFromClipboardViaScript_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:249 The "Turn Off First- Run Opt-In" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208 CCE-200 oval:org.mitre.oval:def:621 TurnOffFirst-RunOpt-In-RestrictedSitesZone-LocalComputer TurnOffFirstRunOptIn_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:621 The "Web Browser Applications" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2400 CCE-51 oval:org.mitre.oval:def:580 WebBrowserApplications-RestrictedSitesZone-LocalComputer WebBrowserApplications_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:580 The "Intranet Sites: Include all network paths (UNCs)" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet CCE-876 oval:org.mitre.oval:def:559, oval:org.mitre.oval:def:1370 IncludeAllNetworkPaths-LocalComputer, IncludeAllNetworkPaths-LocalUser include_all_network_paths_local_computer oval:gov.nist.fdcc.ie7:def:559 The "Disable the Advanced Page" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\AdvancedTab CCE-810 oval:org.mitre.oval:def:934, oval:org.mitre.oval:def:660 DisableTheAdvancedPage-LocalComputer, DisableTheAdvancedPage-LocalUser The "Disable the Privacy Page" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\PrivacyTab CCE-811 oval:org.mitre.oval:def:1111 DisableThePrivacyPage-LocalComputer The "Disable the Security Page" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTab CCE-595 oval:org.mitre.oval:def:672, oval:org.mitre.oval:def:601 DisableTheSecurityPage-LocalComputer, DisableTheSecurityPage-LocalUser The "Prevent Ignoing Certificate Errors" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\PreventIgnoreCertErrors CCE-938 oval:org.mitre.oval:def:655, oval:org.mitre.oval:def:1129 PreventIgnoingCertificateErrors-LocalComputer, PreventIgnoingCertificateErrors-LocalUser prevent_ignoring_certificate_errors_local_computer oval:gov.nist.fdcc.ie7:def:655 The "Turn Off changing the URL to be displayed for checking updates to Internet Explorer and Internet Tools" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Internet Settings/Component Updates/Periodic Check for Updates to Internet Explorer and Internet Tools Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\Update_Check_Page CCE-946 oval:org.mitre.oval:def:715 TurnOffChangingURLDisplay-LocalComputer TurnOffChangingURLDisplay_LocalComputer oval:gov.nist.fdcc.ie7:def:715 The "Turn Off Configuring the Update Check Interval (In Days)" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Internet Settings/Component Updates/Periodic Check for Updates to Internet Explorer and Internet Tools Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\Update_Check_Interval CCE-237 oval:org.mitre.oval:def:1187 TurnOffConfiguringUpdateCheckInterval-LocalComputer TurnOffConfiguringUpdateCheckInterval_LocalComputer oval:gov.nist.fdcc.ie7:def:1187 The "Add-on List" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Add-on Management Registry Keys:[HKLM | HKCU]\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\ListBox_Support_CLSID CCE-541 oval:org.mitre.oval:def:626 AddOnList-LocalComputer The "Deny all add-ons unless specifically allowed in the Add-on List" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Add-on Management Registry Keys:[HKLM | HKCU]\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\RestrictToList CCE-911 oval:org.mitre.oval:def:1278 DenyAllAddOns-LocalComputer The "Disable "Configuring History"" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\History [HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History\DaysToKeep CCE-66 oval:org.mitre.oval:def:757, oval:org.mitre.oval:def:1365 DisableConfiguringHistory-LocalComputer, DisableConfiguringHistory-LocalUser DisableConfiguringHistory_LocalComputer oval:gov.nist.fdcc.ie7:def:757 The "Disable Changing Automatic Configuration Settings" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\Autoconfig CCE-471 oval:org.mitre.oval:def:1285, oval:org.mitre.oval:def:613 DisableChangingAutomaticConfigurationSettings-LocalComputer, DisableChangingAutomaticConfigurationSettings-LocalUser DisableChangingAutomaticConfigurationSettings_LocalComputer oval:gov.nist.fdcc.ie7:def:1285 The "Disable Changing Connection Settings" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\Connection Settings [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\Connwiz Admin Lock CCE-611 oval:org.mitre.oval:def:355, oval:org.mitre.oval:def:1128 DisableChangingConnectionSettings-LocalComputer, DisableChangingConnectionSettings-LocalUser The "Disable Changing Proxy Settings" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\Proxy CCE-62 oval:org.mitre.oval:def:398, oval:org.mitre.oval:def:635 DisableChangingProxySettings-LocalComputer, DisableChangingProxySettings-LocalUser The "Disable Showing the Splash Screen" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoSplash CCE-556 oval:org.mitre.oval:def:1164 DisableShowingSplashScreen-LocalComputer DisableShowingSplashScreen_LocalComputer oval:gov.nist.fdcc.ie7:def:1164 The "Prevent "Fix settings" Functionality" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Security\DisableFixSecuritySettings CCE-948 oval:org.mitre.oval:def:448, oval:org.mitre.oval:def:640 PreventFixSettingsFunctionality-LocalComputer, PreventFixSettingsFunctionality-LocalUser The "Prevent participation in the Customer Experience Improvement Programs" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\SQM\DisableCustomerImprovementProgram CCE-495 oval:org.mitre.oval:def:1171, oval:org.mitre.oval:def:1391 PreventParticipationInCustomerExperienceImprovementPrograms-LocalComputer, PreventParticipationInCustomerExperienceImprovementPrograms-LocalUser PreventParticipationInCustomerExperienceImprovementPrograms_LocalComputer oval:gov.nist.fdcc.ie7:def:1171 The "Prevent performance of First Run Customize settings" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize CCE-1006 oval:org.mitre.oval:def:1322 PreventPerformanceOfFirstRunCustomizeSettings-LocalComputer PreventPerformanceOfFirstRunCustomizeSettings_LocalComputer oval:gov.nist.fdcc.ie7:def:1322 The "Prevent the deletation of temporary internet files and cookies" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\Settings CCE-909 oval:org.mitre.oval:def:1382, oval:org.mitre.oval:def:703 PerventDeletationOfTempInternetFiles-LocalComputer, PerventDeletationOfTempInternetFiles-LocalUser The "Turn off "Delete Browsing History" functionality" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\DisableDeleteBrowsingHistory CCE-1010 oval:org.mitre.oval:def:458, oval:org.mitre.oval:def:1474 TurnOffDeleteBrowsingHistoryFunctionality-LocalComputer, TurnOffDeleteBrowsingHistoryFunctionality-LocalUser TurnOffDeleteBrowsingHistoryFunctionality_LocalComputer oval:gov.nist.fdcc.ie7:def:458 The "Turn off Managing Phishing Filter" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\Enabled CCE-1032 oval:org.mitre.oval:def:501 TurnOffManagingPhishingFilter-LocalComputer TurnOffManagingPhishingFilter_LocalComputer oval:gov.nist.fdcc.ie7:def:501 The "Turn off the Security Settings Check feature" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck CCE-1054 oval:org.mitre.oval:def:916, oval:org.mitre.oval:def:1034 TurnOffSecuritySettingsCheckFeature-LocalComputer, TurnOffSecuritySettingsCheckFeature-LocalUser TurnOffSecuritySettingsCheckFeature_LocalComputer oval:gov.nist.fdcc.ie7:def:916 The "Allow Active Content from CD's to Run on User Machine" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Advanced Page Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCAL CCE-964 oval:org.mitre.oval:def:400 AllowActiveContentFromCD-LocalComputer AllowActiveContentFromCD_LocalComputer oval:gov.nist.fdcc.ie7:def:400 The "Enable third-party browser extensions" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Advanced Page Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\Enable Browser Extensions CCE-598 oval:org.mitre.oval:def:110 AllowThird-PartyBrowserExtensions-LocalComputer AllowThird-PartyBrowserExtensions_LocalComputer oval:gov.nist.fdcc.ie7:def:110 The "Automatically Check for Internet Explorer Updates" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Advanced Page Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\NoUpdateCheck CCE-1008 oval:org.mitre.oval:def:656, oval:org.mitre.oval:def:1360 AutomaticallyCheckIEUpdates-LocalComputer, AutomaticallyCheckForIEUpdates-LocalUser AutomaticallyCheckIEUpdates_LocalComputer oval:gov.nist.fdcc.ie7:def:656 The "Check for Server Certificate Revocation" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Advanced Page Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation CCE-690 oval:org.mitre.oval:def:172, oval:org.mitre.oval:def:1502 CheckServerCertificateRevocation-LocalComputer, CheckForServerCertificateRevocation-LocalUser CheckServerCertificateRevocation_LocalComputer oval:gov.nist.fdcc.ie7:def:172 The "Access data sources across domains" setting should be configured correctly for the Internet Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1406 CCE-47 oval:org.mitre.oval:def:674, oval:org.mitre.oval:def:650 AccessDataSourcesAcrossDomains-InternetZone-LocalComputer, AccessDataSourcesAcrossDomains-InternetZone-LocalUser access_data_sources_across_domains_internet_zone_local_computer oval:gov.nist.fdcc.ie7:def:674 The "Drag and drop or copy and paste files" setting should be configured correctly for the Internet Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1802 CCE-685 oval:org.mitre.oval:def:1083, oval:org.mitre.oval:def:547 AllowDragDropOrCopyPasteFiles-InternetZone-LocalComputer, AllowDragDropOrCopyPasteFiles-InternetZone-LocalUser AllowDragDropOrCopyPasteFiles_InternetZone_LocalComputer oval:gov.nist.fdcc.ie7:def:1083 The "Font download" setting should be configured correctly for the Internet Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1604 CCE-491 oval:org.mitre.oval:def:524, oval:org.mitre.oval:def:659 AllowFontDownloads-InternetZone-LocalComputer, AllowFontDownloads-InternetZone-LocalUser AllowFontDownloads_InternetZone_LocalComputer oval:gov.nist.fdcc.ie7:def:524 The "Installation of desktop items" setting should be configured correctly for the Internet Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1800 CCE-355 oval:org.mitre.oval:def:223, oval:org.mitre.oval:def:541 AllowInstallationOfDesktopItems-InternetZone-LocalComputer, AllowInstallationOfDesktopItems-InternetZone-LocalUser AllowInstallationOfDesktopItems_InternetZone_LocalComputer oval:gov.nist.fdcc.ie7:def:223 The "Allow script-initiated windows without size or position constraints" setting should be configured correctly for the Internet Zone. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2102 CCE-280 oval:org.mitre.oval:def:589, oval:org.mitre.oval:def:1476 AllowScriptInitiatedWindowsWithoutSizeOrPositionConstraints-InternetZone-LocalComputer, AllowScriptInitiatedWindowsWithoutSizeOrPositionConstraints-InternetZone-LocalUser AllowScriptInitiatedWindowsWithoutSizeOrPositionConstraints_InternetZone_LocalComputer oval:gov.nist.fdcc.ie7:def:589 The "Allow Scriptlets" setting should be configured correctly for the Internet Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209 CCE-439 oval:org.mitre.oval:def:1043 AllowScriptlets-InternetZone-LocalComputer allow_scriptlets_internet_zone_local_computer oval:gov.nist.fdcc.ie7:def:1043 The "Allow status bar updates via script" setting should be configured correctly for the Internet Zone. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103 CCE-914 oval:org.mitre.oval:def:226, oval:org.mitre.oval:def:1208 AllowStatusBarUpdatesViaScript-InternetZone-LocalComputer, AllowStatusBarUpdatesViaScript-InternetZone-LocalUser allow_status_bar_updates_via_script_internet_zone_local_computer oval:gov.nist.fdcc.ie7:def:226 The "Automatic prompting for file downloads" setting should be configured correctly for the Internet Zone. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2200 CCE-16 oval:org.mitre.oval:def:1113, oval:org.mitre.oval:def:562 AutomaticPromptingFileDownloads-InternetZone-LocalComputer, AutomaticPromptingFileDownloads-InternetZone-LocalUser AutomaticPromptingFileDownloads_InternetZone_LocalComputer oval:gov.nist.fdcc.ie7:def:1113 The "Download signed ActiveX controls" setting should be configured correctly for the Internet Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1001 CCE-1013 oval:org.mitre.oval:def:1199, oval:org.mitre.oval:def:546 DownloadSignedActiveXControls-InternetZone-LocalComputer, DownloadSignedActiveXControls-InternetZone-LocalUser download_signed_activex_controls_InternetZone_LocalComputer oval:gov.nist.fdcc.ie7:def:1199 The "Download unsigned ActiveX controls" setting should be configured correctly for the Internet Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1004 CCE-176 oval:org.mitre.oval:def:391, oval:org.mitre.oval:def:1200 DownloadUnsignedActiveXControls-InternetZone-LocalComputer, DownloadUnsignedActiveXControls-InternetZone-LocalUser DownloadUnsignedActiveXControls_InternetZone_LocalComputer oval:gov.nist.fdcc.ie7:def:391 The "Initialize and script ActiveX controls not marked as safe for scripting" setting should be configured correctly for the Internet Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1201 CCE-586 oval:org.mitre.oval:def:1040, oval:org.mitre.oval:def:739 InitializeScriptActiveXControlsNotMarkedAsSafe-InternetZone-LocalComputer, JavaPermissions-InternetZone-LocalComputer, InitializeScriptActiveXControlsNotMarkedAsSafe-InternetZone-LocalUser InitializeScriptActiveXControlsNotMarkedAsSafe_InternetZone_LocalComputer oval:gov.nist.fdcc.ie7:def:1040 The "Java permissions" setting should be configured correctly for the Internet Zone. Custom/Disable Java/High safety/Low safety/Medium safety Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1C00 CCE-132 oval:org.mitre.oval:def:1174, oval:org.mitre.oval:def:725 JavaPermissions-InternetZone-LocalUser java_permissions_internet_zone_local_computer oval:gov.nist.fdcc.ie7:def:1174 The "Launching programs and files in an IFRAME" setting should be configured correctly for the Internet Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1804 CCE-689 oval:org.mitre.oval:def:611, oval:org.mitre.oval:def:1487 LaunchingApplicationsAndFilesInIFRAME-InternetZone-LocalComputer, LaunchingApplicationsAndFilesInIFRAME-InternetZone-LocalUser LaunchingApplicationsAndFilesInIFRAME_InternetZone_LocalComputer oval:gov.nist.fdcc.ie7:def:611 The "Logon" setting should be configured correctly for the Internet Zone. Anonymous logon/Automatic logon only in Intranet zone/Automatic logon with current user name and password/Prompt for user name and password Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A00 CCE-720 oval:org.mitre.oval:def:691, oval:org.mitre.oval:def:1123 LogonOptions-InternetZone-LocalComputer, LogonOptions-InternetZone-LocalUser LogonOptions_InternetZone_LocalComputer oval:gov.nist.fdcc.ie7:def:691 The "Loose XAML" setting should be configured correctly for the Internet Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2402 CCE-126 oval:org.mitre.oval:def:240 LooseXAMLFiles-InternetZone-LocalComputer LooseXAMLFiles_InternetZone_LocalComputer oval:gov.nist.fdcc.ie7:def:240 The "Navigate sub-frames across different domains" setting should be configured correctly for the Internet Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1607 CCE-245 oval:org.mitre.oval:def:612, oval:org.mitre.oval:def:1394 NavigateSub-framesAcrossDifferentDomains-InternetZone-LocalComputer, NavigateSub-framesAcrossDifferentDomains-InternetZone-LocalUser navigate_sub_frames_across_different_domains_Internet_zone_local_computer oval:gov.nist.fdcc.ie7:def:612 The "Open files based on content, not file extension" setting should be configured correctly for the Internet Zone. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2100 CCE-910 oval:org.mitre.oval:def:953, oval:org.mitre.oval:def:1300 OpenFilesBasedOnContent-InternetZone-LocalComputer, OpenFilesBasedOnContent-InternetZone-LocalUser OpenFilesBasedOnContent_InternetZone_LocalComputer oval:gov.nist.fdcc.ie7:def:953 The "Software channel permissions" setting should be configured correctly for the Internet Zone. High safety/low safety/medium safety Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1E05 CCE-359 oval:org.mitre.oval:def:302, oval:org.mitre.oval:def:1398 SoftwareChannelPermissions-InternetZone-LocalComputer, SoftwareChannelPermissions-InternetZone-LocalUser SoftwareChannelPermissions_InternetZone_LocalComputer oval:gov.nist.fdcc.ie7:def:302 The "Use Pop-up Blocker" setting should be configured correctly for the Internet Zone. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1809 CCE-1002 oval:org.mitre.oval:def:1179, oval:org.mitre.oval:def:558 UsePop-upBlocker-InternetZone-LocalComputer, UsePop-upBlocker-InternetZone-LocalUser UsePop-upBlocker_InternetZone_LocalComputer oval:gov.nist.fdcc.ie7:def:1179 The "Userdata persistence" setting should be configured correctly for the Internet Zone. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1606 CCE-425 oval:org.mitre.oval:def:1108 UserdataPersistence-InternetZone-LocalComputer UserdataPersistence_InternetZone_LocalComputer oval:gov.nist.fdcc.ie7:def:1108 The "Web sites in less privileged Web content zones can navigate into this zone" setting should be configured correctly for the Internet Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2101 CCE-724 oval:org.mitre.oval:def:265, oval:org.mitre.oval:def:1432 WebSitesInLessPrivilegedWebContentZonesCanNavigateIntoThisZone-InternetZone-LocalComputer, WebSitesInLessPrivilegedWebContentZonesCanNavigateIntoThisZone-InternetZone-LocalUser WebSitesInLessPrivilegedWebContentZonesCanNavigateIntoThisZone_InternetZone_LocalComputer oval:gov.nist.fdcc.ie7:def:265 The "XPS documents" setting should be configured correctly for the Internet Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2401 CCE-1015 oval:org.mitre.oval:def:628 XPSFiles-InternetZone-LocalComputer The "Display mixed content" setting should be configured correctly for the Internet Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609 CCE-878 oval:org.mitre.oval:def:245 DisplayMixedContent-LockedDownInternetZone-LocalComputer display_mixed_content_locked_down_internet_zone_local_computer oval:gov.nist.fdcc.ie7:def:245 The "Display mixed content" setting should be configured correctly for the Intranet Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1609 CCE-288 oval:org.mitre.oval:def:1166 DisplayMixedContent-IntranetZone-LocalComputer display_mixed_content_intranet_zone_local_computer oval:gov.nist.fdcc.ie7:def:1166 The "Display mixed content" setting should be configured correctly for the Locked Down Intranet Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1\1609 CCE-552 oval:org.mitre.oval:def:247 DisplayMixedContent-LockedDownIntranetZone-LocalComputer display_mixed_content-LockedDownintranet_zone_local_computer oval:gov.nist.fdcc.ie7:def:247 The "Display mixed content" setting should be configured correctly for the Local Machine Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1609 CCE-473 oval:org.mitre.oval:def:383 DisplayMixedContent-LocalMachineZone-LocalComputer display_mixed_content-local_machine_zone_local_computer oval:gov.nist.fdcc.ie7:def:383 The "Display mixed content" setting should be configured correctly for the Locked Down Local Machine Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1609 CCE-239 oval:org.mitre.oval:def:418 DisplayMixedContent-LockedDownLocalMachineZone-LocalComputer display_mixed_content-LockedDownlocal_machine_zone_local_computer oval:gov.nist.fdcc.ie7:def:418 The "Access data sources across domains" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1406 CCE-636 oval:org.mitre.oval:def:652, oval:org.mitre.oval:def:750 AccessDataSourcesAcrossDomains-RestrictedSitesZone-LocalComputer, AccessDataSourcesAcrossDomains-RestrictedSitesZone-LocalUser AccessDataSourcesAcrossDomains_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:652 The "Active scripting" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1400 CCE-292 oval:org.mitre.oval:def:293, oval:org.mitre.oval:def:561 AllowActiveScripting-RestrictedSitesZone-LocalComputer, AllowActiveScripting-RestrictedSitesZone-LocalUser AllowActiveScripting_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:293 The "Binary and script behaviors" setting should be configured correctly for the Restricted Sites Zone. Administrator approved/enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2000 CCE-178 oval:org.mitre.oval:def:365, oval:org.mitre.oval:def:1314 AllowBinaryAndScriptBehaviors-RestrictedSitesZone-LocalComputer, AllowBinaryAndScriptBehaviors-RestrictedSitesZone-LocalUser AllowBinaryAndScriptBehaviors_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:365 The "Drag and drop or copy and paste files" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1802 CCE-41 oval:org.mitre.oval:def:498, oval:org.mitre.oval:def:1465 AllowDragDropOrCopyPasteFiles-RestrictedSitesZone-LocalComputer, AllowDragDropOrCopyPasteFiles-RestrictedSitesZone-LocalUser AllowDragDropOrCopyPasteFiles_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:498 The "File download" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1803 CCE-970 oval:org.mitre.oval:def:1184, oval:org.mitre.oval:def:1318 AllowFileDownloads-RestrictedSitesZone-LocalComputer, AllowFileDownloads-RestrictedSitesZone-LocalUser AllowFileDownloads_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:1184 The "Font download" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1604 CCE-882 oval:org.mitre.oval:def:1109, oval:org.mitre.oval:def:1410 AllowFontDownloads-RestrictedSitesZone-LocalComputer, AllowFontDownloads-RestrictedSitesZone-LocalUser AllowFontDownloads_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:1109 The "Installation of desktop items" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1800 CCE-763 oval:org.mitre.oval:def:251, oval:org.mitre.oval:def:1257 AllowInstallationOfDesktopItems-RestrictedSitesZone-LocalComputer, AllowInstallationOfDesktopItems-RestrictedSitesZone-LocalUser AllowInstallationOfDesktopItems_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:251 The "Allow META REFRESH" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1608 CCE-680 oval:org.mitre.oval:def:1218, oval:org.mitre.oval:def:1270 AllowMETAREFRESH-RestrictedSitesZone-LocalComputer, AllowMETAREFRESH-RestrictedSitesZone-LocalUser AllowMETAREFRESH_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:1218 The "Allow script-initiated windows without size or position constraints" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2102 CCE-208 oval:org.mitre.oval:def:1234, oval:org.mitre.oval:def:574 AllowScriptInitiatedWindowsWithoutSizeOrPositionConstraints-RestrictedSitesZone-LocalComputer, AllowScriptInitiatedWindowsWithoutSizeOrPositionConstraints-RestrictedSitesZone-LocalUser AllowScriptInitiatedWindowsWithoutSizeOrPositionConstraints_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:1234 The "Allow Scriptlets" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1209 CCE-838 oval:org.mitre.oval:def:1217 AllowScriptlets-RestrictedSitesZone-LocalComputer The "Allow status bar updates via script" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1001 CCE-129 oval:org.mitre.oval:def:378, oval:org.mitre.oval:def:1320 AllowStatusBarUpdatesViaScript-RestrictedSitesZone-LocalComputer, AllowStatusBarUpdatesViaScript-RestrictedSitesZone-LocalUser AllowStatusBarUpdatesViaScript_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:378 The "Automatic prompting for file downloads" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2200 CCE-175 oval:org.mitre.oval:def:252, oval:org.mitre.oval:def:1312 AutomaticPromptingFileDownloads-RestrictedSitesZone-LocalComputer, AutomaticPromptingFileDownloads-RestrictedSitesZone-LocalUser AutomaticPromptingFileDownloads_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:252 The "Download signed ActiveX controls" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1001 CCE-52 oval:org.mitre.oval:def:1019, oval:org.mitre.oval:def:1389 DownloadSignedActiveXControls-RestrictedSitesZone-LocalComputer, DownloadSignedActiveXControls-RestrictedSitesZone-LocalUser download_signed_activex_controls_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:1019 The "Download unsigned ActiveX controls" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1004 CCE-1012 oval:org.mitre.oval:def:949, oval:org.mitre.oval:def:579 DownloadUnsignedActiveXControls-RestrictedSitesZone-LocalComputer, DownloadUnsignedActiveXControls-RestrictedSitesZone-LocalUser DownloadUnsignedActiveXControls_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:949 The "Initialize and script ActiveX controls not marked as safe for scripting" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1201 CCE-26 oval:org.mitre.oval:def:273, oval:org.mitre.oval:def:1342 InitializeScriptActiveXControlsNotMarkedAsSafe-RestrictedSitesZone-LocalComputer, InitializeScriptActiveXControlsNotMarkedAsSafe-RestrictedSitesZone-LocalUser InitializeScriptActiveXControlsNotMarkedAsSafe_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:273 The "Java permissions" setting should be configured correctly for the Restricted Sites Zone. Custom/Disable Java/High safety/Low safety/Medium safety Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1C00 CCE-925 oval:org.mitre.oval:def:824, oval:org.mitre.oval:def:732 JavaPermissions-RestrictedSitesZone-LocalComputer, JavaPermissions-RestrictedSitesZone-LocalUser java_permissions_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:824 The "Launching programs and files in an IFRAME" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1804 CCE-339 oval:org.mitre.oval:def:274, oval:org.mitre.oval:def:1223 LaunchingApplicationsAndFilesInIFRAME-RestrictedSitesZone-LocalComputer, LaunchingApplicationsAndFilesInIFRAME-RestrictedSitesZone-LocalUser LaunchingApplicationsAndFilesInIFRAME_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:274 The "Logon" setting should be configured correctly for the Restricted Sites Zone. Anonymous logon/Automatic logon only in Intranet zone/Automatic logon with current user name and password/Prompt for user name and password Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A00 CCE-128 oval:org.mitre.oval:def:326, oval:org.mitre.oval:def:1378 LogonOptions-RestrictedSitesZone-LocalComputer, LogonOptions-RestrictedSitesZone-LocalUser LogonOptions_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:326 The "Loose XAML" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2402 CCE-639 oval:org.mitre.oval:def:275 LooseXAMLFiles-RestrictedSitesZone-LocalComputer LooseXAMLFiles_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:275 The "Navigate sub-frames across different domains" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1607 CCE-995 oval:org.mitre.oval:def:1229, oval:org.mitre.oval:def:1292 NavigateSub-framesAcrossDifferentDomains-RestrictedSitesZone-LocalComputer, NavigateSub-framesAcrossDifferentDomains-RestrictedSitesZone-LocalUser NavigateSub-framesAcrossDifferentDomains_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:1229 The "Open files based on content, not file extension" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2100 CCE-409 oval:org.mitre.oval:def:706, oval:org.mitre.oval:def:1421 OpenFilesBasedOnContent-RestrictedSitesZone-LocalComputer, OpenFilesBasedOnContent-RestrictedSitesZone-LocalUser OpenFilesBasedOnContent_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:706 The "Run components not signed with Authenticode" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2004 CCE-678 oval:org.mitre.oval:def:329, oval:org.mitre.oval:def:599 RunNETFrameworkReliantComponentsNotSignedWithAuthenticode-RestrictedSitesZone-LocalComputer, RunNETFrameworkReliantComponentsNotSignedWithAuthenticode-RestrictedSitesZone-LocalUser RunNETFrameworkReliantComponentsNotSignedWithAuthenticode_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:329 The "Run components signed with Authenticode" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2001 CCE-563 oval:org.mitre.oval:def:276, oval:org.mitre.oval:def:1428 RunNETFrameworkReliantComponentsSignedWithAuthenticode-RestrictedSitesZone-LocalComputer, RunNETFrameworkReliantComponentsSignedWithAuthenticode-RestrictedSitesZone-LocalUser RunNETFrameworkReliantComponentsSignedWithAuthenticode_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:276 The "Run ActiveX controls and plugins" setting should be configured correctly for the Restricted Sites Zone. Administrator approved/enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1200 CCE-841 oval:org.mitre.oval:def:571, oval:org.mitre.oval:def:1594 RunActiveXControlsAndPlugins-RestrictedSitesZone-LocalComputer, RunActiveXControlsAndPlugins-RestrictedSitesZone-LocalUser RunActiveXControlsAndPlugins_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:571 The "Script ActiveX controls marked safe for scripting" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1405 CCE-973 oval:org.mitre.oval:def:602, oval:org.mitre.oval:def:1274 ScriptActiveXControlsMarkedSafeForScripting-RestrictedSitesZone-LocalComputer, ScriptActiveXControlsMarkedSafeForScripting-RestrictedSitesZone-LocalUser ScriptActiveXControlsMarkedSafeForScripting_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:602 The "Scripting of Java applets" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1402 CCE-1000 oval:org.mitre.oval:def:280, oval:org.mitre.oval:def:641 ScriptingOfJavaApplets-RestrictedSitesZone-LocalComputer, ScriptingOfJavaApplets-RestrictedSitesZone-LocalUser ScriptingOfJavaApplets_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:280 The "Software channel permissions" setting should be configured correctly for the Restricted Sites Zone. High safety/low safety/medium safety Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1E05 CCE-520 oval:org.mitre.oval:def:290, oval:org.mitre.oval:def:1214 SoftwareChannelPermissions-RestrictedSitesZone-LocalComputer, SoftwareChannelPermissions-RestrictedSitesZone-LocalUser SoftwareChannelPermissions_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:290 The "Use Pop-up Blocker" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1809 CCE-660 oval:org.mitre.oval:def:1100, oval:org.mitre.oval:def:1286 UsePop-upBlocker-RestrictedSitesZone-LocalComputer, UsePop-upBlocker-RestrictedSitesZone-LocalUser UsePop-upBlocker_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:1100 The "Userdata persistence" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1606 CCE-28 oval:org.mitre.oval:def:300 UserdataPersistence-RestrictedSitesZone-LocalComputer UserdataPersistence_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:300 The "Web sites in less privileged Web content zones can navigate into this zone" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2101 CCE-698 oval:org.mitre.oval:def:1219, oval:org.mitre.oval:def:1243 WebSitesInLessPrivilegedWebContentZonesCanNavigateIntoThisZone-RestrictedSitesZone-LocalComputer, WebSitesInLessPrivilegedWebContentZonesCanNavigateIntoThisZone-RestrictedSitesZone-LocalUser WebSitesInLessPrivilegedWebContentZonesCanNavigateIntoThisZone_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:1219 The "XPS documents" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2401 CCE-460 oval:org.mitre.oval:def:1176 XPSFiles-RestrictedSitesZone-LocalComputer The "Display mixed content" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\1609 CCE-30 oval:org.mitre.oval:def:314 DisplayMixedContent-LockedDownRestrictedSitesZone-LocalComputer display_mixed_content-LockedDownRestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:314 The "Display mixed content" setting should be configured correctly for the Trusted Sites Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1609 CCE-31 oval:org.mitre.oval:def:1153 DisplayMixedContent-TrustedSitesZone-LocalComputer display_mixed_content_trusted_sites_zone_local_computer oval:gov.nist.fdcc.ie7:def:1153 The "Display mixed content" setting should be configured correctly for the Locked Down Trusted Sites Zone. enabled/disabled/prompt Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\1609 CCE-666 oval:org.mitre.oval:def:1183 DisplayMixedContent-LockedDownTrustedSitesZone-LocalComputer display_mixed_content_LockedDowntrusted_sites_zone_local_computer oval:gov.nist.fdcc.ie7:def:1183 The "Enable Native XMLHttp Support" setting should be configured correctly. enabled/disabled Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\XMLHTTP CCE-528 oval:org.mitre.oval:def:338 EnableNativeXMLHttpSupport-LocalComputer EnableNativeXMLHttpSupport_LocalComputer oval:gov.nist.fdcc.ie7:def:338 The "Turn on the auto-complete feature for user names and passwords on form" setting should be configured correctly. enabled/disabled HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FormSuggest Passwords HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\FormSuggest Passwords CCE-721 oval:org.mitre.oval:def:645 DisableSaveThisProgramToDiskOption-LocalUser TurnOnAutoCompleteFeatureForUserNamesAndPasswords_LocalUser oval:gov.nist.fdcc.ie7:def:645 The "Allow Install On Demand (Internet Explorer)" setting should be configured correctly. enabled/disabled HKCU\Software\Policies\Microsoft\Internet Explorer\Main\NoJITSetup CCE-69 oval:org.mitre.oval:def:523 AllowInstallOnDemandIE-LocalUser allow_install_on_demand_ie_local_computer oval:gov.nist.fdcc.ie7:def:9999 The "Turn off page transitions" setting should be configured correctly. enabled/disabled HKCU\Software\Policies\Microsoft\Internet Explorer\Main\Page_Transitions CCE-71 oval:org.mitre.oval:def:1206 TurnOffPageTransitions-LocalUser TurnOffPageTransitions_LocalUser oval:gov.nist.fdcc.ie7:def:1206 The "Disable AutoComplete for forms" setting should be configured correctly. enabled/disabled HKCU\Software\Policies\Microsoft\Internet Explorer\Main\Use FormSuggest HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\FormSuggest CCE-478 oval:org.mitre.oval:def:1516 DisableAutoCompleteForForms-LocalUser DisableAutoCompleteForForms_LocalUser oval:gov.nist.fdcc.ie7:def:1516 The "Disable Save this program to disk option" setting should be configured correctly. enabled/disabled HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoSelectDownloadDir CCE-412 oval:org.mitre.oval:def:505 AllowInstallOnDemandIE-LocalUser The "Disable changing certificate settings" setting should be configured correctly. enabled/disabled HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Certificates CCE-1037 oval:org.mitre.oval:def:1362 DisableChangingCertificateSettings-LocalUser The "Disable external branding of Internet Explorer" setting should be configured correctly. enabled/disabled HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoExternalBranding CCE-1051 oval:org.mitre.oval:def:1384 DisableExternalBrandingOfIE-LocalUser DisableExternalBrandingOfIE_LocalUser oval:gov.nist.fdcc.ie7:def:1384 The "Configure Outlook Express" setting should be configured correctly enabled/disabled HKCU\Software\Microsoft\Outlook Express\BlockExeAttachments CCE-963 oval:org.mitre.oval:def:1238 ConfigureOutlookExpress-LocalUser configure_outlook_express_local_user oval:gov.nist.fdcc.ie7:def:1238 The "Turn on the Internet Connection Wizard Auto Detect" setting should be configured correctly. enabled/disabled HKCU\Software\Policies\Microsoft\Internet Connection Wizard\DisableICW CCE-258 oval:org.mitre.oval:def:604 InternetConnectionWizardSettings-LocalUser TurnOnInternetConnectionWizardAutoDetect_LocalUser oval:gov.nist.fdcc.ie7:def:604 The "Disable Internet Connection wizard" setting should be configured correctly. enabled/disabled HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Connwiz Admin Lock CCE-769 oval:org.mitre.oval:def:1355 DisableInternetConnectionWizard-LocalUser DisableInternetConnectionWizard_LocalUser oval:gov.nist.fdcc.ie7:def:1355 The "Disable the Reset Web Settings feature" should be configured correctly. enabled/disabled HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\ResetWebSettings CCE-625 oval:org.mitre.oval:def:1437 DisableResetWebSettingsFeature-LocalUser DisableResetWebSettingsFeature_LocalUser oval:gov.nist.fdcc.ie7:def:1437 The "Disable Downloading Of Site Subscription Content" setting should be configured correctly. enabled/disabled HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoSubscriptionContent CCE-74 oval:org.mitre.oval:def:1080 DisableDownloadingOfSiteSubscriptionContent-LocalUser The "Disable Adding Schedules For Offline Pages" setting should be configured correctly. enabled/disabled HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoAddingSubscriptions CCE-122 oval:org.mitre.oval:def:1293 DisableAddingSchedulesForOfflinePages-LocalUser The "Disable Adding Channels" setting should be configured correctly. enabled/disabled HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoAddingChannels CCE-716 oval:org.mitre.oval:def:1383 DisableAddingChannels-LocalUser The "Disable Editing And Creating Of Schedule Groups" setting should be configured correctly. enabled/disabled HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoEditingScheduleGroups CCE-610 oval:org.mitre.oval:def:1397 DisableEditingAndCreatingOfScheduleGroups-LocalUser The "Disable All Scheduled Offline Pages" setting should be configured correctly. enabled/disabled HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoScheduledUpdates CCE-619 oval:org.mitre.oval:def:1501 DisableAllScheduledOfflinePages-LocalUser The "Disable Editing Schedules For Offline Pages" setting should be configured correctly. enabled/disabled HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoEditingSubscriptions CCE-373 oval:org.mitre.oval:def:1565 DisableEditingSchedulesForOfflinePages-LocalUser The "Disable Channel User Interface Completely" setting should be configured correctly. enabled/disabled HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoChannelUI CCE-298 oval:org.mitre.oval:def:1782 DisableChannelUserInterfaceCompletely-LocalUser The "Disable Removing Channels" setting should be configured correctly. enabled/disabled HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoRemovingChannels CCE-1069 oval:org.mitre.oval:def:1801 DisableRemovingChannels-LocalUser The "Disable Removing Schedules For Offline Pages" setting should be configured correctly. enabled/disabled HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoRemovingSubscriptions CCE-615 oval:org.mitre.oval:def:1954 DisableRemovingSchedulesForOfflinePages-LocalUser The "Disable Offline Page Hit Logging" setting should be configured correctly. enabled/disabled HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoChannelLogging CCE-1003 oval:org.mitre.oval:def:2026 DisableOfflinePageHitLogging-LocalUser The "Java permissions" setting should be configured correctly for the Locked Down Intranet Zone. Custom/Disable Java/High safety/Low safety/Medium safety Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone/Java permissions Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1\1C00 CCE-320 oval:org.mitre.oval:def:2039 JavaPermissions-LockedDownIntranetZone-LocalComputer java_permissions_LockedDownintranet_zone_local_computer oval:gov.nist.fdcc.ie7:def:2039 The "Java permissions" setting should be configured correctly for the Local Machine Zone. Custom/Disable Java/High safety/Low safety/Medium safety Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone/Java permissions Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1C00 CCE-138 oval:org.mitre.oval:def:1422 JavaPermissions-LocalMachineZone-LocalComputer java_permissions_local_machine_zone_local_computer oval:gov.nist.fdcc.ie7:def:1422 The "Java permissions" setting should be configured correctly for the Locked Down Local Machine Zone. Custom/Disable Java/High safety/Low safety/Medium safety Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone/Java permissions Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1C00 CCE-1045 oval:org.mitre.oval:def:1986 JavaPermissions-LockedDownLocalMachineZone-LocalComputer java_permissions_LockedDownlocal_machine_zone_local_computer oval:gov.nist.fdcc.ie7:def:1986 Computer-wide, rather than per-user, assignment of sites to zones for Internet Explorer should be enabled or disabled as appropriate. enabled, disabled, or not configured GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site to Zone Assignment List CCE-1005 site_to_zone_assignment_list_local_computer oval:gov.nist.fdcc.ie7:def:9998 The "Turn on Protected Mode" setting should be configured correctly for the Internet Zone. enabled/disabled GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn on Protected Mode CCE-281 TurnOnProtectedMode_InternetZone_LocalComputer oval:gov.nist.fdcc.ie7:def:111999 The "Java permissions" setting should be configured correctly for the Intranet Zone. Custom/Disable Java/High safety/Low safety/Medium safety Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone/Java permissions Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1C00 CCE-218 java_permissions_intranet_zone_local_computer oval:gov.nist.fdcc.ie7:def:1883 The "Download signed ActiveX controls" setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled/prompt GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone\Download signed ActiveX controls CCE-308 download_signed_activex_controls_locked_down_internet_zone_local_computer oval:gov.nist.fdcc.ie7:def:24599 The "Java permissions" setting should be configured correctly for the Locked Down Internet Zone. Custom/Disable Java/High safety/Low safety/Medium safety Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone/Java permissions Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\1C00 CCE-781 java_permissions_locked_down_internet_zone_local_computer oval:gov.nist.fdcc.ie7:def:1419 The "Java permissions" setting should be configured correctly for the Locked Down Restricted Sites Zone. Custom/Disable Java/High safety/Low safety/Medium safety Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone/Java permissions Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\1C00 CCE-1088 java_permissions_LockedDownRestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:1753 The "Allow status bar updates via script" setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone\Allow status bar updates via script CCE-1147 AllowStatusBarUpdatesViaScript_LockedDowntrusted_sites_zone_local_computer oval:gov.nist.fdcc.ie7:def:118399 The "Java permissions" setting should be configured correctly for the Locked Down Trusted Sites Zone. Custom/Disable Java/High safety/Low safety/Medium safety Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone/Java permissions Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\1C00 CCE-140 java_permissions_LockedDowntrusted_sites_zone_local_computer oval:gov.nist.fdcc.ie7:def:1699 The "Turn on Protected Mode" setting should be configured correctly for the Restricted Sites Zone. enabled/disabled GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Turn on Protected Mode Registry Keys:[HKLM|HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500 CCE-1211 TurnOnProtectedMode_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:62199 The "Java permissions" setting should be configured correctly for the Trusted Sites Zone. Custom/Disable Java/High safety/Low safety/Medium safety Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone/Java permissions Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1C00 CCE-675 java_permissions_trusted_sites_zone_local_computer oval:gov.nist.fdcc.ie7:def:1379 The 'Allow scripting of Internet Explorer web browser control' setting should be configured correctly for the Internet Zone. enabled/disabled/prompt (1) HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1206 (2) Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow scripting of Internet Explorer web browser control AllowScriptingOfInternetExplorerWebBrowserControl_InternetZone_LocalComputer oval:gov.nist.USGCB.ie7:def:31098 The 'Include local directory path when uploading files to a server' setting should be configured correctly for the Internet Zone. enabled/disabled/prompt (1) HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\160A (2) Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Include local directory path when uploading files to a server IncludeLocalDirectoryPathWhenUploadingFilesToAServer_InternetZone_LocalComputer oval:gov.nist.USGCB.ie7:def:31099 The 'Launching programs and unsafe files' setting should be configured correctly for the Internet Zone. enabled/disabled/prompt (1) HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1806 (2) Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Launching programs and unsafe files LaunchingProgramsAndUnsafeFiles_InternetZone_LocalComputer oval:gov.nist.USGCB.ie7:def:31100 The 'Run .NET Framework-reliant components not signed with Authenticode' setting should be configured correctly for the Internet Zone. enabled/disabled/prompt (1) HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2004 (2) Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Run .NET Framework-reliant components not signed with Authenticode RunNETFrameworkReliantComponentsNotSignedWithAuthenticode_InternetZone_LocalComputer oval:gov.nist.USGCB.ie7:def:31035 The 'Run .NET Framework-reliant components signed with Authenticode' setting should be configured correctly for the Internet Zone. enabled/disabled/prompt (1) HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2001 (2) Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Run .NET Framework-reliant components signed with Authenticode RunNETFrameworkReliantComponentsSignedWithAuthenticode_InternetZone_LocalComputer oval:gov.nist.USGCB.ie7:def:31036 The 'Allow scripting of Internet Explorer web browser control' setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt (1) HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1206 (2) Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow scripting of Internet Explorer web browser control AllowScriptingOfInternetExplorerWebBrowserControl_RestrictedSitesZone_LocalComputer oval:gov.nist.USGCB.ie7:def:31103 The 'Include local directory path when uploading files to a server' setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt (1) HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\160A (2) Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Include local directory path when uploading files to a server IncludeLocalDirectoryPathWhenUploadingFilesToAServer_RestrictedSitesZone_LocalComputer oval:gov.nist.USGCB.ie7:def:31104 The 'Launching programs and unsafe files' setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt (1) HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1806 (2) Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Launching programs and unsafe files LaunchingProgramsAndUnsafeFiles_RestrictedSitesZone_LocalComputer oval:gov.nist.USGCB.ie7:def:31105 The "Allow cut, copy or paste operations from the clipboard via script" machine setting should be configured correctly for the Internet Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow cut, copy or paste operations from the clipboard via script (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1407 CCE-49 Setting Index #32: This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in the security zone. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only allow approved domains to use ActiveX controls without prompt" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Only allow approved domains to use ActiveX controls without prompt (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\120b Setting Index #20: This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on Web sites other than the Web site that installed the ActiveX control. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow drag and drop or copy and paste files" machine setting should be configured correctly for the Internet Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow drag and drop or copy and paste files (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1802 CCE-685 Setting Index #33: This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Security Zones: Do not allow users to change policies" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Zones: Do not allow users to change policies (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_options_edit CCE-833 Setting Index #91: If you enable this policy setting, you disable the Custom Level button and Security level for this zone slider on the Security tab in the Internet Options dialog box. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow software to run or install even if the signature is invalid" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Allow software to run or install even if the signature is invalid (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Download\RunInvalidSignatures CCE-449 Setting Index #83: Allow software to run or install even if the signature is invalid Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use SmartScreen Filter" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Use SmartScreen Filter (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\2301 Setting Index #22: This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Check for server certificate revocation" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Check for server certificate revocation (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation CCE-690 Setting Index #24: This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripting of Java applets" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Scripting of Java applets (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1402 CCE-1000 Setting Index #77: This policy setting allows you to manage whether applets are exposed to scripts within the zone. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Pop-up Blocker" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Use Pop-up Blocker (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1809 CCE-660 Setting Index #79: This policy setting allows you to manage whether unwanted pop-up windows appear. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Security Zones: Use only machine settings" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Zones: Use only machine settings (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only CCE-5 Setting Index #92: This policy setting affects how security zone changes apply to different users. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open files based on content, not file extension" machine setting should be configured correctly for the Internet Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Open files based on content, not file extension (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2100 CCE-910 Setting Index #46: This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Consistent Mime Handling: Internet Explorer Processes" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling\Internet Explorer Processes CCE-382 Setting Index #7: When set to Enabled, Internet Explorer examines each received file for a consistent MIME type. When set to Disabled or Not configured, Internet Explorer does not require consistent MIME data from each file. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use SmartScreen Filter" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Use SmartScreen Filter (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\2301 Setting Index #21: This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use SmartScreen Filter" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Use SmartScreen Filter (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1\2301 Setting Index #18: This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Java permissions" machine setting should be configured correctly for the Internet Zone. Custom/Disable Java/High safety/Low safety/Medium safety (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Java permissions (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1C00 CCE-132 Setting Index #42: This policy setting allows you to manage permissions for Java applets. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use SmartScreen Filter" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Use SmartScreen Filter (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2301 Setting Index #15: This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not allow users to enable or disable add-ons" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Do not allow users to enable or disable add-ons (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoExtensionManagement CCE-708 Setting Index #84: This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent "Fix settings" functionality" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\\Prevent "Fix settings" functionality (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Security\DisableFixSecuritySettings CCE-948 Setting Index #51: This policy setting prevents users from performing the "Fix settings" functionality related to the Security Settings Check in Internet Explorer. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "MK Protocol Security Restriction: Internet Explorer Processes" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction\Internet Explorer Processes (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\(Reserved) CCE-591 Setting Index #9: When this setting is configured to Enabled, the MK protocol is blocked for Windows Explorer and Internet Explorer, which causes resources that use it to fail. When this setting is configured to Disabled, other applications can use the MK protocol API. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open files based on content, not file extension" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Open files based on content, not file extension (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2100 CCE-409 Setting Index #72: This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on the auto-complete feature for user names and passwords on forms" current user setting should be configured correctly. enabled/disabled (1) GPO: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn on the auto-complete feature for user names and passwords on forms (2) Registry Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FormSuggest Passwords CCE-721 Setting Index #96: This policy setting controls automatic completion of user names and passwords in forms on Web pages, and prevents user prompts to save passwords. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Initialize and script ActiveX controls not marked as safe (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1201 CCE-26 Setting Index #67: This policy setting allows you to manage ActiveX controls not marked as safe. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching applications and files in an IFRAME" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Launching applications and files in an IFRAME (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1804 CCE-339 Setting Index #69: This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Access data sources across domains" machine setting should be configured correctly for the Internet Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Access data sources across domains (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1406 CCE-47 Setting Index #31: This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable "Configuring History"" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Disable "Configuring History" (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History\DaysToKeep CCE-66 Setting Index #25: This setting specifies the number of days that Internet Explorer keeps track of the pages viewed in the History List. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable AutoComplete for forms" current user setting should be configured correctly. enabled/disabled (1) GPO: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable AutoComplete for forms (2) Registry Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\FormSuggest CCE-478 Setting Index #2: This policy setting controls automatic completion of fields in forms on Web pages. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for file downloads" machine setting should be configured correctly for the Internet Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Automatic prompting for file downloads (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2200 CCE-16 Setting Index #38: This policy setting determines whether users will be prompted for non user-initiated file downloads. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active scripting" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow active scripting (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1400 CCE-292 Setting Index #54: This policy setting allows you to manage whether script code on pages in the zone is run Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Security Zones: Do not allow users to add/delete sites" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Zones: Do not allow users to add/delete sites (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_zones_map_edit CCE-146 Setting Index #90: Enable this policy setting to disable the site management settings for security zones. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Advanced page" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Advanced Page (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\AdvancedTab CCE-810 Setting Index #29: This policy setting works in conjunction with other settings to ensure that users cannot change the settings that are configured in the Advanced tab of Internet Explorer. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow font downloads" machine setting should be configured correctly for the Internet Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow font downloads (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1604 CCE-491 Setting Index #34: This policy setting allows you to manage whether pages of the zone may download HTML fonts. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict ActiveX Install: Internet Explorer Processes" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install\Internet Explorer Processes CCE-119 Setting Index #10: This policy setting provides the ability to block ActiveX control installation prompts for Internet Explorer processes. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Save this program to disk option" current user setting should be configured correctly. enabled/disabled (1) GPO: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\Disable Save this program to disk option (2) Registry Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoSelectDownloadDir CCE-412 Setting Index #5: This policy setting prevents users from saving a program or file that Internet Explorer has downloaded to the hard disk. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow status bar updates via script" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow status bar updates via script (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2103 CCE-129 Setting Index #63: This policy setting allows you to manage whether script is allowed to update the status bar within the zone. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download unsigned ActiveX controls" machine setting should be configured correctly for the Internet Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Download unsigned ActiveX controls (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1004 CCE-176 Setting Index #40: This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent ignoring certificate errors" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Prevent ignoring certificate errors (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\PreventIgnoreCertErrors CCE-938 Setting Index #52: When a user experiences Secure Socket Layer/Transport Layer Security (SSL/TLS) certificate errors such as "expired," "revoked," or "name mismatch," Internet Explorer blocks the user's ability to continue browsing the Web site. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download unsigned ActiveX controls" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Download unsigned ActiveX controls (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1004 CCE-1012 Setting Index #66: This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable changing proxy settings" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing proxy settings (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\Proxy CCE-62 Setting Index #28: This policy setting removes users' ability to change proxy settings. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file downloads" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow file downloads (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1803 CCE-970 Setting Index #58: This policy setting allows you to manage whether file downloads are permitted from the zone. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download signed ActiveX controls" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Download signed ActiveX controls (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1001 CCE-52 Setting Index #65: This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Logon options" machine setting should be configured correctly for the Internet Zone. Anonymous logon/Automatic logon only in Intranet zone/Automatic logon with current username and password/Prompt for user name and password (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Logon options (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A00 CCE-720 Setting Index #44: This policy setting allows you to manage settings for logon options. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow installation of desktop items" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow installation of desktop items (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1800 CCE-763 Setting Index #60: This policy setting allows you to manage whether users can install Active Desktop items from this zone. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Pop-up Blocker" machine setting should be configured correctly for the Internet Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Use Pop-up Blocker (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1809 CCE-1002 Setting Index #48: This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable changing certificate settings" current user setting should be configured correctly. enabled/disabled (1) GPO: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing certificate settings (2) Registry Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\Certificates CCE-1037 Setting Index #3: This policy setting removes a user's ability to change certificate settings in Internet Explorer. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Access data sources across domains" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Access data sources across domains (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1406 CCE-636 Setting Index #53: This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow cut, copy or paste operations from the clipboard via script" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow cut, copy or paste operations from the clipboard via script (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1407 CCE-1031 Setting Index #56: This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in the security zone. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow binary and script behaviors" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/Administrator approved (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow binary and script behaviors (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2000 CCE-178 Setting Index #55: This policy setting allows you to manage dynamic binary and script behaviors. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Security page" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Security Page (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTab CCE-595 Setting Index #30: This policy setting removes the Security tab from the Internet Options dialog box. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Script ActiveX controls marked safe for scripting" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Script ActiveX controls marked safe for scripting (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1405 CCE-973 Setting Index #76: Restricted Sites Zone: Script ActiveX controls marked safe for scripting Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Internet Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Initialize and script ActiveX controls not marked as safe (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1201 CCE-586 Setting Index #41: This policy setting allows you to manage ActiveX controls not marked as safe. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Protection From Zone Elevation: Internet Explorer Processes" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation\Internet Explorer Processes CCE-347 Setting Index #13: This setting controls the Internet Explorer restrictions on each Web page that it opens. These restrictions depend on the location of the Web page (such as Internet zone, Intranet zone, or Local Machine zone). Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict File Download: Internet Explorer Processes" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict File Download\Internet Explorer Processes CCE-668 Setting Index #11: When set to Enabled, file download prompts that are not user-initiated are blocked for Internet Explorer processes. When set to Disabled, file download prompts will occur that are not user-initiated for Internet Explorer processes. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatically check for Internet Explorer updates" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Automatically check for Internet Explorer updates (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\NoUpdateCheck CCE-1008 Setting Index #23: This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Crash Detection" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Crash Detection (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoCrashDetection CCE-753 Setting Index #94: This policy setting allows you to manage the crash detection feature of add-on management in Internet Explorer. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripted Window Security Restrictions: Internet Explorer Processes" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions\Internet Explorer Processes CCE-827 Setting Index #12: When set to Enabled, pop-up windows will not display in Windows Explorer or for Internet Explorer processes. When set to Disabled or Do not configure, scripts can create pop-up windows and windows that can hide other windows. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable changing connection settings" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing connection settings (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\Connection Settings CCE-611 Setting Index #27: This policy setting removes users' ability to change dial-up settings. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off the Security Settings Check feature" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off the Security Settings Check feature (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck CCE-1054 Setting Index #82: This policy setting turns off the Security Settings Check feature, which checks Internet Explorer security settings to determine when the settings put Internet Explorer at risk. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web sites in less privileged Web content zones can navigate into this zone" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Web sites in less privileged Web content zones can navigate into this zone (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2101 CCE-698 Setting Index #80: This policy setting allows you to manage whether Web sites from less privileged zones can navigate into this zone. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Java permissions" machine setting should be configured correctly for the Restricted Sites Zone. Custom/Disable Java/High safety/Low safety/Medium safety (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Java permissions (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1C00 CCE-1088 Setting Index #68: This policy setting allows you to manage permissions for Java applets. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web sites in less privileged Web content zones can navigate into this zone" machine setting should be configured correctly for the Internet Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Web sites in less privileged Web content zones can navigate into this zone (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2101 CCE-724 Setting Index #49: This policy setting allows you to manage whether Web sites from less privileged zones can navigate into this zone. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Mime Sniffing Safety Feature: Internet Explorer Processes" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature\Internet Explorer Processes CCE-985 Setting Index #8: When set to Enabled, MIME sniffing will not promote a file of one type to a more dangerous file type. When set to Disabled, MIME sniffing configures Internet Explorer processes to allow the promotion of a file to a more dangerous file type. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable changing Automatic Configuration settings" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing Automatic Configuration settings (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\Autoconfig CCE-471 Setting Index #26: This policy setting removes a user's ability to change automatically configured settings. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Navigate windows and frames across different domains (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1607 CCE-995 Setting Index #71: This policy setting allows you to manage the opening of sub-frames and access of applications across different domains. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Logon options" machine setting should be configured correctly for the Restricted Sites Zone. Anonymous logon/Automatic logon only in Intranet zone/Automatic logon with current username and password/Prompt for user name and password (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Logon options (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A00 CCE-128 Setting Index #70: This policy setting allows you to manage settings for logon options. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow META REFRESH" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow META REFRESH (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1608 CCE-680 Setting Index #61: This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting to redirect browsers to another Web page. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only use the ActiveX Installer Service for installation of ActiveX Controls" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Only use the ActiveX Installer Service for installation of ActiveX Controls (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AxInstaller\OnlyUseAXISForActiveXInstall Setting Index #85: This policy setting allows you to specify how ActiveX controls are installed. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Bypassing SmartScreen Filter Warnings" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent Bypassing SmartScreen Filter Warnings (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\PreventOverride Setting Index #86: The SmartScreen Filter prevents users from navigating to and downloading from sites known to host malicious content, including Phishing or malicious software attacks. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Deleting Cookies" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Cookies (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Privacy\CleanCookies Setting Index #87: This policy setting is used to prevent users from deleting cookies. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use SmartScreen Filter" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Use SmartScreen Filter (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\2301 Setting Index #17: This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Per-User Installation of ActiveX Controls" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable Per-User Installation of ActiveX Controls (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX\BlockNonAdminActiveXInstall Setting Index #4: This policy setting allows you to disable the per-user installation of ActiveX controls. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off ActiveX opt-in prompt" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off ActiveX opt-in prompt (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\NoFirsttimeprompt Setting Index #93: This policy setting allows you to turn off the ActiveX opt-in prompt. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only allow approved domains to use ActiveX controls without prompt" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Only allow approved domains to use ActiveX controls without prompt (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\120b Setting Index #16: This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on Web sites other than the Web site that installed the ActiveX control. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Encryption Support" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Turn off Encryption Support (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols Setting Index #95: This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, Secure Sockets Layer (SSL) 2.0 or SSL 3.0 in the browser. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Intranet Sites: Include all network paths (UNCs)" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Sites: Include all network paths (UNCs) (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet CCE-876 Setting Index #50: This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow drag and drop or copy and paste files" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow drag and drop or copy and paste files (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1802 CCE-41 Setting Index #57: This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Software channel permissions" machine setting should be configured correctly for the Restricted Sites Zone. Low safety/Medium safety/High safety (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Software channel permissions (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1E05 CCE-520 Setting Index #78: This policy setting allows you to manage software channel permissions. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components signed with Authenticode" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run .NET Framework-reliant components signed with Authenticode (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2001 CCE-563 Setting Index #74: This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow status bar updates via script" machine setting should be configured correctly for the Internet Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow status bar updates via script (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103 CCE-914 Setting Index #37: This policy setting allows you to manage whether script is allowed to update the status bar within the zone. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off "Delete Browsing History" functionality" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Turn off "Delete Browsing History" functionality (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\DisableDeleteBrowsingHistory CCE-1010 Setting Index #81: This policy setting prevents users from performing the "Delete Browsing History" action in Internet Explorer. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow installation of desktop items" machine setting should be configured correctly for the Internet Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow installation of desktop items (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1800 CCE-355 Setting Index #35: This policy setting allows you to manage whether users can install Active Desktop items from this zone. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run ActiveX controls and plugins" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run ActiveX controls and plugins (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1200 CCE-841 Setting Index #75: This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only allow approved domains to use ActiveX controls without prompt" machine setting should be configured correctly for the Internet Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Only allow approved domains to use ActiveX controls without prompt (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\120b Setting Index #14: This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on Web sites other than the Web site that installed the ActiveX control. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Rule 'OnlyAllowApprovedDomainsToUseActiveXControlsWithoutPrompt_InternetZone_LocalComputer' Definition 'oval:gov.nist.USGCB.ie8:def:31101' The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow script-initiated windows without size or position constraints (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2102 CCE-208 Setting Index #62: This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching applications and files in an IFRAME" machine setting should be configured correctly for the Internet Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Launching applications and files in an IFRAME (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1804 CCE-689 Setting Index #43: This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only allow approved domains to use ActiveX controls without prompt" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Only allow approved domains to use ActiveX controls without prompt (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\120b Setting Index #89: This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on Web sites other than the Web site that installed the ActiveX control. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Rule 'OnlyAllowApprovedDomainsToUseActiveXControlsWithoutPrompt_RestrictedSitesZone_LocalComputer' Definition 'oval:gov.nist.USGCB.ie8:def:31106' The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Internet Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Navigate windows and frames across different domains (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1607 CCE-245 Setting Index #45: This policy setting allows you to manage the opening of sub-frames and access of applications across different domains. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use SmartScreen Filter" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Use SmartScreen Filter (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\2301 Setting Index #19: This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The 'Software channel permissions' setting should be configured correctly for the Internet Zone. Low safety/Medium safety/High safety (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Software channel permissions (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1E05 CCE-359 Setting Index #47: This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the following options from the drop-down box: The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Internet Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow script-initiated windows without size or position constraints (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2102 CCE-280 Setting Index #36: This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Deleting Temporary Internet Files" machine setting should be configured correctly. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Temporary Internet Files (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Privacy\CleanTIF Setting Index #88: This policy setting is used to prevent users from deleting temporary Internet files. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components not signed with Authenticode" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run .NET Framework-reliant components not signed with Authenticode (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2004 CCE-678 Setting Index #73: Restricted Sites Zone: Run .NET Framework-reliant components not signed with Authenticode Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download signed ActiveX controls" machine setting should be configured correctly for the Internet Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Download signed ActiveX controls (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1001 CCE-1013 Setting Index #39: This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for file downloads" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Automatic prompting for file downloads (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2200 CCE-175 Setting Index #64: This policy setting determines whether users will be prompted for non user-initiated file downloads. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow font downloads" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow font downloads (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1604 CCE-882 Setting Index #59: This policy setting allows you to manage whether pages of the zone may download HTML fonts. Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active content from CDs to run on user machines" machine setting should be configured correctly. enabled/disabled (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Allow active content from CDs to run on user machines (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings\LOCALMACHINE_CD_UNLOCK Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow scripting of Internet Explorer web browser control" current user setting should be configured correctly for the Internet Zone. enabled/disabled GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow scripting of Internet Explorer web browser control Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1206 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Rule 'AllowScriptingOfInternetExplorerWebBrowserControl_InternetZone_LocalComputer' Definition 'oval:gov.nist.USGCB.ie8:def:31098' The "Allow scripting of Internet Explorer web browser control" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow scripting of Internet Explorer web browser control Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1206 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Rule 'AllowScriptingOfInternetExplorerWebBrowserControl_RestrictedSitesZone_LocalComputer' Definition 'oval:gov.nist.USGCB.ie8:def:31103' The "Allow Scriptlets" machine setting should be configured correctly for the Internet Zone. enabled/disabled/prompt (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow Scriptlets (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Scriptlets" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow Scriptlets Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1209 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Rule 'AllowScriptlets_RestrictedSitesZone_LocalComputer' Definition 'oval:gov.nist.USGCB.ie8:def:31061' The "Check for signatures on downloaded programs" machine setting should be configured correctly. enabled/disabled (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Check for signatures on downloaded programs (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Download]CheckExeSignatures Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure Delete Browsing History on exit" current user setting should be configured correctly. enabled/disabled (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Configure Delete Browsing History on exit (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy\ClearBrowsingHistoryOnExit Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Rule 'ConfigureDeleteBrowsingHistoryonexit_LocalComputer' Definition 'oval:gov.nist.USGCB.ie8:def:31095' The "Disable Automatic Install of Internet Explorer components" setting should be configured correctly. enabled/disabled GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable Automatic Install of Internet Explorer components Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoJITSetup The "Disable Periodic Check For Internet Explorer Software Updates" setting should be configured correctly. enabled/disabled GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable Periodic Check for Internet Explorer software updates Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoUpdateCheck The "Disable showing the splash screen" setting should be configured correctly. enabled/disabled (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable showing the splash screen (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoSplash The "Download signed ActiveX controls" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled/prompt (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Download signed ActiveX controls (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\1001 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow third-party browser extensions" machine setting should be configured correctly. enabled/disabled (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Allow third-party browser extensions (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Main\Enable Browser Extensions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include local directory path when uploading files to a server" machine setting should be configured correctly for the Internet Zone. enabled/disabled GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Include local directory path when uploading files to a server Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\160A Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Rule 'IncludeLocalDirectoryPathWhenUploadingFilesToAServer_InternetZone_LocalComputer' Definition 'oval:gov.nist.USGCB.ie8:def:31099' The "Include local directory path when uploading files to a server" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Include local directory path when uploading files to a server Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\160A Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Rule 'IncludeLocalDirectoryPathWhenUploadingFilesToAServer_RestrictedSitesZone_LocalComputer' Definition 'oval:gov.nist.USGCB.ie8:def:31104' The "Include updated Web site lists from Microsoft" machine setting should be configured correctly. enabled/disabled (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Include updated Web site lists from Microsoft (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\MSCompatibilityMode Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Rule 'IncludeUpdatedWebsiteListsFromMicrosoft_LocalComputer' Definition 'oval:gov.nist.USGCB.ie8:def:31094' The "Java permissions" machine setting should be configured correctly for the Intranet Zone. Custom/Disable Java/High safety/Low safety/Medium safety (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Java permissions (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1C00 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Java permissions" machine setting should be configured correctly for the Local Machine Zone. Custom/Disable Java/High safety/Low safety/Medium safety (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Java permissions (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1C00 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Java permissions" machine setting should be configured correctly for the Locked-Down Internet Zone. Custom/Disable Java/High safety/Low safety/Medium safety (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Java permissions (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\1C00 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Java permissions" machine setting should be configured correctly for the Locked-Down Intranet Zone. Custom/Disable Java/High safety/Low safety/Medium safety (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Java permissions (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1\1C00 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Java permissions" machine setting should be configured correctly for the Locked-Down Local Machine Zone. Custom/Disable Java/High safety/Low safety/Medium safety (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Java permissions (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1C00 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Java permissions" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. Custom/Disable Java/High safety/Low safety/Medium safety (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Java permissions (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\1C00 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Java permissions" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. Custom/Disable Java/High safety/Low safety/Medium safety (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Java permissions (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\1C00 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Java permissions" machine setting should be configured correctly for the Trusted Sites Zone. Custom/Disable Java/High safety/Low safety/Medium safety (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Java permissions (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1C00 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching programs and unsafe files" machine setting should be configured correctly for the Internet Zone. enabled/disabled GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Launching programs and unsafe files Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1806 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Rule 'LaunchingProgramsAndUnsafeFiles_InternetZone_LocalComputer' Definition 'oval:gov.nist.USGCB.ie8:def:31100' The "Launching programs and unsafe files" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Launching programs and unsafe files Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1806 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Rule 'LaunchingProgramsAndUnsafeFiles_RestrictedSitesZone_LocalComputer' Definition 'oval:gov.nist.USGCB.ie8:def:31105' The "Loose XAML files" machine setting should be configured correctly for the Internet Zone. enabled/disabled/prompt (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Loose XAML files (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2402 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Loose XAML files" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled/prompt (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Loose XAML files (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2402 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Make proxy settings per-machine (rather than per-user)" machine setting should be configured correctly. enabled/disabled (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Make proxy settings per-machine (rather than per-user) (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Deleting Web sites that the User has Visited" machine setting should be configured correctly. enabled/disabled (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Web sites that the User has Visited (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy\CleanHistory Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Rule 'PreventDeletingWebsitesthattheUserhasVisited_LocalComputer' Definition 'oval:gov.nist.USGCB.ie8:def:31096' The "Prevent participation in the Customer Experience Improvement Program" machine setting should be configured correctly. enabled/disabled (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent participation in the Customer Experience Improvement Program (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\SQM\DisableCustomerImprovementProgram Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent performance of First Run Customize settings" machine setting should be configured correctly. enabled/disabled (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent performance of First Run Customize settings (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components signed with Authenticode" machine setting should be configured correctly for the Internet Zone. enabled/disabled GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Run .NET Framework-reliant components not signed with Authenticode Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2004 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Rule 'RunNETFrameworkReliantComponentsNotSignedWithAuthenticode_InternetZone_LocalComputer' Definition 'oval:gov.nist.USGCB.ie8:def:31035' The "Run .NET Framework-reliant components not signed with Authenticode" machine setting should be configured correctly for the Internet Zone. enabled/disabled GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Run .NET Framework-reliant components signed with Authenticode Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2001 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Rule 'RunNETFrameworkReliantComponentsSignedWithAuthenticode_InternetZone_LocalComputer' Definition 'oval:gov.nist.USGCB.ie8:def:31036' The "Software channel permissions" machine setting should be configured correctly for the Internet Zone. High safety/low safety/medium safety (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Software channel permissions (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1E05 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off changing the URL to be displayed for checking updates to Internet Explorer and Internet Tools" machine setting should be configured correctly. enabled/disabled (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Component Updates\Periodic check for updates to Internet Explorer and Internet Tools\Turn off changing the URL to be displayed for checking updates to Internet Explorer and Internet Tools (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Main\Update_Check_Page Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off configuring the update check interval (in days)" machine setting should be configured correctly. enabled/disabled (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Component Updates\Periodic check for updates to Internet Explorer and Internet Tools\Turn off configuring the update check interval (in days) (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Main\Update_Check_Interval Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Update Check Interval" should be set to the appropriate number of days. number of days (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Component Updates\Periodic check for updates to Internet Explorer and Internet Tools\Turn off configuring the update check interval (in days) - Update check interval (in days) (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Main\Update_Check_Interval The "Turn Off First-Run Opt-In" machine setting should be configured correctly for the Internet Zone. enabled/disabled (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn Off First-Run Opt-In (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn Off First-Run Opt-In" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Turn Off First-Run Opt-In (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1208 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off InPrivate Browsing" machine setting should be configured correctly. enabled/disabled GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\InPrivate\Turn off InPrivate Browsing Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy\EnableInPrivateBrowsing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Rule 'TurnOffInPrivateBrowsing_LocalComputer' Definition 'oval:gov.nist.USGCB.ie8:def:31097' The "Turn off Managing Phishing Filter" setting should be configured correctly. enabled/disabled (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Managing Phishing filter (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\Enabled The "Turn off Managing SmartScreen Filter" machine setting should be configured correctly. (1) enabled/disabled (2) on/off (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Managing SmartScreen Filter (2) Registry Key: HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\EnabledV8 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Rule 'TurnoffManagingSmartScreenFilter_LocalComputer' Definition 'oval:gov.nist.USGCB.ie8:def:31093' The "Turn on Cross-Site Scripting (XSS) Filter" machine setting should be configured correctly for the Internet Zone. enabled/disabled GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn on Cross-Site Scripting (XSS) Filter Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1409 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Rule 'TurnonCrossSiteScriptingFilter_InternetZone_LocalComputer' Definition 'oval:gov.nist.USGCB.ie8:def:31102' The "Turn on Cross-Site Scripting (XSS) Filter" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Turn on Cross-Site Scripting (XSS) Filter Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1409 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Rule 'TurnonCrossSiteScriptingFilter_RestrictedSitesZone_LocalComputer' Definition 'oval:gov.nist.USGCB.ie8:def:31107' The "Turn on Protected Mode" machine setting should be configured correctly for the Internet Zone. enabled/disabled (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn on Protected Mode (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Protected Mode" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Turn on Protected Mode (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Userdata persistence" machine setting should be configured correctly for the Internet Zone. enabled/disabled (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Userdata persistence (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1606 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Userdata persistence" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Userdata persistence (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1606 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable external branding of Internet Explorer" current user setting should be configured correctly. User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable external branding of Internet Explorer Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off page transitions" current user setting should be configured correctly. User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced settings\Browsing\Turn off page transitions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 DEPRECATED. Previously: The "Turn on the Internet Connection Wizard Auto Detect" setting should be configured correctly. Note: According to Microsoft, does not apply to IE 8. User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced settings\Internet Connection Wizard Settings\Turn on the Internet Connection Wizard Auto Detect The "Download signed ActiveX controls" machine setting should be configured correctly for the Intranet Zone. enabled/disabled/prompt (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Download signed ActiveX controls (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1001 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Customize User Agent String" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Customize User Agent String HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not allow users to enable or disable add-ons" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Do not allow users to enable or disable add-ons HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enforce Full Screen Mode" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Enforce Full Screen Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable changing ratings settings" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing ratings settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Crash Detection" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Crash Detection HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Internet Explorer Search box from displaying" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent Internet Explorer Search box from displaying HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable changing Temporary Internet files settings" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing Temporary Internet files settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off configuration of default behavior of new tab creation" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off configuration of default behavior of new tab creation HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Per-User Installation of ActiveX Controls" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable Per-User Installation of ActiveX Controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off tabbed browsing" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off tabbed browsing HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict changing the default search provider" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Restrict changing the default search provider HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable changing color settings" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing color settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable changing language settings" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing language settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent participation in the Customer Experience Improvement Program" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent participation in the Customer Experience Improvement Program HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\SQM Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only use the ActiveX Installer Service for installation of ActiveX Controls" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Only use the ActiveX Installer Service for installation of ActiveX Controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AxInstaller Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off page zooming functionality" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off page zooming functionality HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ZOOM Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable changing default browser check" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing default browser check HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable changing Messaging settings" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing Messaging settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable changing Advanced page settings" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing Advanced page settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off the activation of the quick pick menu" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off the activation of the quick pick menu HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\SearchScopes Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Automatic Crash Recovery Prompt" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Automatic Crash Recovery Prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Recovery Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable changing Calendar and Contact settings" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing Calendar and Contact settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off displaying the Internet Explorer Help Menu" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off displaying the Internet Explorer Help Menu HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable changing proxy settings" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing proxy settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Quick Tabs functionality" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Quick Tabs functionality HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable caching of Auto-Proxy scripts" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable caching of Auto-Proxy scripts HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off ActiveX opt-in prompt" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off ActiveX opt-in prompt HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Ext Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off the auto-complete feature for web addresses" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off the auto-complete feature for web addresses HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Reopen Last Browsing Session" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Reopen Last Browsing Session HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Recovery Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off managing Pop-up filter level" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off managing Pop-up filter level HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable changing home page settings" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing home page settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on menu bar by default" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn on menu bar by default HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable changing link color settings" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing link color settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off configuration of window reuse" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off configuration of window reuse HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Tab Grouping" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Tab Grouping HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set tab process growth" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Set tab process growth HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Internet Connection wizard" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable Internet Connection wizard HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent performance of First Run Customize settings" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent performance of First Run Customize settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Managing Pop-up Allow list" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Managing Pop-up Allow list HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure new tab page default behavior" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Configure new tab page default behavior HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off pop-up management" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off pop-up management HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable changing secondary home page settings" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing secondary home page settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\SecondaryStartPages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Bypassing SmartScreen Filter Warnings" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent Bypassing SmartScreen Filter Warnings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\PhishingFilter Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent "Fix settings" functionality" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent "Fix settings" functionality HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict search providers to a specific list of providers" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Restrict search providers to a specific list of providers HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable changing Automatic Configuration settings" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing Automatic Configuration settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable changing accessibility settings" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing accessibility settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Pop-up allow list" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Pop-up allow list HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\New Windows Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off configuration of tabbed browsing pop-up behavior" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off configuration of tabbed browsing pop-up behavior HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display error message on proxy script download failure" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Display error message on proxy script download failure HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Managing SmartScreen Filter" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Managing SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\PhishingFilter Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Suggested Sites" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn on Suggested Sites HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Suggested Sites Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable changing font settings" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing font settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Favorites bar" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Favorites bar HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\LinksBar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off suggestions for all user-installed providers" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off suggestions for all user-installed providers HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\SearchScopes Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off the Security Settings Check feature" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off the Security Settings Check feature HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Automatic Detection for dial-up connections" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Use Automatic Detection for dial-up connections HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable changing connection settings" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing connection settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Compatibility Logging" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn on Compatibility Logging HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Compat_logging Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Moving the menu bar above the navigation bar" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Moving the menu bar above the navigation bar HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbar\WebBrowser Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Add a specific list of search providers to the user's search provider list" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Add a specific list of search providers to the user's search provider list HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Import/Export Settings wizard" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable Import/Export Settings wizard HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Accelerators" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Accelerators\Turn off Accelerators HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Activities Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Deploy default Accelerators" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Accelerators\Deploy default Accelerators HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesDefaultInstall Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Deploy non-default Accelerators" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Accelerators\Deploy non-default Accelerators HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesInstall Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Policy Accelerators" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Accelerators\Use Policy Accelerators HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Activities\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Deploy non-default Accelerators" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Accelerators\Deploy non-default Accelerators HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesInstall Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Deploy default Accelerators" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Accelerators\Deploy default Accelerators HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesDefaultInstall Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Policy Accelerators" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Accelerators\Use Policy Accelerators HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Activities\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Accelerators" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Accelerators\Turn off Accelerators HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Activities Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow scripting of Internet Explorer web browser control" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow scripting of Internet Explorer web browser control HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for ActiveX controls" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Automatic prompting for ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active content over restricted protocols to access my computer" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow active content over restricted protocols to access my computer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to open windows without address or status bars" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow websites to open windows without address or status bars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to prompt for information using scripted windows" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow websites to prompt for information using scripted windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable .NET Framework Setup" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Disable .NET Framework Setup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt for client certificate selection when no certificates or only one certificate exists." machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XAML browser applications" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\XAML browser applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XPS documents" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\XPS documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display mixed content" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Display mixed content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Submit non-encrypted form data" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Submit non-encrypted form data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow video and animation on a Web page that uses a legacy media player" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use SmartScreen Filter" machine setting should be configured correctly for the Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Use SmartScreen Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow the printing of background colors and images" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Printing\Allow the printing of background colors and images HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict ActiveX Install: Process List" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict ActiveX Install: All Processes" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Deleting Favorites Site Data" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Favorites Site Data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Privacy Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Deleting Passwords" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Passwords HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Deleting InPrivate Filtering data" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting InPrivate Filtering data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Privacy Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure Delete Browsing History on exit" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Configure Delete Browsing History on exit HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Privacy Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Deleting Form Data" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Form Data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download unsigned ActiveX controls" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Download unsigned ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow binary and script behaviors" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow binary and script behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Submit non-encrypted form data" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Submit non-encrypted form data HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download signed ActiveX controls" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Download signed ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow video and animation on a Web page that uses a legacy media player" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Pop-up Blocker" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Use Pop-up Blocker HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open files based on content, not file extension" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Open files based on content, not file extension HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run ActiveX controls and plugins" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Run ActiveX controls and plugins HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching applications and files in an IFRAME" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Launching applications and files in an IFRAME HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display mixed content" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Display mixed content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripting of Java applets" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Scripting of Java applets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Access data sources across domains" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Access data sources across domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Initialize and script ActiveX controls not marked as safe HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn Off First-Run Opt-In" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn Off First-Run Opt-In HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active content over restricted protocols to access my computer" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow active content over restricted protocols to access my computer HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use SmartScreen Filter" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Use SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable .NET Framework Setup" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Disable .NET Framework Setup HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include local directory path when uploading files to a server" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Include local directory path when uploading files to a server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XPS documents" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\XPS documents HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Userdata persistence" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Userdata persistence HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow META REFRESH" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow META REFRESH HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Scriptlets" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components signed with Authenticode" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Logon options" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Logon options HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only allow approved domains to use ActiveX controls without prompt" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Navigate windows and frames across different domains" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Navigate windows and frames across different domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web sites in less privileged Web content zones can navigate into this zone" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt for client certificate selection when no certificates or only one certificate exists." current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow script-initiated windows without size or position constraints HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow cut, copy or paste operations from the clipboard via script" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching programs and unsafe files" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Launching programs and unsafe files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XAML browser applications" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\XAML browser applications HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Cross-Site Scripting (XSS) Filter" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Loose XAML files" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Loose XAML files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for file downloads" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Automatic prompting for file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow installation of desktop items" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow installation of desktop items HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow font downloads" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow font downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file downloads" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Java permissions" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Java permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for ActiveX controls" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Automatic prompting for ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Software channel permissions" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Software channel permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to prompt for information using scripted windows" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow websites to prompt for information using scripted windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active scripting" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow active scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Protected Mode" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn on Protected Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow status bar updates via script" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow status bar updates via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components not signed with Authenticode" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to open windows without address or status bars" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow websites to open windows without address or status bars HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow drag and drop or copy and paste files" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow drag and drop or copy and paste files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Script ActiveX controls marked safe for scripting" current user setting should be configured correctly for the Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Script ActiveX controls marked safe for scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict File Download: All Processes" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict File Download\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict File Download: Process List" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict File Download\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Scriptlets" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow script-initiated windows without size or position constraints HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include local directory path when uploading files to a server" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Include local directory path when uploading files to a server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable .NET Framework Setup" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Disable .NET Framework Setup HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Software channel permissions" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Software channel permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow installation of desktop items" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow installation of desktop items HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripting of Java applets" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Scripting of Java applets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Java permissions" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Java permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow binary and script behaviors" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow binary and script behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt for client certificate selection when no certificates or only one certificate exists." current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display mixed content" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Display mixed content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Userdata persistence" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Userdata persistence HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include local directory path when uploading files to a server" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Include local directory path when uploading files to a server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow font downloads" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow font downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components not signed with Authenticode" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow font downloads" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow font downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow video and animation on a Web page that uses a legacy media player" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download unsigned ActiveX controls" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Download unsigned ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Protected Mode" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Turn on Protected Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt for client certificate selection when no certificates or only one certificate exists." current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching programs and unsafe files" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Launching programs and unsafe files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Loose XAML files" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Loose XAML files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow installation of desktop items" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow installation of desktop items HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web sites in less privileged Web content zones can navigate into this zone" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Initialize and script ActiveX controls not marked as safe HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Scriptlets" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Pop-up Blocker" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Use Pop-up Blocker HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Navigate windows and frames across different domains" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Navigate windows and frames across different domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only allow approved domains to use ActiveX controls without prompt" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Initialize and script ActiveX controls not marked as safe HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use SmartScreen Filter" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Use SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display mixed content" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Display mixed content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for file downloads" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Automatic prompting for file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Submit non-encrypted form data" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Submit non-encrypted form data HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Logon options" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Logon options HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripting of Java applets" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Scripting of Java applets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active scripting" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow active scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow binary and script behaviors" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow binary and script behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow drag and drop or copy and paste files" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow drag and drop or copy and paste files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Initialize and script ActiveX controls not marked as safe HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Logon options" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Logon options HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to open windows without address or status bars" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow websites to open windows without address or status bars HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open files based on content, not file extension" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Open files based on content, not file extension HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Cross-Site Scripting (XSS) Filter" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only allow approved domains to use ActiveX controls without prompt" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow video and animation on a Web page that uses a legacy media player" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web sites in less privileged Web content zones can navigate into this zone" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable .NET Framework Setup" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Disable .NET Framework Setup HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download unsigned ActiveX controls" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Download unsigned ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components not signed with Authenticode" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching programs and unsafe files" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Launching programs and unsafe files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Scriptlets" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow cut, copy or paste operations from the clipboard via script" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow scripting of Internet Explorer web browser control" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow scripting of Internet Explorer web browser control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn Off First-Run Opt-In" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Turn Off First-Run Opt-In HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable .NET Framework Setup" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Disable .NET Framework Setup HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download signed ActiveX controls" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Download signed ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt for client certificate selection when no certificates or only one certificate exists." current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open files based on content, not file extension" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Open files based on content, not file extension HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Java permissions" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Java permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Access data sources across domains" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Access data sources across domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow binary and script behaviors" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow binary and script behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Protected Mode" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Turn on Protected Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Submit non-encrypted form data" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Submit non-encrypted form data HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Java permissions" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Java permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Loose XAML files" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Loose XAML files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only allow approved domains to use ActiveX controls without prompt" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active scripting" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow active scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for file downloads" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Automatic prompting for file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download signed ActiveX controls" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Download signed ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Submit non-encrypted form data" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Submit non-encrypted form data HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching applications and files in an IFRAME" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Launching applications and files in an IFRAME HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XAML browser applications" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\XAML browser applications HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow script-initiated windows without size or position constraints HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Cross-Site Scripting (XSS) Filter" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to open windows without address or status bars" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow websites to open windows without address or status bars HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Logon options" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Logon options HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching programs and unsafe files" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Launching programs and unsafe files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow script-initiated windows without size or position constraints HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow status bar updates via script" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow status bar updates via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run ActiveX controls and plugins" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Run ActiveX controls and plugins HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripting of Java applets" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Scripting of Java applets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download unsigned ActiveX controls" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Download unsigned ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Cross-Site Scripting (XSS) Filter" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow script-initiated windows without size or position constraints HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Scriptlets" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XPS documents" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\XPS documents HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow font downloads" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow font downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web sites in less privileged Web content zones can navigate into this zone" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open files based on content, not file extension" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Open files based on content, not file extension HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable .NET Framework Setup" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Disable .NET Framework Setup HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow META REFRESH" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow META REFRESH HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components signed with Authenticode" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Software channel permissions" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Software channel permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Script ActiveX controls marked safe for scripting" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Script ActiveX controls marked safe for scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to open windows without address or status bars" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow websites to open windows without address or status bars HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to prompt for information using scripted windows" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow websites to prompt for information using scripted windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file downloads" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn Off First-Run Opt-In" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Turn Off First-Run Opt-In HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display mixed content" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Display mixed content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components not signed with Authenticode" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow status bar updates via script" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow status bar updates via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XAML browser applications" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\XAML browser applications HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Script ActiveX controls marked safe for scripting" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Script ActiveX controls marked safe for scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for file downloads" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Automatic prompting for file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Software channel permissions" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Software channel permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to prompt for information using scripted windows" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow websites to prompt for information using scripted windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow META REFRESH" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow META REFRESH HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to open windows without address or status bars" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow websites to open windows without address or status bars HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Initialize and script ActiveX controls not marked as safe HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow binary and script behaviors" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow binary and script behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching programs and unsafe files" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Launching programs and unsafe files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt for client certificate selection when no certificates or only one certificate exists." current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components signed with Authenticode" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Script ActiveX controls marked safe for scripting" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Script ActiveX controls marked safe for scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow status bar updates via script" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow status bar updates via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Userdata persistence" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Userdata persistence HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Software channel permissions" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Software channel permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Java permissions" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Java permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to open windows without address or status bars" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow websites to open windows without address or status bars HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching applications and files in an IFRAME" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Launching applications and files in an IFRAME HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow installation of desktop items" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow installation of desktop items HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Access data sources across domains" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Access data sources across domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Initialize and script ActiveX controls not marked as safe HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Pop-up Blocker" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Use Pop-up Blocker HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Userdata persistence" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Userdata persistence HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Java permissions" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Java permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file downloads" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Loose XAML files" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Loose XAML files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components signed with Authenticode" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run ActiveX controls and plugins" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Run ActiveX controls and plugins HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to prompt for information using scripted windows" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow websites to prompt for information using scripted windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Scriptlets" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download unsigned ActiveX controls" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Download unsigned ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include local directory path when uploading files to a server" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Include local directory path when uploading files to a server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components signed with Authenticode" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XPS documents" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\XPS documents HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow status bar updates via script" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow status bar updates via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Userdata persistence" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Userdata persistence HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow cut, copy or paste operations from the clipboard via script" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow binary and script behaviors" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow binary and script behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include local directory path when uploading files to a server" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Include local directory path when uploading files to a server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active scripting" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow active scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn Off First-Run Opt-In" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Turn Off First-Run Opt-In HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow drag and drop or copy and paste files" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow drag and drop or copy and paste files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XAML browser applications" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\XAML browser applications HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Script ActiveX controls marked safe for scripting" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Script ActiveX controls marked safe for scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching programs and unsafe files" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Launching programs and unsafe files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Navigate windows and frames across different domains" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Navigate windows and frames across different domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for ActiveX controls" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Automatic prompting for ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only allow approved domains to use ActiveX controls without prompt" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active scripting" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow active scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Submit non-encrypted form data" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Submit non-encrypted form data HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow META REFRESH" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow META REFRESH HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow installation of desktop items" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow installation of desktop items HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow drag and drop or copy and paste files" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow drag and drop or copy and paste files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Cross-Site Scripting (XSS) Filter" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Logon options" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Logon options HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active scripting" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow active scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Cross-Site Scripting (XSS) Filter" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow drag and drop or copy and paste files" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow drag and drop or copy and paste files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Loose XAML files" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Loose XAML files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use SmartScreen Filter" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Use SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run ActiveX controls and plugins" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Run ActiveX controls and plugins HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Pop-up Blocker" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Use Pop-up Blocker HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn Off First-Run Opt-In" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Turn Off First-Run Opt-In HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download signed ActiveX controls" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Download signed ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow cut, copy or paste operations from the clipboard via script" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow installation of desktop items" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow installation of desktop items HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XAML browser applications" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\XAML browser applications HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow drag and drop or copy and paste files" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow drag and drop or copy and paste files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components signed with Authenticode" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripting of Java applets" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Scripting of Java applets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include local directory path when uploading files to a server" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Include local directory path when uploading files to a server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to prompt for information using scripted windows" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow websites to prompt for information using scripted windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only allow approved domains to use ActiveX controls without prompt" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripting of Java applets" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Scripting of Java applets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web sites in less privileged Web content zones can navigate into this zone" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow scripting of Internet Explorer web browser control" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow scripting of Internet Explorer web browser control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow font downloads" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow font downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XAML browser applications" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\XAML browser applications HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Submit non-encrypted form data" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Submit non-encrypted form data HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to prompt for information using scripted windows" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow websites to prompt for information using scripted windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable .NET Framework Setup" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Disable .NET Framework Setup HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XPS documents" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\XPS documents HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Pop-up Blocker" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Use Pop-up Blocker HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run ActiveX controls and plugins" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Run ActiveX controls and plugins HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download signed ActiveX controls" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Download signed ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open files based on content, not file extension" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Open files based on content, not file extension HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching applications and files in an IFRAME" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Launching applications and files in an IFRAME HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for ActiveX controls" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Automatic prompting for ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow video and animation on a Web page that uses a legacy media player" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for file downloads" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Automatic prompting for file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Access data sources across domains" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Access data sources across domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file downloads" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Loose XAML files" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Loose XAML files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file downloads" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow video and animation on a Web page that uses a legacy media player" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Navigate windows and frames across different domains" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Navigate windows and frames across different domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for ActiveX controls" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Automatic prompting for ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Navigate windows and frames across different domains" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Navigate windows and frames across different domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XPS documents" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\XPS documents HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file downloads" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching applications and files in an IFRAME" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Launching applications and files in an IFRAME HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Navigate windows and frames across different domains" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Navigate windows and frames across different domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow video and animation on a Web page that uses a legacy media player" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download signed ActiveX controls" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Download signed ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Userdata persistence" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Userdata persistence HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run ActiveX controls and plugins" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Run ActiveX controls and plugins HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow status bar updates via script" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow status bar updates via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use SmartScreen Filter" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Use SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Protected Mode" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Turn on Protected Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow script-initiated windows without size or position constraints HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for ActiveX controls" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Automatic prompting for ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XPS documents" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\XPS documents HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt for client certificate selection when no certificates or only one certificate exists." current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for ActiveX controls" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Automatic prompting for ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn Off First-Run Opt-In" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Turn Off First-Run Opt-In HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download unsigned ActiveX controls" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Download unsigned ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Access data sources across domains" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Access data sources across domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open files based on content, not file extension" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Open files based on content, not file extension HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow META REFRESH" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow META REFRESH HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components not signed with Authenticode" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display mixed content" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Display mixed content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow scripting of Internet Explorer web browser control" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow scripting of Internet Explorer web browser control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow cut, copy or paste operations from the clipboard via script" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Protected Mode" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Turn on Protected Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow META REFRESH" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow META REFRESH HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow cut, copy or paste operations from the clipboard via script" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Software channel permissions" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Software channel permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web sites in less privileged Web content zones can navigate into this zone" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use SmartScreen Filter" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Use SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components not signed with Authenticode" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Protected Mode" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Turn on Protected Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use SmartScreen Filter" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Use SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display mixed content" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Display mixed content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching applications and files in an IFRAME" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Launching applications and files in an IFRAME HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow scripting of Internet Explorer web browser control" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow scripting of Internet Explorer web browser control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for file downloads" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Automatic prompting for file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Access data sources across domains" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Access data sources across domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Logon options" current user setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Logon options HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Script ActiveX controls marked safe for scripting" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Script ActiveX controls marked safe for scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Pop-up Blocker" current user setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Use Pop-up Blocker HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow font downloads" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow font downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow scripting of Internet Explorer web browser control" current user setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow scripting of Internet Explorer web browser control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict ActiveX Install: Internet Explorer Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict ActiveX Install: All Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict ActiveX Install: Process List" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt: Internet Explorer Processes" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Application Compatibility\Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt\Internet Explorer Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt: All Processes" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Application Compatibility\Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt: Process List" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Application Compatibility\Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Object Caching Protection: Process List" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Object Caching Protection\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Object Caching Protection: Internet Explorer Processes" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Object Caching Protection\Internet Explorer Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Object Caching Protection: All Processes" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Object Caching Protection\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent setting of the code download path for each machine" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Corporate Settings\Code Download\Prevent setting of the code download path for each machine HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Navigate windows and frames across different domains" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Navigate windows and frames across different domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn Off First-Run Opt-In" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Turn Off First-Run Opt-In HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for ActiveX controls" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Automatic prompting for ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow video and animation on a Web page that uses a legacy media player" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Software channel permissions" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Software channel permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow binary and script behaviors" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow binary and script behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only allow approved domains to use ActiveX controls without prompt" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Scriptlets" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Java permissions" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Java permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download signed ActiveX controls" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Download signed ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow installation of desktop items" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow installation of desktop items HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable .NET Framework Setup" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Disable .NET Framework Setup HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow META REFRESH" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow META REFRESH HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching programs and unsafe files" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Launching programs and unsafe files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow cut, copy or paste operations from the clipboard via script" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Protected Mode" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Turn on Protected Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open files based on content, not file extension" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Open files based on content, not file extension HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Userdata persistence" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Userdata persistence HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file downloads" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run ActiveX controls and plugins" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Run ActiveX controls and plugins HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active content over restricted protocols to access my computer" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow active content over restricted protocols to access my computer HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Script ActiveX controls marked safe for scripting" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Script ActiveX controls marked safe for scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow drag and drop or copy and paste files" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow drag and drop or copy and paste files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow scripting of Internet Explorer web browser control" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow scripting of Internet Explorer web browser control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include local directory path when uploading files to a server" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Include local directory path when uploading files to a server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components signed with Authenticode" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Cross-Site Scripting (XSS) Filter" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow font downloads" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow font downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XPS documents" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\XPS documents HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active scripting" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow active scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt for client certificate selection when no certificates or only one certificate exists." current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to prompt for information using scripted windows" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow websites to prompt for information using scripted windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Access data sources across domains" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Access data sources across domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display mixed content" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Display mixed content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XAML browser applications" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\XAML browser applications HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use SmartScreen Filter" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Use SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow script-initiated windows without size or position constraints HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripting of Java applets" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Scripting of Java applets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Logon options" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Logon options HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow status bar updates via script" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow status bar updates via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components not signed with Authenticode" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Submit non-encrypted form data" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Submit non-encrypted form data HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching applications and files in an IFRAME" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Launching applications and files in an IFRAME HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Loose XAML files" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Loose XAML files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web sites in less privileged Web content zones can navigate into this zone" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download unsigned ActiveX controls" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Download unsigned ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Pop-up Blocker" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Use Pop-up Blocker HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for file downloads" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Automatic prompting for file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Initialize and script ActiveX controls not marked as safe HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to open windows without address or status bars" current user setting should be configured correctly for the Local Machine Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow websites to open windows without address or status bars HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Network Protocol Lockdown: Internet Explorer Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Network Protocol Lockdown: All Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Network Protocol Lockdown: Process List" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Consistent Mime Handling: All Processes" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Consistent Mime Handling: Process List" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for ActiveX controls" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Automatic prompting for ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Submit non-encrypted form data" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Submit non-encrypted form data HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for file downloads" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Automatic prompting for file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to open windows without address or status bars" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow websites to open windows without address or status bars HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display mixed content" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Display mixed content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include local directory path when uploading files to a server" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Include local directory path when uploading files to a server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Pop-up Blocker" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Use Pop-up Blocker HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components signed with Authenticode" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XPS documents" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\XPS documents HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file downloads" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Logon options" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Logon options HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow script-initiated windows without size or position constraints HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to prompt for information using scripted windows" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow websites to prompt for information using scripted windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Java permissions" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Java permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open files based on content, not file extension" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Open files based on content, not file extension HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow binary and script behaviors" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow binary and script behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Userdata persistence" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Userdata persistence HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Access data sources across domains" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Access data sources across domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow video and animation on a Web page that uses a legacy media player" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use SmartScreen Filter" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Use SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow drag and drop or copy and paste files" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow drag and drop or copy and paste files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active scripting" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow active scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Cross-Site Scripting (XSS) Filter" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Navigate windows and frames across different domains" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Navigate windows and frames across different domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow cut, copy or paste operations from the clipboard via script" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download signed ActiveX controls" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Download signed ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components not signed with Authenticode" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt for client certificate selection when no certificates or only one certificate exists." current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Software channel permissions" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Software channel permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active content over restricted protocols to access my computer" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow active content over restricted protocols to access my computer HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable .NET Framework Setup" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Disable .NET Framework Setup HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Loose XAML files" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Loose XAML files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow META REFRESH" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow META REFRESH HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching applications and files in an IFRAME" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Launching applications and files in an IFRAME HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow installation of desktop items" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow installation of desktop items HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Protected Mode" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Turn on Protected Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow status bar updates via script" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow status bar updates via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Initialize and script ActiveX controls not marked as safe HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching programs and unsafe files" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Launching programs and unsafe files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only allow approved domains to use ActiveX controls without prompt" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow font downloads" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow font downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripting of Java applets" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Scripting of Java applets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download unsigned ActiveX controls" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Download unsigned ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run ActiveX controls and plugins" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run ActiveX controls and plugins HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web sites in less privileged Web content zones can navigate into this zone" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XAML browser applications" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\XAML browser applications HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn Off First-Run Opt-In" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Turn Off First-Run Opt-In HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Scriptlets" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Script ActiveX controls marked safe for scripting" current user setting should be configured correctly for the Restricted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Script ActiveX controls marked safe for scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent configuration of search from the Address bar" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Searching\Prevent configuration of search from the Address bar HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on the Internet Connection Wizard Auto Detect" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Internet Connection Wizard Settings\Turn on the Internet Connection Wizard Auto Detect HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Connection Wizard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off sending URLs as UTF-8 (requires restart)" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\URL Encoding\Turn off sending URLs as UTF-8 (requires restart) HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Add-on List" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management\Add-on List HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Ext Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Deny all add-ons unless specifically allowed in the Add-on List" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management\Deny all add-ons unless specifically allowed in the Add-on List HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Ext Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Add-on Management: All Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Add-on Management: Process List" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Mime Sniffing Safety Feature: Process List" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Mime Sniffing Safety Feature: Internet Explorer Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Mime Sniffing Safety Feature: All Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow binary and script behaviors" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow binary and script behaviors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching applications and files in an IFRAME" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Launching applications and files in an IFRAME HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow cut, copy or paste operations from the clipboard via script" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Protected Mode" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Turn on Protected Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web sites in less privileged Web content zones can navigate into this zone" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Userdata persistence" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Userdata persistence HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow font downloads" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow font downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Loose XAML files" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Loose XAML files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file downloads" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download unsigned ActiveX controls" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Download unsigned ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Cross-Site Scripting (XSS) Filter" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Scriptlets" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow Scriptlets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Loose XAML files" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Loose XAML files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Script ActiveX controls marked safe for scripting" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Script ActiveX controls marked safe for scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Navigate windows and frames across different domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Software channel permissions" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Software channel permissions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Cross-Site Scripting (XSS) Filter" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web sites in less privileged Web content zones can navigate into this zone" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Pop-up Blocker" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Use Pop-up Blocker HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow cut, copy or paste operations from the clipboard via script" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow cut, copy or paste operations from the clipboard via script" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow status bar updates via script" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow status bar updates via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow binary and script behaviors" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow binary and script behaviors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Logon options" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Logon options HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Cross-Site Scripting (XSS) Filter" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn Off First-Run Opt-In" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Turn Off First-Run Opt-In HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Logon options" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Logon options HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow binary and script behaviors" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow binary and script behaviors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Script ActiveX controls marked safe for scripting" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Script ActiveX controls marked safe for scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Userdata persistence" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Userdata persistence HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable .NET Framework Setup" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Disable .NET Framework Setup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow scripting of Internet Explorer web browser control" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow scripting of Internet Explorer web browser control HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download signed ActiveX controls" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Download signed ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow installation of desktop items" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow installation of desktop items HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for file downloads" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Automatic prompting for file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to prompt for information using scripted windows" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow websites to prompt for information using scripted windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open files based on content, not file extension" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Open files based on content, not file extension HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download signed ActiveX controls" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Download signed ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Loose XAML files" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Loose XAML files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Software channel permissions" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Software channel permissions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Protected Mode" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Turn on Protected Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Submit non-encrypted form data" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Submit non-encrypted form data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Software channel permissions" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Software channel permissions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XAML browser applications" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\XAML browser applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to prompt for information using scripted windows" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow websites to prompt for information using scripted windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Initialize and script ActiveX controls not marked as safe HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for ActiveX controls" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Automatic prompting for ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display mixed content" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Display mixed content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching applications and files in an IFRAME" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Launching applications and files in an IFRAME HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active scripting" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow active scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow font downloads" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow font downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable .NET Framework Setup" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Disable .NET Framework Setup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Initialize and script ActiveX controls not marked as safe HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active scripting" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow active scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to open windows without address or status bars" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow websites to open windows without address or status bars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow drag and drop or copy and paste files" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow drag and drop or copy and paste files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web sites in less privileged Web content zones can navigate into this zone" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt for client certificate selection when no certificates or only one certificate exists." machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable .NET Framework Setup" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Disable .NET Framework Setup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Logon options" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Logon options HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XPS documents" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\XPS documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching programs and unsafe files" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Launching programs and unsafe files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow binary and script behaviors" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow binary and script behaviors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripting of Java applets" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Scripting of Java applets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow META REFRESH" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow META REFRESH HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only allow approved domains to use ActiveX controls without prompt" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active scripting" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow active scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable .NET Framework Setup" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Disable .NET Framework Setup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download unsigned ActiveX controls" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Download unsigned ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow status bar updates via script" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow status bar updates via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Scriptlets" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow Scriptlets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include local directory path when uploading files to a server" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Include local directory path when uploading files to a server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download unsigned ActiveX controls" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Download unsigned ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for ActiveX controls" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Automatic prompting for ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open files based on content, not file extension" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Open files based on content, not file extension HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Protected Mode" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Turn on Protected Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file downloads" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching applications and files in an IFRAME" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Launching applications and files in an IFRAME HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Submit non-encrypted form data" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Submit non-encrypted form data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn Off First-Run Opt-In" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Turn Off First-Run Opt-In HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Cross-Site Scripting (XSS) Filter" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Script ActiveX controls marked safe for scripting" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Script ActiveX controls marked safe for scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable .NET Framework Setup" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Disable .NET Framework Setup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Userdata persistence" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Userdata persistence HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching programs and unsafe files" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Launching programs and unsafe files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Script ActiveX controls marked safe for scripting" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Script ActiveX controls marked safe for scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Navigate windows and frames across different domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file downloads" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow video and animation on a Web page that uses a legacy media player" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open files based on content, not file extension" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Open files based on content, not file extension HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt for client certificate selection when no certificates or only one certificate exists." machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Initialize and script ActiveX controls not marked as safe HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XAML browser applications" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\XAML browser applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download signed ActiveX controls" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Download signed ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Navigate windows and frames across different domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow cut, copy or paste operations from the clipboard via script" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XPS documents" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\XPS documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to open windows without address or status bars" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow websites to open windows without address or status bars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XAML browser applications" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\XAML browser applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow installation of desktop items" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow installation of desktop items HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow installation of desktop items" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow installation of desktop items HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow video and animation on a Web page that uses a legacy media player" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Access data sources across domains" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Access data sources across domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow video and animation on a Web page that uses a legacy media player" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Loose XAML files" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Loose XAML files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow installation of desktop items" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow installation of desktop items HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Userdata persistence" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Userdata persistence HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Navigate windows and frames across different domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow META REFRESH" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow META REFRESH HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components not signed with Authenticode" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for ActiveX controls" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Automatic prompting for ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display mixed content" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Display mixed content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include local directory path when uploading files to a server" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Include local directory path when uploading files to a server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Scriptlets" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow Scriptlets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Pop-up Blocker" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Use Pop-up Blocker HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow installation of desktop items" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow installation of desktop items HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow scripting of Internet Explorer web browser control" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow scripting of Internet Explorer web browser control HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open files based on content, not file extension" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Open files based on content, not file extension HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow status bar updates via script" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow status bar updates via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching applications and files in an IFRAME" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Launching applications and files in an IFRAME HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download unsigned ActiveX controls" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Download unsigned ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Access data sources across domains" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Access data sources across domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run ActiveX controls and plugins" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Run ActiveX controls and plugins HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Scriptlets" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow Scriptlets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download signed ActiveX controls" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Download signed ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display mixed content" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Display mixed content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow video and animation on a Web page that uses a legacy media player" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Pop-up Blocker" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Use Pop-up Blocker HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Logon options" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Logon options HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Userdata persistence" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Userdata persistence HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for ActiveX controls" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Automatic prompting for ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to open windows without address or status bars" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow websites to open windows without address or status bars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow font downloads" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow font downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XPS documents" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\XPS documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow video and animation on a Web page that uses a legacy media player" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components signed with Authenticode" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn Off First-Run Opt-In" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Turn Off First-Run Opt-In HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripting of Java applets" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Scripting of Java applets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active scripting" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow active scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow status bar updates via script" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow status bar updates via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow status bar updates via script" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow status bar updates via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching programs and unsafe files" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Launching programs and unsafe files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display mixed content" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Display mixed content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to prompt for information using scripted windows" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow websites to prompt for information using scripted windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Script ActiveX controls marked safe for scripting" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Script ActiveX controls marked safe for scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XAML browser applications" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\XAML browser applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file downloads" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active scripting" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow active scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download unsigned ActiveX controls" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Download unsigned ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components not signed with Authenticode" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Cross-Site Scripting (XSS) Filter" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display mixed content" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Display mixed content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Software channel permissions" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Software channel permissions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow binary and script behaviors" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow binary and script behaviors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow META REFRESH" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow META REFRESH HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Initialize and script ActiveX controls not marked as safe HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Pop-up Blocker" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Use Pop-up Blocker HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XPS documents" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\XPS documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow META REFRESH" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow META REFRESH HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripting of Java applets" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Scripting of Java applets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripting of Java applets" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Scripting of Java applets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run ActiveX controls and plugins" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Run ActiveX controls and plugins HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow script-initiated windows without size or position constraints HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt for client certificate selection when no certificates or only one certificate exists." machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include local directory path when uploading files to a server" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Include local directory path when uploading files to a server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Access data sources across domains" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Access data sources across domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow font downloads" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow font downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XAML browser applications" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\XAML browser applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow drag and drop or copy and paste files" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow drag and drop or copy and paste files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching programs and unsafe files" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Launching programs and unsafe files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow drag and drop or copy and paste files" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow drag and drop or copy and paste files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow script-initiated windows without size or position constraints HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for file downloads" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Automatic prompting for file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include local directory path when uploading files to a server" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Include local directory path when uploading files to a server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Initialize and script ActiveX controls not marked as safe HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XPS documents" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\XPS documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Submit non-encrypted form data" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Submit non-encrypted form data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components signed with Authenticode" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web sites in less privileged Web content zones can navigate into this zone" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Pop-up Blocker" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Use Pop-up Blocker HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components signed with Authenticode" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow META REFRESH" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow META REFRESH HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Scriptlets" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow Scriptlets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Protected Mode" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Turn on Protected Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for ActiveX controls" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Automatic prompting for ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt for client certificate selection when no certificates or only one certificate exists." machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to prompt for information using scripted windows" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow websites to prompt for information using scripted windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to open windows without address or status bars" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow websites to open windows without address or status bars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components not signed with Authenticode" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components not signed with Authenticode" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Software channel permissions" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Software channel permissions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to prompt for information using scripted windows" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow websites to prompt for information using scripted windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow script-initiated windows without size or position constraints HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for file downloads" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Automatic prompting for file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow font downloads" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow font downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow scripting of Internet Explorer web browser control" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow scripting of Internet Explorer web browser control HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components signed with Authenticode" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow drag and drop or copy and paste files" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow drag and drop or copy and paste files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to open windows without address or status bars" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow websites to open windows without address or status bars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components not signed with Authenticode" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Protected Mode" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Turn on Protected Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn Off First-Run Opt-In" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Turn Off First-Run Opt-In HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Submit non-encrypted form data" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Submit non-encrypted form data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for file downloads" machine setting should be configured correctly for the Locked-Down Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Automatic prompting for file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include local directory path when uploading files to a server" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Include local directory path when uploading files to a server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow drag and drop or copy and paste files" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow drag and drop or copy and paste files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripting of Java applets" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Scripting of Java applets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Submit non-encrypted form data" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Submit non-encrypted form data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run ActiveX controls and plugins" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Run ActiveX controls and plugins HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching programs and unsafe files" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Launching programs and unsafe files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Access data sources across domains" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Access data sources across domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow cut, copy or paste operations from the clipboard via script" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow scripting of Internet Explorer web browser control" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow scripting of Internet Explorer web browser control HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Navigate windows and frames across different domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Logon options" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Logon options HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only allow approved domains to use ActiveX controls without prompt" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Access data sources across domains" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Access data sources across domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow script-initiated windows without size or position constraints HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open files based on content, not file extension" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Open files based on content, not file extension HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file downloads" machine setting should be configured correctly for the Locked-Down Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only allow approved domains to use ActiveX controls without prompt" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run ActiveX controls and plugins" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Run ActiveX controls and plugins HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components signed with Authenticode" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow script-initiated windows without size or position constraints HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching applications and files in an IFRAME" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Launching applications and files in an IFRAME HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt for client certificate selection when no certificates or only one certificate exists." machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn Off First-Run Opt-In" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Turn Off First-Run Opt-In HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow scripting of Internet Explorer web browser control" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow scripting of Internet Explorer web browser control HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run ActiveX controls and plugins" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Run ActiveX controls and plugins HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for file downloads" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Automatic prompting for file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Loose XAML files" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Loose XAML files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web sites in less privileged Web content zones can navigate into this zone" machine setting should be configured correctly for the Locked-Down Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "File size limits for Local Machine zone" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Persistence Behavior\File size limits for Local Machine zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Persistence\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "File size limits for Intranet zone" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Persistence Behavior\File size limits for Intranet zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Persistence\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "File size limits for Internet zone" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Persistence Behavior\File size limits for Internet zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Persistence\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "File size limits for Restricted Sites zone" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Persistence Behavior\File size limits for Restricted Sites zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Persistence\4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "File size limits for Trusted Sites zone" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Persistence Behavior\File size limits for Trusted Sites zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Persistence\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to prompt for information using scripted windows" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow websites to prompt for information using scripted windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run ActiveX controls and plugins" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Run ActiveX controls and plugins HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XAML browser applications" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\XAML browser applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use SmartScreen Filter" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Use SmartScreen Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow cut, copy or paste operations from the clipboard via script" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active content over restricted protocols to access my computer" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow active content over restricted protocols to access my computer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Cross-Site Scripting (XSS) Filter" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow binary and script behaviors" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow binary and script behaviors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn Off First-Run Opt-In" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Turn Off First-Run Opt-In HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download unsigned ActiveX controls" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Download unsigned ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components signed with Authenticode" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include local directory path when uploading files to a server" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Include local directory path when uploading files to a server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Protected Mode" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Turn on Protected Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow scripting of Internet Explorer web browser control" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow scripting of Internet Explorer web browser control HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripting of Java applets" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Scripting of Java applets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching applications and files in an IFRAME" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Launching applications and files in an IFRAME HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Access data sources across domains" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Access data sources across domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display mixed content" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Display mixed content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active scripting" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow active scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt for client certificate selection when no certificates or only one certificate exists." machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Software channel permissions" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Software channel permissions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow META REFRESH" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow META REFRESH HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Scriptlets" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow Scriptlets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Script ActiveX controls marked safe for scripting" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Script ActiveX controls marked safe for scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow font downloads" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow font downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Submit non-encrypted form data" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Submit non-encrypted form data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web sites in less privileged Web content zones can navigate into this zone" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for file downloads" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Automatic prompting for file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Userdata persistence" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Userdata persistence HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow video and animation on a Web page that uses a legacy media player" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file downloads" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow installation of desktop items" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow installation of desktop items HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow drag and drop or copy and paste files" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow drag and drop or copy and paste files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Loose XAML files" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Loose XAML files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to open windows without address or status bars" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow websites to open windows without address or status bars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components not signed with Authenticode" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only allow approved domains to use ActiveX controls without prompt" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching programs and unsafe files" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Launching programs and unsafe files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Logon options" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Logon options HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Initialize and script ActiveX controls not marked as safe HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Pop-up Blocker" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Use Pop-up Blocker HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open files based on content, not file extension" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Open files based on content, not file extension HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Navigate windows and frames across different domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable .NET Framework Setup" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Disable .NET Framework Setup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow script-initiated windows without size or position constraints HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XPS documents" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\XPS documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow status bar updates via script" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow status bar updates via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for ActiveX controls" machine setting should be configured correctly for the Intranet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Automatic prompting for ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Add-on Management: Process List" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Add-on List" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management\Add-on List HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ext Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Deny all add-ons unless specifically allowed in the Add-on List" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management\Deny all add-ons unless specifically allowed in the Add-on List HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ext Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Add-on Management: All Processes" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripted Window Security Restrictions: Process List" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripted Window Security Restrictions: Internet Explorer Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripted Window Security Restrictions: All Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Policy List of Internet Explorer 7 sites" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Use Policy List of Internet Explorer 7 sites HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\PolicyList Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Compatibility View button" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Turn off Compatibility View button HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\CommandBar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Internet Explorer 7 Standards Mode" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Turn on Internet Explorer 7 Standards Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Internet Explorer Standards Mode for Local Intranet" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Turn on Internet Explorer Standards Mode for Local Intranet HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Compatibility View" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Turn off Compatibility View HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Data Execution Prevention" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Turn off Data Execution Prevention HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Data URI Support" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Turn off Data URI Support HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Windows Search AutoComplete" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\AutoComplete\Turn off Windows Search AutoComplete HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\WindowsSearch Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching programs and unsafe files" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Launching programs and unsafe files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download unsigned ActiveX controls" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Download unsigned ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components signed with Authenticode" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for file downloads" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Automatic prompting for file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow script-initiated windows without size or position constraints HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run ActiveX controls and plugins" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Run ActiveX controls and plugins HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use SmartScreen Filter" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Use SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Software channel permissions" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Software channel permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download signed ActiveX controls" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Download signed ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active content over restricted protocols to access my computer" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow active content over restricted protocols to access my computer HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Loose XAML files" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Loose XAML files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow META REFRESH" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow META REFRESH HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Navigate windows and frames across different domains" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Navigate windows and frames across different domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to open windows without address or status bars" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow websites to open windows without address or status bars HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Java permissions" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Java permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for ActiveX controls" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Automatic prompting for ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Cross-Site Scripting (XSS) Filter" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web sites in less privileged Web content zones can navigate into this zone" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow drag and drop or copy and paste files" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow drag and drop or copy and paste files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Pop-up Blocker" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Use Pop-up Blocker HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display mixed content" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Display mixed content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Scriptlets" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Initialize and script ActiveX controls not marked as safe HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching applications and files in an IFRAME" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Launching applications and files in an IFRAME HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripting of Java applets" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Scripting of Java applets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow status bar updates via script" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow status bar updates via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Protected Mode" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Turn on Protected Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Userdata persistence" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Userdata persistence HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Script ActiveX controls marked safe for scripting" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Script ActiveX controls marked safe for scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include local directory path when uploading files to a server" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Include local directory path when uploading files to a server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow video and animation on a Web page that uses a legacy media player" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components not signed with Authenticode" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open files based on content, not file extension" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Open files based on content, not file extension HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow font downloads" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow font downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file downloads" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Submit non-encrypted form data" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Submit non-encrypted form data HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XPS documents" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\XPS documents HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow binary and script behaviors" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow binary and script behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to prompt for information using scripted windows" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow websites to prompt for information using scripted windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active scripting" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow active scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Access data sources across domains" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Access data sources across domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only allow approved domains to use ActiveX controls without prompt" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XAML browser applications" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\XAML browser applications HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn Off First-Run Opt-In" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Turn Off First-Run Opt-In HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow installation of desktop items" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow installation of desktop items HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt for client certificate selection when no certificates or only one certificate exists." current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Logon options" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Logon options HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow scripting of Internet Explorer web browser control" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow scripting of Internet Explorer web browser control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable .NET Framework Setup" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Disable .NET Framework Setup HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow cut, copy or paste operations from the clipboard via script" current user setting should be configured correctly for the Intranet Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Protection From Zone Elevation: Process List" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Protection From Zone Elevation: All Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Protection From Zone Elevation: Internet Explorer Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent users from configuring background color" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Display settings\General Colors\Prevent users from configuring background color HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent the use of Windows colors" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Display settings\General Colors\Prevent the use of Windows colors HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent users from configuring text color" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Display settings\General Colors\Prevent users from configuring text color HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Local Machine Zone Restricted Protocols" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone\Local Machine Zone Restricted Protocols HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Intranet Zone Restricted Protocols" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone\Intranet Zone Restricted Protocols HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Internet Zone Restricted Protocols" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone\Internet Zone Restricted Protocols HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restricted Sites Zone Restricted Protocols" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone\Restricted Sites Zone Restricted Protocols HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trusted Sites Zone Restricted Protocols" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone\Trusted Sites Zone Restricted Protocols HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Mime Sniffing Safety Feature: Process List" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Mime Sniffing Safety Feature: All Processes" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on script debugging" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing\Turn on script debugging HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off friendly http error messages" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing\Turn off friendly http error messages HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on the display of a notification about every script error" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing\Turn on the display of a notification about every script error HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off configuring underline links" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing\Turn off configuring underline links HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off smooth scrolling" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing\Turn off smooth scrolling HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Information Bar: All Processes" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Information Bar\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Information Bar: Internet Explorer Processes" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Information Bar\Internet Explorer Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Information Bar: Process List" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Information Bar\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active content over restricted protocols to access my computer" machine setting should be configured correctly for the Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow active content over restricted protocols to access my computer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to open windows without address or status bars" machine setting should be configured correctly for the Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow websites to open windows without address or status bars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to prompt for information using scripted windows" machine setting should be configured correctly for the Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow websites to prompt for information using scripted windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use SmartScreen Filter" machine setting should be configured correctly for the Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Use SmartScreen Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable .NET Framework Setup" machine setting should be configured correctly for the Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Disable .NET Framework Setup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow META REFRESH" machine setting should be configured correctly for the Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow META REFRESH HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XAML browser applications" machine setting should be configured correctly for the Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\XAML browser applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripting of Java applets" machine setting should be configured correctly for the Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Scripting of Java applets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow video and animation on a Web page that uses a legacy media player" machine setting should be configured correctly for the Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt for client certificate selection when no certificates or only one certificate exists." machine setting should be configured correctly for the Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run ActiveX controls and plugins" machine setting should be configured correctly for the Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Run ActiveX controls and plugins HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file downloads" machine setting should be configured correctly for the Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow binary and script behaviors" machine setting should be configured correctly for the Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow binary and script behaviors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Script ActiveX controls marked safe for scripting" machine setting should be configured correctly for the Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Script ActiveX controls marked safe for scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display mixed content" machine setting should be configured correctly for the Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Display mixed content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow scripting of Internet Explorer web browser control" machine setting should be configured correctly for the Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow scripting of Internet Explorer web browser control HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active scripting" machine setting should be configured correctly for the Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow active scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Submit non-encrypted form data" machine setting should be configured correctly for the Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Submit non-encrypted form data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for ActiveX controls" machine setting should be configured correctly for the Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Automatic prompting for ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XPS documents" machine setting should be configured correctly for the Internet Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\XPS documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Data URI Support" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Turn off Data URI Support HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Internet Explorer Standards Mode for Local Intranet" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Turn on Internet Explorer Standards Mode for Local Intranet HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Compatibility View" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Turn off Compatibility View HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Policy List of Internet Explorer 7 sites" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Use Policy List of Internet Explorer 7 sites HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\PolicyList Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Compatibility View button" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Turn off Compatibility View button HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\CommandBar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Internet Explorer 7 Standards Mode" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Turn on Internet Explorer 7 Standards Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include updated Web site lists from Microsoft" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Include updated Web site lists from Microsoft HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use UTF-8 for mailto links" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Use UTF-8 for mailto links HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols\Mailto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Advanced page" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Advanced page HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Send internationalized domain names" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Send internationalized domain names HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent ignoring certificate errors" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Prevent ignoring certificate errors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Content page" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Content page HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the General page" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the General page HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Privacy page" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Privacy page HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Connections page" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Connections page HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Programs page" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Programs page HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Security page" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Security page HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only allow approved domains to use ActiveX controls without prompt" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow drag and drop or copy and paste files" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow drag and drop or copy and paste files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Script ActiveX controls marked safe for scripting" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Script ActiveX controls marked safe for scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable .NET Framework Setup" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Disable .NET Framework Setup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow video and animation on a Web page that uses a legacy media player" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XPS documents" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\XPS documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow script-initiated windows without size or position constraints HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XAML browser applications" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\XAML browser applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to prompt for information using scripted windows" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow websites to prompt for information using scripted windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Initialize and script ActiveX controls not marked as safe HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download signed ActiveX controls" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Download signed ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow installation of desktop items" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow installation of desktop items HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Software channel permissions" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Software channel permissions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow META REFRESH" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow META REFRESH HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow status bar updates via script" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow status bar updates via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download unsigned ActiveX controls" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Download unsigned ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching applications and files in an IFRAME" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Launching applications and files in an IFRAME HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Userdata persistence" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Userdata persistence HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file downloads" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt for client certificate selection when no certificates or only one certificate exists." machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Loose XAML files" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Loose XAML files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Protected Mode" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Turn on Protected Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn Off First-Run Opt-In" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Turn Off First-Run Opt-In HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Submit non-encrypted form data" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Submit non-encrypted form data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow binary and script behaviors" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow binary and script behaviors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow font downloads" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow font downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active content over restricted protocols to access my computer" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow active content over restricted protocols to access my computer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for file downloads" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Automatic prompting for file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to open windows without address or status bars" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow websites to open windows without address or status bars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Pop-up Blocker" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Use Pop-up Blocker HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display mixed content" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Display mixed content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Scriptlets" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow Scriptlets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web sites in less privileged Web content zones can navigate into this zone" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components signed with Authenticode" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active scripting" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow active scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for ActiveX controls" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Automatic prompting for ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripting of Java applets" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Scripting of Java applets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include local directory path when uploading files to a server" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Include local directory path when uploading files to a server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Cross-Site Scripting (XSS) Filter" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching programs and unsafe files" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Launching programs and unsafe files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow scripting of Internet Explorer web browser control" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow scripting of Internet Explorer web browser control HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Logon options" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Logon options HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow cut, copy or paste operations from the clipboard via script" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components not signed with Authenticode" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Navigate windows and frames across different domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Access data sources across domains" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Access data sources across domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open files based on content, not file extension" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Open files based on content, not file extension HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run ActiveX controls and plugins" machine setting should be configured correctly for the Local Machine Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Run ActiveX controls and plugins HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Binary Behavior Security Restriction: All Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Binary Behavior Security Restriction: Process List" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Admin-approved behaviors" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction\Admin-approved behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Binary Behavior Security Restriction: Internet Explorer Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn Off First-Run Opt-In" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Turn Off First-Run Opt-In HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow installation of desktop items" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow installation of desktop items HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XAML browser applications" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\XAML browser applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components not signed with Authenticode" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow font downloads" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow font downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow script-initiated windows without size or position constraints HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Script ActiveX controls marked safe for scripting" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Script ActiveX controls marked safe for scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Initialize and script ActiveX controls not marked as safe HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only allow approved domains to use ActiveX controls without prompt" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Navigate windows and frames across different domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XPS documents" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\XPS documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Cross-Site Scripting (XSS) Filter" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow drag and drop or copy and paste files" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow drag and drop or copy and paste files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for file downloads" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Automatic prompting for file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web sites in less privileged Web content zones can navigate into this zone" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Loose XAML files" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Loose XAML files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Userdata persistence" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Userdata persistence HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active content over restricted protocols to access my computer" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow active content over restricted protocols to access my computer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active scripting" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow active scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow video and animation on a Web page that uses a legacy media player" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download unsigned ActiveX controls" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Download unsigned ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include local directory path when uploading files to a server" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Include local directory path when uploading files to a server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable .NET Framework Setup" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Disable .NET Framework Setup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to prompt for information using scripted windows" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow websites to prompt for information using scripted windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to open windows without address or status bars" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow websites to open windows without address or status bars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Access data sources across domains" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Access data sources across domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Pop-up Blocker" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Use Pop-up Blocker HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Logon options" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Logon options HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for ActiveX controls" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Automatic prompting for ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Submit non-encrypted form data" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Submit non-encrypted form data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Software channel permissions" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Software channel permissions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow META REFRESH" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow META REFRESH HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow binary and script behaviors" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow binary and script behaviors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run ActiveX controls and plugins" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Run ActiveX controls and plugins HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Scriptlets" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow Scriptlets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Protected Mode" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Turn on Protected Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display mixed content" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Display mixed content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use SmartScreen Filter" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Use SmartScreen Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file downloads" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching applications and files in an IFRAME" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Launching applications and files in an IFRAME HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow status bar updates via script" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow status bar updates via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download signed ActiveX controls" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Download signed ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components signed with Authenticode" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripting of Java applets" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Scripting of Java applets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching programs and unsafe files" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Launching programs and unsafe files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open files based on content, not file extension" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Open files based on content, not file extension HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt for client certificate selection when no certificates or only one certificate exists." machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow scripting of Internet Explorer web browser control" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow scripting of Internet Explorer web browser control HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow cut, copy or paste operations from the clipboard via script" machine setting should be configured correctly for the Trusted Sites Zone. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use HTTP 1.1" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Use HTTP 1.1 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not save encrypted pages to disk" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Do not save encrypted pages to disk HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not allow resetting Internet Explorer settings" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Do not allow resetting Internet Explorer settings HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Empty Temporary Internet Files folder when browser is closed" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Empty Temporary Internet Files folder when browser is closed HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off ClearType" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Turn off ClearType HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Play animations in web pages" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Play animations in web pages HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use HTTP 1.1 through proxy connections" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Use HTTP 1.1 through proxy connections HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Caret Browsing support" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Turn on Caret Browsing support HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Play sounds in web pages" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Play sounds in web pages HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Intranet Zone Template" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Template HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Local Machine Zone Template" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Template HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Locked-Down Internet Zone Template" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Template HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on automatic detection of the intranet" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Turn on automatic detection of the intranet HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trusted Sites Zone Template" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Template HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Locked-Down Intranet Zone Template" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Template HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restricted Sites Zone Template" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Template HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Locked-Down Restricted Sites Zone Template" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Template HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Locked-Down Local Machine Zone Template" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Template HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Locked-Down Trusted Sites Zone Template" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Template HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Intranet Sites: Include all sites that bypass the proxy server" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Sites: Include all sites that bypass the proxy server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Site to Zone Assignment List" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site to Zone Assignment List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Intranet Sites: Include all local (intranet) sites not listed in other zones" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Sites: Include all local (intranet) sites not listed in other zones HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Information bar notification for intranet content" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Turn on Information bar notification for intranet content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Warn about Certificate Address Mismatch" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Turn on Warn about Certificate Address Mismatch HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Internet Zone Template" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Template HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Pop-up allow list" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Pop-up allow list HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\New Windows Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off configuration of tabbed browsing pop-up behavior" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off configuration of tabbed browsing pop-up behavior HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure new tab page default behavior" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Configure new tab page default behavior HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off the auto-complete feature for web addresses" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off the auto-complete feature for web addresses HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off tabbed browsing" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off tabbed browsing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Compatibility Logging" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn on Compatibility Logging HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Compat_logging Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off configuration of default behavior of new tab creation" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off configuration of default behavior of new tab creation HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set tab process growth" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Set tab process growth HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off displaying the Internet Explorer Help Menu" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off displaying the Internet Explorer Help Menu HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict changing the default search provider" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Restrict changing the default search provider HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on menu bar by default" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn on menu bar by default HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off suggestions for all user-installed providers" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off suggestions for all user-installed providers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\SearchScopes Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Favorites bar" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Favorites bar HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\LinksBar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off the activation of the quick pick menu" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off the activation of the quick pick menu HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\SearchScopes Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Automatic Crash Recovery Prompt" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Automatic Crash Recovery Prompt HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Recovery Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off configuration of window reuse" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off configuration of window reuse HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Quick Tabs functionality" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Quick Tabs functionality HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Managing Pop-up Allow list" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Managing Pop-up Allow list HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Add a specific list of search providers to the user's search provider list" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Add a specific list of search providers to the user's search provider list HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict search providers to a specific list of providers" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Restrict search providers to a specific list of providers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off page zooming functionality" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off page zooming functionality HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\ZOOM Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enforce Full Screen Mode" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Enforce Full Screen Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Customize User Agent String" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Customize User Agent String HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Internet Explorer Search box from displaying" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent Internet Explorer Search box from displaying HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off managing Pop-up filter level" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off managing Pop-up filter level HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Reopen Last Browsing Session" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Reopen Last Browsing Session HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Recovery Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off pop-up management" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off pop-up management HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off picture display" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia\Turn off picture display HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off automatic image resizing" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia\Turn off automatic image resizing HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow the display of image download placeholders" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia\Allow the display of image download placeholders HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off smart image dithering" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia\Turn off smart image dithering HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off InPrivate Browsing" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\InPrivate\Turn off InPrivate Browsing HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Privacy Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "InPrivate Filtering Threshold" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\InPrivate\InPrivate Filtering Threshold HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not collect InPrivate Filtering data" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\InPrivate\Do not collect InPrivate Filtering data HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable toolbars and extensions when InPrivate Browsing starts" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\InPrivate\Disable toolbars and extensions when InPrivate Browsing starts HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off InPrivate Filtering" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\InPrivate\Turn off InPrivate Filtering HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off InPrivate Filtering" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\InPrivate\Turn off InPrivate Filtering HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable toolbars and extensions when InPrivate Browsing starts" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\InPrivate\Disable toolbars and extensions when InPrivate Browsing starts HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not collect InPrivate Filtering data" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\InPrivate\Do not collect InPrivate Filtering data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "InPrivate Filtering Threshold" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\InPrivate\InPrivate Filtering Threshold HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent users from choosing default text size" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Display settings\Prevent users from choosing default text size HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download unsigned ActiveX controls" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Download unsigned ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Scriptlets" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to prompt for information using scripted windows" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow websites to prompt for information using scripted windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow binary and script behaviors" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow binary and script behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Protected Mode" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Turn on Protected Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Logon options" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Logon options HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable .NET Framework Setup" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Disable .NET Framework Setup HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Pop-up Blocker" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Use Pop-up Blocker HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt for client certificate selection when no certificates or only one certificate exists." current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for file downloads" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Automatic prompting for file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow drag and drop or copy and paste files" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow drag and drop or copy and paste files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow installation of desktop items" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow installation of desktop items HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XPS documents" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\XPS documents HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download signed ActiveX controls" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Download signed ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow websites to open windows without address or status bars" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow websites to open windows without address or status bars HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Loose XAML files" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Loose XAML files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Cross-Site Scripting (XSS) Filter" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow META REFRESH" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow META REFRESH HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Submit non-encrypted form data" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Submit non-encrypted form data HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run ActiveX controls and plugins" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Run ActiveX controls and plugins HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components signed with Authenticode" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Userdata persistence" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Userdata persistence HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XAML browser applications" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\XAML browser applications HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic prompting for ActiveX controls" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Automatic prompting for ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web sites in less privileged Web content zones can navigate into this zone" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow font downloads" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow font downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file downloads" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Access data sources across domains" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Access data sources across domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow script-initiated windows without size or position constraints HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn Off First-Run Opt-In" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Turn Off First-Run Opt-In HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Initialize and script ActiveX controls not marked as safe HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Software channel permissions" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Software channel permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow video and animation on a Web page that uses a legacy media player" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Navigate windows and frames across different domains" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Navigate windows and frames across different domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow cut, copy or paste operations from the clipboard via script" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripting of Java applets" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Scripting of Java applets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only allow approved domains to use ActiveX controls without prompt" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open files based on content, not file extension" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Open files based on content, not file extension HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow status bar updates via script" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow status bar updates via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching applications and files in an IFRAME" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Launching applications and files in an IFRAME HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use SmartScreen Filter" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Use SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run .NET Framework-reliant components not signed with Authenticode" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active content over restricted protocols to access my computer" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow active content over restricted protocols to access my computer HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow scripting of Internet Explorer web browser control" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow scripting of Internet Explorer web browser control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active scripting" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow active scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display mixed content" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Display mixed content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include local directory path when uploading files to a server" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Include local directory path when uploading files to a server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Script ActiveX controls marked safe for scripting" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Script ActiveX controls marked safe for scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Java permissions" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Java permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Launching programs and unsafe files" current user setting should be configured correctly for the Trusted Sites Zone. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Launching programs and unsafe files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent the configuration of cipher strength update information URLs" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Component Updates\Help Menu > About Internet Explorer\Prevent the configuration of cipher strength update information URLs HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt: Internet Explorer Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Application Compatibility\Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt: Process List" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Application Compatibility\Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt: All Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Application Compatibility\Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hide the Command Bar" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Hide the Command Bar HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\CommandBar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable customizing browser toolbar buttons" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Disable customizing browser toolbar buttons HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Auto-hide the Toolbars" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Auto-hide the Toolbars HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\CommandBar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Customize Command Labels" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Customize Command Labels HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\CommandBar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set location of Stop and Refresh buttons" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Set location of Stop and Refresh buttons HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\CommandBar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Developer Tools" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Turn off Developer Tools HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\IEDevTools Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off toolbar upgrade tool" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Turn off toolbar upgrade tool HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Lock all Toolbars" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Lock all Toolbars HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use large Icons for Command Buttons" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Use large Icons for Command Buttons HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\CommandBar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable customizing browser toolbars" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Disable customizing browser toolbars HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hide the Status Bar" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Hide the Status Bar HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Network Protocol Lockdown: All Processes" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Network Protocol Lockdown: Internet Explorer Processes" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Internet Explorer Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Network Protocol Lockdown: Process List" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Intranet Zone Restricted Protocols" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone\Intranet Zone Restricted Protocols HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trusted Sites Zone Restricted Protocols" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone\Trusted Sites Zone Restricted Protocols HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restricted Sites Zone Restricted Protocols" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone\Restricted Sites Zone Restricted Protocols HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Local Machine Zone Restricted Protocols" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone\Local Machine Zone Restricted Protocols HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Internet Zone Restricted Protocols" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone\Internet Zone Restricted Protocols HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Local Machine Zone Lockdown Security: Process List" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Local Machine Zone Lockdown Security: Internet Explorer Processes" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security\Internet Explorer Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Local Machine Zone Lockdown Security: All Processes" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "MK Protocol Security Restriction: Process List" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "MK Protocol Security Restriction: All Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "MK Protocol Security Restriction: Internet Explorer Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Information Bar: Internet Explorer Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Information Bar\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Information Bar: All Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Information Bar\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Information Bar: Process List" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Information Bar\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Maximum number of connections per server (HTTP 1.0)" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\AJAX\Maximum number of connections per server (HTTP 1.0) HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Cross Document Messaging" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\AJAX\Turn off Cross Document Messaging HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOCUMENT_MESSAGING Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Maximum number of connections per server (HTTP 1.1)" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\AJAX\Maximum number of connections per server (HTTP 1.1) HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off the XDomainRequest Object" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\AJAX\Turn off the XDomainRequest Object HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XDOMAINREQUEST Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable Native XMLHttpRequest Support" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\AJAX\Enable Native XMLHttpRequest Support HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Auto-hide the Toolbars" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Auto-hide the Toolbars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\CommandBar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Developer Tools" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Turn off Developer Tools HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\IEDevTools Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Lock all Toolbars" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Lock all Toolbars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Toolbar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use large Icons for Command Buttons" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Use large Icons for Command Buttons HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\CommandBar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set location of Stop and Refresh buttons" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Set location of Stop and Refresh buttons HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\CommandBar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off toolbar upgrade tool" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Turn off toolbar upgrade tool HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hide the Command Bar" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Hide the Command Bar HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\CommandBar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Customize Command Labels" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Customize Command Labels HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\CommandBar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hide the Status Bar" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Hide the Status Bar HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off the XDomainRequest Object" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\AJAX\Turn off the XDomainRequest Object HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XDOMAINREQUEST Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Maximum number of connections per server (HTTP 1.1)" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\AJAX\Maximum number of connections per server (HTTP 1.1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Maximum number of connections per server (HTTP 1.0)" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\AJAX\Maximum number of connections per server (HTTP 1.0) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Cross Document Messaging" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\AJAX\Turn off Cross Document Messaging HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOCUMENT_MESSAGING Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable Native XMLHttpRequest Support" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\AJAX\Enable Native XMLHttpRequest Support HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Windows Search AutoComplete" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\AutoComplete\Turn off Windows Search AutoComplete HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\WindowsSearch Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on inline AutoComplete for Web addresses" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\AutoComplete\Turn on inline AutoComplete for Web addresses HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Consistent Mime Handling: All Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Consistent Mime Handling: Internet Explorer Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Consistent Mime Handling: Process List" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Deleting Temporary Internet Files" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Temporary Internet Files HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Privacy Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Deleting Favorites Site Data" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Favorites Site Data HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Privacy Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off "Delete Browsing History" functionality" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Turn off "Delete Browsing History" functionality HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Deleting Form Data" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Form Data HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Deleting Passwords" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Passwords HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable "Configuring History"" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Disable "Configuring History" HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Deleting Web sites that the User has Visited" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Web sites that the User has Visited HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Privacy Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Deleting Cookies" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Cookies HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Privacy Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Deleting InPrivate Filtering data" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting InPrivate Filtering data HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Privacy Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict File Download: All Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict File Download\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict File Download: Internet Explorer Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict File Download\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict File Download: Process List" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict File Download\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Local Machine Zone Lockdown Security: Process List" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Local Machine Zone Lockdown Security: Internet Explorer Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Local Machine Zone Lockdown Security: All Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Protection From Zone Elevation: Process List" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Protection From Zone Elevation: All Processes" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Programs page" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Programs page HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Content page" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Content page HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use UTF-8 for mailto links" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Use UTF-8 for mailto links HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols\Mailto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the General page" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the General page HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Send internationalized domain names" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Send internationalized domain names HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Connections page" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Connections page HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Privacy page" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Privacy page HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Binary Behavior Security Restriction: All Processes" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Admin-approved behaviors" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction\Admin-approved behaviors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Binary Behavior Security Restriction: Process List" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Binary Behavior Security Restriction: Internet Explorer Processes" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction\Internet Explorer Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Automatic Signup" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Signup Settings\Turn on Automatic Signup HKEY_CURRENT_USER\Software\Policies\Microsoft\IEAK Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Microsoft Chat" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\Microsoft Chat HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Microsoft Agent" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\Microsoft Agent HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Shockwave Flash" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\Shockwave Flash HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Carpoint" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\Carpoint HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Audio/Video Player" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\Audio/Video Player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "MSNBC" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\MSNBC HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Investor" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\Investor HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Microsoft Survey Control" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\Microsoft Survey Control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Microsoft Scriptlet Component" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\Microsoft Scriptlet Component HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "NetShow File Transfer Control" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\NetShow File Transfer Control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "DHTML Edit Control" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\DHTML Edit Control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Menu Controls" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\Menu Controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Open in New Window menu option" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\Disable Open in New Window menu option HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Context menu" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\Disable Context menu HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "File menu: Disable New menu option" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\File menu: Disable New menu option HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Help menu: Remove 'Tour' menu option" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\Help menu: Remove 'Tour' menu option HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Help menu: Remove 'Send Feedback' menu option" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\Help menu: Remove 'Send Feedback' menu option HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "File menu: Disable Save As Web Page Complete" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\File menu: Disable Save As Web Page Complete HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "File menu: Disable Open menu option" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\File menu: Disable Open menu option HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "View menu: Disable Source menu option" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\View menu: Disable Source menu option HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Print Menu" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\Turn off Print Menu HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "File menu: Disable closing the browser and Explorer windows" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\File menu: Disable closing the browser and Explorer windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "File menu: Disable Save As... menu option" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\File menu: Disable Save As... menu option HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "View menu: Disable Full Screen menu option" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\View menu: Disable Full Screen menu option HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Tools menu: Disable Internet Options... menu option" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\Tools menu: Disable Internet Options... menu option HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hide Favorites menu" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\Hide Favorites menu HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripted Window Security Restrictions: Process List" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripted Window Security Restrictions: All Processes" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "MK Protocol Security Restriction: Process List" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "MK Protocol Security Restriction: All Processes" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Object Caching Protection: Internet Explorer Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Object Caching Protection\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Object Caching Protection: All Processes" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Object Caching Protection\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Object Caching Protection: Process List" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Object Caching Protection\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restricted Sites Zone Template" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Template HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Warn about Certificate Address Mismatch" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Turn on Warn about Certificate Address Mismatch HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Intranet Sites: Include all sites that bypass the proxy server" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Sites: Include all sites that bypass the proxy server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Locked-Down Internet Zone Template" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Template HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trusted Sites Zone Template" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Template HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Intranet Zone Template" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Template HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Locked-Down Local Machine Zone Template" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Template HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Internet Zone Template" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Template HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Site to Zone Assignment List" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site to Zone Assignment List HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Information bar notification for intranet content" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Turn on Information bar notification for intranet content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Locked-Down Intranet Zone Template" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Template HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Local Machine Zone Template" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Template HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on automatic detection of the intranet" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Turn on automatic detection of the intranet HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Locked-Down Restricted Sites Zone Template" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Template HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Locked-Down Trusted Sites Zone Template" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Template HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Intranet Sites: Include all local (intranet) sites not listed in other zones" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Sites: Include all local (intranet) sites not listed in other zones HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Intranet Sites: Include all network paths (UNCs)" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Sites: Include all network paths (UNCs) HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Play sounds in web pages" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Play sounds in web pages HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow active content from CDs to run on user machines" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Allow active content from CDs to run on user machines HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Check for signatures on downloaded programs" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Check for signatures on downloaded programs HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Download Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow software to run or install even if the signature is invalid" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Allow software to run or install even if the signature is invalid HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Download Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Encryption Support" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Turn off Encryption Support HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Empty Temporary Internet Files folder when browser is closed" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Empty Temporary Internet Files folder when browser is closed HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not allow resetting Internet Explorer settings" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Do not allow resetting Internet Explorer settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatically check for Internet Explorer updates" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Automatically check for Internet Explorer updates HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Check for server certificate revocation" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Check for server certificate revocation HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Play animations in web pages" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Play animations in web pages HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off ClearType" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Turn off ClearType HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on Caret Browsing support" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Turn on Caret Browsing support HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use HTTP 1.1 through proxy connections" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Use HTTP 1.1 through proxy connections HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not save encrypted pages to disk" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Do not save encrypted pages to disk HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow third-party browser extensions" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Allow third-party browser extensions HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use HTTP 1.1" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Use HTTP 1.1 HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on the hover color option" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Display settings\Link Colors\Turn on the hover color option HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent users from configuring the color of links that have already been clicked" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Display settings\Link Colors\Prevent users from configuring the color of links that have already been clicked HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent users from configuring the hover color" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Display settings\Link Colors\Prevent users from configuring the hover color HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent users from configuring the color of links that have not yet been clicked" current user setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Display settings\Link Colors\Prevent users from configuring the color of links that have not yet been clicked HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The path of the IIS Web Root folder should be configured correctly. (1) local path (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab Chapter 1 Internet Information Services Installation The Default Install Directory pg 12 The IIS Web Root directory should be named appropriately. (1) directory name (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the desired website > Properties > Home Directory tab Chapter 1 Internet Information Services Installation The Default Install Directory pg 12 Individual IP addresses should be configured as appropriate for the specified websites. (1) TARGET: website (2) IP address (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Server > Web Site Identification > IP address http://support.microsoft.com/kb/323972 The specified websites should be configured to use the appropriate network interfaces. (1) TARGET: website (2) exist/not exist (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Server > Web Site Identification > All Unassigned Chapter 3 Services Installation and Administration World Wide Web (WWW) Services pg 39 The master home directory "Enable Logging" setting should be enabled or disabled as appropriate. (1) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Server > Enable Logging Chapter 2 Internet Services Manager – Master Properties Master Properties WWW Service pg 23-24 The master home directory "Read" permission should be enabled or disabled as appropriate. (1) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Read Chapter 2 Internet Services Manager – Master Properties Master Properties WWW Service pg 23-24 The master home directory "Write" permission should be enabled or disabled as appropriate. (1) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Write Chapter 2 Internet Services Manager – Master Properties Master Properties WWW Service pg 23-24 The master home directory "Script Source Access" permission should be enabled or disabled as appropriate. (1) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Script Source Chapter 2 Internet Services Manager – Master Properties Master Properties WWW Service pg 23-24 The master home directory "Directory Browsing" permission should be enabled or disabled as appropriate. (1) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Directory Browsing Chapter 2 Internet Services Manager – Master Properties Master Properties WWW Service pg 23-24 The master home directory "Log Visits" permission should be enabled or disabled as appropriate. (1) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Log Visits Chapter 2 Internet Services Manager – Master Properties Master Properties WWW Service pg 23-24 The master home directory "Index this resource" permission should be enabled or disabled as appropriate. (1) none/scripts/scripts&executables (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Index this resource Chapter 2 Internet Services Manager – Master Properties Master Properties WWW Service pg 23-24 The master home directory "Execute Permissions" permission should be enabled or disabled as appropriate. (1) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Execute Permissions Chapter 2 Internet Services Manager – Master Properties Master Properties WWW Service pg 23-24 The master home directory "Anonymous Access" permission for IIS websites should be enabled or disabled as appropriate. (1) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Directory Security > Authentication and Access Control tab > Anonymous Access Chapter 2 Internet Services Manager – Master Properties Master Properties WWW Service pg 24 The master home directory "Basic Authentication" setting should be enabled or disabled. (1) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Directory Security > Authentication and Access Control tab > Authenticated Access Chapter 2 Internet Services Manager – Master Properties Master Properties WWW Service pg 24 The master home directory "Integrated Windows Authentication" setting should be enabled or disabled. (1) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Directory Security > Authentication and Access Control tab > Authenticated Access Chapter 2 Internet Services Manager – Master Properties Master Properties WWW Service pg 25 The "Enable Logging" setting should be enabled or disabled for the specified web server (1) TARGET: server (2) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Server > Enable Logging Chapter 3 Services Installation and Administration Summary of Web Server Configuration Issues pg 39 The "Read" permission should be enabled or disabled as appropriate for the home directory of the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on the specified website > Properties > Home Directory tab > Read Chapter 3 Services Installation and Administration World Wide Web (WWW) Services pg 41-42 The "Write" privilege should be enabled or disabled as appropriate for the home directory of the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > Write Chapter 3 Services Installation and Administration World Wide Web (WWW) Services pg 41-42 The "Script Source Access" permission should be enabled or disabled as appropriate for the home directory of the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Script Source Chapter 3 Services Installation and Administration World Wide Web (WWW) Services pg 41-42 The "Directory Browsing" permission should be enabled or disabled as appropriate for the home directory of the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > Directory Browsing Chapter 3 Services Installation and Administration World Wide Web (WWW) Services pg 41-42 The"Log Visits" permission should be enabled or disabled as appropriate for the home directory of the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > Log Visits Chapter 3 Services Installation and Administration World Wide Web (WWW) Services pg 41-42 The "Index this resource" permission should be enabled or disabled as appropriate for the home directory of the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > Index this resource http://technet.microsoft.com/en-us/library/bb742408.aspx The "Execute Permissions" permission should be set correctly for the specified websites. (1) TARGET: website (2) none/scripts/scripts&executables (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > Execute Permissions Chapter 3 Services Installation and Administration World Wide Web (WWW) Services pg 42 The "Anonymous Access" permission should be enabled or disabled as appropriate for the home directory of the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Directory Security > Authentication and Access Control tab > Anonymous Access Chapter 3 Services Installation and Administration World Wide Web (WWW) Services pg 46 Basic Authentication should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Directory Security > Authentication and Access Control tab > Authenticated Access Chapter 2 Internet Services Manager – Master Properties Master Properties WWW Service pg 23 Integrated Windows Authentication should be enabled or disabled as appropriate the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Directory Security > Authentication and Access Control tab > Authenticated Access Chapter 2 Internet Services Manager – Master Properties Master Properties WWW Service pg 23 The WWW service Special Characters In Shells setting should be enabled or disabled as appropriate. (1) enabled/disabled (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\AllowSpecialCharsInShell http://msdn.microsoft.com/ja-jp/library/aa711451.aspx IIS WWW service SSL error logging should be enabled or disabled as appropriate. (1) enabled/disabled (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel\EventLogging http://support.microsoft.com/kb/260729 The RDSServer.DataFactory object should be enable or disabeld as appropriate. (1) exist/not exist (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\RDSServer.Factory http://technet.microsoft.com/en-us/security/bulletin/fq99-025 The AdvancedDataFactory object should be enable or disabeld as appropriate. (1) exist/not exist (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\AdvancedDataFactory http://technet.microsoft.com/en-us/security/bulletin/fq99-025 The VbBusObj.VbBusObjCls object should be enable or disabeld as appropriate. (1) exist/not exist (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\VbBusObj.VbBusObjCls http://technet.microsoft.com/en-us/security/bulletin/fq99-025 The '.printer' extension mapping should be configured as appropriate. (1) exist/not exist (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab Chapter 4 Additional Security Services Script Mappings pg 76 The '.htw' extension mapping should be configured as appropriate. (1) exist/not exist (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab Chapter 4 Additional Security Services Script Mappings pg 76 The '.ida' extension mapping should be configured as appropriate. (1) exist/not exist (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab Chapter 4 Additional Security Services Script Mappings pg 76 The '.idq' extension mapping should be configured as appropriate. (1) exist/not exist (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab Chapter 4 Additional Security Services Script Mappings pg 76 The '.idc' extension mapping should be configured as appropriate. (1) exist/not exist (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab Chapter 4 Additional Security Services Script Mappings pg 76 The '.shtm' extension mapping should be configured as appropriate. (1) exist/not exist (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab Chapter 4 Additional Security Services Script Mappings pg 76 The '.stm' extension mapping should be configured as appropriate. (1) exist/not exist (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab Chapter 4 Additional Security Services Script Mappings pg 76 The '.shtml' extension mapping should be configured as appropriate. (1) exist/not exist (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab Chapter 4 Additional Security Services Script Mappings pg 76 Relative path traversal should be enabled or disabled as appropriate for the specified websites. (1) TARGET: webiste (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > Enable Parent Paths Chapter 3 Services Installation and Administration World Wide Web (WWW) Services pg 43 The startup type of the IIS Admin (IISAdmin) service should be correct. (1) automatic/manual/disabled (1) defined by the Services Administrative Tool (2) definied by Group Policy (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IISADMIN\Start Chapter 1 Internet Information Services Installation IIS Services pg 15 Permissions on the \Inetpub directory should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Chapter 1 Internet Information Services Installation IIS Services pg 15 Permissions on the %SystemDirectory%\inetsrv directory should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Chapter 1 Internet Information Services Installation The Default Install Directory pg 11 Permissions on %SystemDirectory%\inetsrv\asp.dll should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Chapter 1 Internet Information Services Installation The Default Install Directory Table 1 Permission Settings pg 12 Permissions on the Web Root "Images" directory should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Chapter 1 Internet Information Services Installation The Default Install Directory Table 1 Permission Settings pg 12 Permissions on the Web Root "scripts" directory should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Chapter 1 Internet Information Services Installation The Default Install Directory Table 1 Permission Settings pg 12 Permissions on the Web Root "executables" directory should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Chapter 1 Internet Information Services Installation The Default Install Directory Table 1 Permission Settings pg 12 Permissions on the Web Root "docs" directory should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Chapter 1 Internet Information Services Installation The Default Install Directory Table 1 Permission Settings pg 12 Permissions on the Web Root "home" directory should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Chapter 1 Internet Information Services Installation The Default Install Directory Table 1 Permission Settings pg 12 Permissions on the Web Root "include" directory should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Chapter 1 Internet Information Services Installation The Default Install Directory Table 1 Permission Settings pg 12 Permissions on the Web Root directory should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Chapter 1 Internet Information Services Installation The Default Install Directory Table 1 Permission Settings pg 12 Permissions on the default Logfiles directory should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Chapter 4 Additional Security Services Auditing pg 70 The file auditing for the directory \%SystemRoot%\System32\Inetsrv should be configured appropriately. (1) set of accounts (2) events to audit (3) applicability (1) defined by the object's SACL Chapter 4 Additional Security Services Auditing pg 70 The file auditing for the Inetpub directory should be configured appropriately. (1) set of accounts (2) events to audit (3) applicability (1) defined by the object's SACL Chapter 4 Additional Security Services Auditing pg 70 The file auditing for the directory Web Root should be configured appropriately. (1) set of accounts (2) events to audit (3) applicability (1) defined by the object's SACL Chapter 4 Additional Security Services Auditing pg 70 HTTP protocol logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties Chapter 4 Additional Security Services Auditing pg 72 Date logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties Chapter 4 Additional Security Services Auditing pg 72 Time logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties Chapter 4 Additional Security Services Auditing pg 72 Client IP Address logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties Chapter 4 Additional Security Services Auditing pg 72 User name logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties Chapter 4 Additional Security Services Auditing pg 72 User agent logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties Chapter 4 Additional Security Services Auditing pg 72 Method logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties Chapter 4 Additional Security Services Auditing pg 72 URI stem logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties Chapter 4 Additional Security Services Auditing pg 72 URL query logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties Chapter 4 Additional Security Services Auditing pg 72 Server IP address logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties Chapter 4 Additional Security Services Auditing pg 72 Server port logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties Chapter 4 Additional Security Services Auditing pg 72 Protocol status logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties Chapter 4 Additional Security Services Auditing pg 72 Win32 status logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties Chapter 4 Additional Security Services Auditing pg 72 The path of the HTTP Log folder should be configured correctly for the specified websites. (1) TARGET: website (2) local path (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > Properties Chapter 4 Additional Security Services Auditing pg 72 The file auditing for the Metaback directory should be configured appropriately. (1) set of accounts (2) events to audit (3) applicability (1) defined by the object's SACL http://support.microsoft.com/kb/271071 The membership of the IUSR account should be configured correctly. (1) set of accounts (1) defined by Local or Group Policy Chapter 1 Internet Information Services Installation Post Installation pg 10 The IUSR account should be enabled or disabled as appropriate. (1) enabled/disabled (1) defined by Local or Group Policy Chapter 1 Internet Information Services Installation Post Installation pg 9 The Default IWAM account should be configured correctly. (1) valid name (1) defined by Local or Group Policy Chapter 1 Internet Information Services Installation Post Installation pg 10 The size of the IIS client request buffer should should be set correctly. (1) number of bytes (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\MaxClientRequestBuffer http://technet.microsoft.com/en-us/library/bb878118.aspx Server Side Includes should be enabled or disabled as appropriate. (1) enabled/disabled (1) 'SSIExecDisable' key in IIS metabase file (2) cscript adsutil.vbs set w3svc/.../SSIExecDisable http://support.microsoft.com/kb/195291 Web-based password reset IIS application mappings (.htr) should be configured correctly. (1) exist/not exist (1) Internet Service manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button >App Mappings tab Chapter 4 Additional Security Services Script Mappings pg 75 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC should be assigned. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL http://support.microsoft.com/kb/271071 IIS Application Protection should be set correctly. (1) low, medium, high (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > Application Protection Chapter 3 Services Installation and Administration World Wide Web (WWW) Services pg 43 The required auditing for the file Metabase.bin should be enabled. (1) set of accounts (2) events to audit (3) applicability (1) defined by the object's SACL Chapter 1 Internet Information Services Installation Securing the Metabase pg 16 IIS Sample files should be installed or not as appropriate. (1) exist/not exist (1) files in \Inetpub\iissamples Chapter 4 Additional Security Services IIS Default Samples and Printers pg 78 The sample Data Access files should be installed or not as appropriate. (1) exist/not exist (1) files in \Program Files\Common Files\System\msadc\Samples Chapter 4 Additional Security Services IIS Default Samples and Printers pg 78 IIS Help files should be installed or not as appropriate. (1) exist/not exist (1) files in %SystemRoot%\help\iishelp Chapter 4 Additional Security Services IIS Default Samples and Printers pg 78 Remote Account password changes should be enabled or disabled as appropriate. (1) exist/not exist (1) files in %SystemRoot%\System32\Inetsrv\iisadmpwd Chapter 4 Additional Security Services IIS Default Samples and Printers pg 78 IIS sample Web Printing files should be installed or not as appropriate. (1) exist/not exist (1) files in %SystemRoot%\web\printers Chapter 4 Additional Security Services IIS Default Samples and Printers pg 78 The path of the IIS Web Root folder should be configured correctly. (1) local path (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab Rule Title: The web document (home) directory must be on a separate partition from the web servers system files. STIG ID: WG205 IIS6 Rule ID: SV-30041r2_rule Vuln ID: V-3333 The IIS Web Root directory should be named appropriately. (1) directory names (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab 4.2.6 Securing the Web Site Directory and Content, pg 21 Individual IP addresses should be configured as appropriate for the specified websites. (1) TARGET: website (2) IP address (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Server > Web Site Identification > IP address http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/1c1d212b-18ae-414a-b5ec-eaf5b000a0c3.mspx?mfr=true The specified websites should be configured to use the appropriate network interfaces. (1) TARGET: website (2) exist/not exist (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Server > Web Site Identification > All Unassigned http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/1c1d212b-18ae-414a-b5ec-eaf5b000a0c3.mspx?mfr=true The master home directory "Enable Logging" setting should be enabled or disabled as appropriate. (1) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Server > Enable Logging http://technet.microsoft.com/en-us/library/cc779359%28v=ws.10%29.aspx Table 6: Web Site Permissions That Are Supported by IIS 6.0 pg 21 The master home directory "Read" permission should be enabled or disabled as appropriate. (1) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Read Table 6: Web Site Permissions That Are Supported by IIS 6.0 pg 21 The master home directory "Write" permission should be enabled or disabled as appropriate. (1) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Write Table 6: Web Site Permissions That Are Supported by IIS 6.0 pg 21 The master home directory "Script Source Access" permission should be enabled or disabled as appropriate. (1) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Script Source Table 6: Web Site Permissions That Are Supported by IIS 6.0 pg 21 The master home directory "Directory Browsing" permission should be enabled or disabled as appropriate. (1) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Directory Browsing Table 6: Web Site Permissions That Are Supported by IIS 6.0 pg 21 The master home directory "Log Visits" permission should be enabled or disabled as appropriate. (1) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Log Visits Table 6: Web Site Permissions That Are Supported by IIS 6.0 pg 21 The master home directory "Index this resource" permission should be enabled or disabled as appropriate. (1) none/scripts/scripts&executables (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Index this resource Table 6: Web Site Permissions That Are Supported by IIS 6.0 pg 21 The master home directory "Execute Permissions" permission should be enabled or disabled as appropriate. (1) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Execute Permissions Table 6: Web Site Permissions That Are Supported by IIS 6.0 pg 21 The master home directory "Anonymous Access" permission for IIS websites should be enabled or disabled as appropriate. (1) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Directory Security > Authentication and Access Control tab > Anonymous Access 4.2.2 Authentication pg 16 The master home directory "Basic Authentication" setting should be enabled or disabled. (1) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Directory Security > Authentication and Access Control tab > Authenticated Access 4.2.2 Authentication pg 16 The master home directory "Integrated Windows Authentication" setting should be enabled or disabled. (1) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Directory Security > Authentication and Access Control tab > Authenticated Access 4.2.2 Authentication pg 16 The "Enable Logging" setting should be enabled or disabled for the specified web server (1) TARGET: server (2) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Server > Enable Logging Rule Title: Logs of web server access and errors must be established and maintained. STIG ID: WG240 IIS6 Rule ID: SV-38065r1_rule Vuln ID: V-2250 The "Read" permission should be enabled or disabled as appropriate for the home directory of the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on the specified website > Properties > Home Directory tab > Read Rule Title: The IIS web site permissions "Write" or "Script Source" must not be selected. STIG ID: WA000-WI092 IIS6 Rule ID: SV-38020r1_rule Vuln ID: V-13699 The "Write" privilege should be enabled or disabled as appropriate for the home directory of the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > Write Rule Title: The IIS web site permissions "Write" or "Script Source" must not be selected. STIG ID: WA000-WI092 IIS6 Rule ID: SV-38020r1_rule Vuln ID: V-13699 The "Script Source Access" permission should be enabled or disabled as appropriate for the home directory of the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Script Source Rule Title: The IIS web site permissions "Write" or "Script Source" must not be selected. STIG ID: WA000-WI092 IIS6 Rule ID: SV-38020r1_rule Vuln ID: V-13699 The "Directory Browsing" permission should be enabled or disabled as appropriate for the home directory of the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > Directory Browsing Rule Title: Directory browsing must be disabled. STIG ID: WA000-WI090 IIS6 Rule ID: SV-38016r1_rule Vuln ID: V-6755 The"Log Visits" permission should be enabled or disabled as appropriate for the home directory of the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > Log Visits Rule Title: Logs of web server access and errors must be established and maintained. STIG ID: WG240 IIS6 Rule ID: SV-38065r1_rule Vuln ID: V-2250 The "Index this resource" permission should be enabled or disabled as appropriate for the home directory of the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > Index this resource Rule Title: Indexing Services must only index web content. STIG ID: WA000-WI070 IIS6 Rule ID: SV-38011r1_rule Vuln ID: V-3963 The "Execute Permissions" permission should be set correctly for the specified websites. (1) TARGET: website (2) none/scripts/scripts&executables (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > Execute Permissions Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 IIS6 Rule ID: SV-30020r2_rule Vuln ID: V-2258 The "Anonymous Access" permission should be enabled or disabled as appropriate for the home directory of the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Directory Security > Authentication and Access Control tab > Anonymous Access https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/035dcfd0-9a36-4788-b3b6-91dc6a9d9936.mspx?mfr=true Basic Authentication should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Directory Security > Authentication and Access Control tab > Authenticated Access https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/f85f0f16-4fea-4852-980c-4982d53c9948.mspx?mfr=true Integrated Windows Authentication should be enabled or disabled as appropriate the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Directory Security > Authentication and Access Control tab > Authenticated Access https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/5f8fe119-4095-4094-bba5-7dec361c7afe.mspx?mfr=true The WWW service Special Characters In Shells setting should be enabled or disabled as appropriate. (1) enabled/disabled (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\AllowSpecialCharsInShell http://msdn.microsoft.com/en-us/library/aa711451%28v=vs.71%29.aspx IIS WWW service SSL error logging should be enabled or disabled as appropriate. (1) enabled/disabled (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel\EventLogging http://support.microsoft.com/kb/260729 The RDSServer.DataFactory object should be enable or disabeld as appropriate. (1) exist/not exist (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\RDSServer.Factory http://technet.microsoft.com/en-us/security/bulletin/fq99-025 The AdvancedDataFactory object should be enable or disabeld as appropriate. (1) exist/not exist (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\AdvancedDataFactory http://technet.microsoft.com/en-us/security/bulletin/fq99-025 The VbBusObj.VbBusObjCls object should be enable or disabeld as appropriate. (1) exist/not exist (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\VbBusObj.VbBusObjCls http://technet.microsoft.com/en-us/security/bulletin/fq99-025 The execution context of the IIS CGI processes should be configured as appropriate. (1) enabled/disabled (1) 'CreateProcessAsUser' key in IIS metabase file http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/7b55d524-60fc-4420-807b-e1797658088a.mspx?mfr=true The '.printer' extension mapping should be configured as appropriate. (1) exist/not exist (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab Rule Title: Unused and vulnerable script mappings in IIS 6 must be removed. STIG ID: WA000-WI050 IIS6 Rule ID: SV-16145r2_rule Vuln ID: V-2267 The '.htw' extension mapping should be configured as appropriate. (1) exist/not exist (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab Rule Title: Unused and vulnerable script mappings in IIS 6 must be removed. STIG ID: WA000-WI050 IIS6 Rule ID: SV-16145r2_rule Vuln ID: V-2267 The '.ida' extension mapping should be configured as appropriate. (1) exist/not exist (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab Rule Title: Unused and vulnerable script mappings in IIS 6 must be removed. STIG ID: WA000-WI050 IIS6 Rule ID: SV-16145r2_rule Vuln ID: V-2267 The '.idq' extension mapping should be configured as appropriate. (1) exist/not exist (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab Rule Title: Unused and vulnerable script mappings in IIS 6 must be removed. STIG ID: WA000-WI050 IIS6 Rule ID: SV-16145r2_rule Vuln ID: V-2267 The '.idc' extension mapping should be configured as appropriate. (1) exist/not exist (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab Rule Title: Unused and vulnerable script mappings in IIS 6 must be removed. STIG ID: WA000-WI050 IIS6 Rule ID: SV-16145r2_rule Vuln ID: V-2267 The '.shtm' extension mapping should be configured as appropriate. (1) exist/not exist (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab Rule Title: Unused and vulnerable script mappings in IIS 6 must be removed. STIG ID: WA000-WI050 IIS6 Rule ID: SV-16145r2_rule Vuln ID: V-2267 The '.stm' extension mapping should be configured as appropriate. (1) exist/not exist (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab Rule Title: Unused and vulnerable script mappings in IIS 6 must be removed. STIG ID: WA000-WI050 IIS6 Rule ID: SV-16145r2_rule Vuln ID: V-2267 The '.shtml' extension mapping should be configured as appropriate. (1) exist/not exist (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab Rule Title: Unused and vulnerable script mappings in IIS 6 must be removed. STIG ID: WA000-WI050 IIS6 Rule ID: SV-16145r2_rule Vuln ID: V-2267 Relative path traversal should be enabled or disabled as appropriate for the specified websites. (1) TARGET: webiste (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > Enable Parent Paths Rule Title: Interactive scripts must have proper access controls. STIG ID: WG410 IIS6 Rule ID: SV-28848r2_rule Vuln ID: V-2229 The startup type of the IIS Admin (IISAdmin) service should be correct. (1) automatic/manual/disabled (1) defined by the Services Administrative Tool (2) definied by Group Policy (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IISADMIN\Start http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/2df6ff66-da04-4e7c-997d-8f7aa46af8c8.mspx?mfr=true Permissions on the Inetpub directory should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 Permissions on the inetsrv directory should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 Permissions on inetsrv\asp.dll should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 Permissions on the Web Root "Images" directory should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 Permissions on the Web Root "scripts" directory should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 Permissions on the Web Root "executables" directory should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 Permissions on the Web Root "docs" directory should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 Permissions on the Web Root "home" directory should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 Permissions on the Web Root "include" directory should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 Permissions on the Web Root directory should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 Permissions on the default Logfiles directory should be set appropriately. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259 The file auditing for the directory \%SystemRoot%\System32\Inetsrv should be configured appropriately. (1) set of accounts (2) events to audit (3) applicability (1) defined by the object's SACL http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/ebf1885b-7217-4ac6-93a3-633ef248bc8f.mspx?mfr=true The file auditing for the Inetpub directory should be configured appropriately. (1) set of accounts (2) events to audit (3) applicability (1) defined by the object's SACL http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/ebf1885b-7217-4ac6-93a3-633ef248bc8f.mspx?mfr=true The file auditing for the Web Root directory should be configured appropriately. (1) set of accounts (2) events to audit (3) applicability (1) defined by the object's SACL http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/ebf1885b-7217-4ac6-93a3-633ef248bc8f.mspx?mfr=true HTTP protocol logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true Rule Title: Log file data must contain required data elements. STIG ID: WG242 IIS6 Rule ID: SV-28653r2_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass Date logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true Rule Title: Log file data must contain required data elements. STIG ID: WG242 IIS6 Rule ID: SV-28653r2_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass Time logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true Rule Title: Log file data must contain required data elements. STIG ID: WG242 IIS6 Rule ID: SV-28653r2_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass Client IP Address logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true Rule Title: Log file data must contain required data elements. STIG ID: WG242 IIS6 Rule ID: SV-28653r2_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass User name logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true Rule Title: Log file data must contain required data elements. STIG ID: WG242 IIS6 Rule ID: SV-28653r2_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass User agent logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true Method logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true Rule Title: Log file data must contain required data elements. STIG ID: WG242 IIS6 Rule ID: SV-28653r2_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass URI stem logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true URL query logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true Rule Title: Log file data must contain required data elements. STIG ID: WG242 IIS6 Rule ID: SV-28653r2_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass Server IP address logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true Server port logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true Protocol status logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true Rule Title: Log file data must contain required data elements. STIG ID: WG242 IIS6 Rule ID: SV-28653r2_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass Win32 status logging should be enabled or disabled as appropriate for the specified websites. (1) TARGET: website (2) enabled/disabled (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true The path of the HTTP Log folder should be configured correctly for the specified websites. (1) TARGET: website (2) local path (1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > Properties http://msdn.microsoft.com/en-us/library/ff648653.aspx The file auditing for the \Metaback directory should be configured appropriately. (1) set of accounts (2) events to audit (3) applicability (1) defined by the object's SACL http://support.microsoft.com/kb/271071 The membership of the IUSR account should be configured correctly. (1) set of accounts (1) defined by Local or Group Policy Rule Title: Anonymous access accounts must be restricted. STIG ID: WG195 IIS6 Rule ID: SV-29351r2_rule Vuln ID: V-6537 Severity: CAT I Class: Unclass The IUSR account should be enabled or disabled as appropriate. (1) enabled/disabled (1) defined by Local or Group Policy http://msdn.microsoft.com/en-us/library/ff648653.aspx The IWAM account should be configured correctly. (1) valid name (1) WAMUserName Metabase Property http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/8f8364a3-5d84-48fd-b6a7-044dad20c413.mspx?mfr=true Server Side Includes command shell should be enabled or disabled as appropriate. (1) enabled/disabled (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\SSIEnableCmdDirective Web-based password reset IIS application mappings (.htr) should be configured correctly. (1) exist/not exist (1) Internet Service manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button >App Mappings tab Rule Title: Unused and vulnerable script mappings in IIS 6 must be removed. STIG ID: WA000-WI050 IIS6 Rule ID: SV-16145r2_rule Vuln ID: V-2267 IIS Sample files should be installed or not as appropriate. (1) exist/not exist (1) files in \Inetpub\iissamples Rule Title: All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. STIG ID: WG385 IIS6 Rule ID: SV-38330r1_rule Vuln ID: V-13621 The sample Data Access files should be installed or not as appropriate. (1) exist/not exist (1) files in \Program Files\Common Files\System\msadc\Samples Rule Title: All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. STIG ID: WG385 IIS6 Rule ID: SV-38330r1_rule Vuln ID: V-13621 IIS Help files should be installed or not as appropriate. (1) exist/not exist (1) files in %SystemRoot%\help\iishelp Rule Title: All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. STIG ID: WG385 IIS6 Rule ID: SV-38330r1_rule Vuln ID: V-13621 Remote Account password changes should be enabled or disabled as appropriate. (1) exist/not exist (1) AuthChangeDisable flag in the Metabase Rule Title: The IISADMPWD directory must be removed from the Web server. STIG ID: WA000-WI035 IIS6 Rule ID: SV-38148r1_rule Vuln ID: V-13698 Severity: CAT I Class: Unclass IIS sample Web Printing files should be installed or not as appropriate. (1) exist/not exist (1) files in %SystemRoot%\web\printers Rule Title: All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. STIG ID: WG385 IIS6 Rule ID: SV-38330r1_rule Vuln ID: V-13621 The "AllowRestrictedChars" setting should be enabled or disabled as appropriate. (1) enabled/disabled (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\AllowRestrictedChars Rule Title: The AllowRestrictedChars registry key must be disabled. STIG ID: WA000-WI6080 IIS6 Rule ID: SV-38160r1_rule Vuln ID: V-13714 The "EnableNonUTF8" setting should be enabled or disabled as appropriate. (1) enabled/disabled (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\EnableNonUTF8 Rule Title: The EnableNonUTF8 registry key must be disabled. STIG ID: WA000-WI6082 IIS6 Rule ID: SV-38161r1_rule Vuln ID: V-13715 The "FavorUTF8" setting should be enabled or disabled as appropriate. (1) enabled/disabled (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\FavorUTF8 Rule Title: The FavorUTF8 registry key must be set properly. STIG ID: WA000-WI6084 IIS6 Rule ID: SV-38162r1_rule Vuln ID: V-13716 The maximum possible size of request headers should be set correctly. (1) number of bytes (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\MaxFieldLength Rule Title: The MaxFieldLength registry entry must be set properly. STIG ID: WA000-WI6086 IIS6 Rule ID: SV-38163r1_rule Vuln ID: V-13717 The maximum possible combined size of request line and headers should be set correctly. (1) number of bytes (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\MaxRequestBytes Rule Title: The MaxRequestBytes registry entry must be set properly. STIG ID: WA000-WI6088 IIS6 Rule ID: SV-38164r1_rule Vuln ID: V-13718 The maximum number of characters in a URL path setting should be set correctly. (1) number of characters (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\UrlSegmentMaxLength Rule Title: The UrlSegmentMaxLength registry entry must be set properly. STIG ID: WA000-WI6090 IIS6 Rule ID: SV-38165r1_rule Vuln ID: V-13719 The maximum number of URL path segments should be set correctly. (1) number of URL path segments (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\UrlSegmentMaxCount Rule Title: The UrlSegmentMaxCount registry entry must be set properly. STIG ID: WA000-WI6096 IIS6 Rule ID: SV-38168r1_rule Vuln ID: V-13722 The allowance of %U notation in request URLs should be enabled or disabled as appropriate. (1) enabled/disabled (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\PercentUAllowed Rule Title: The PercentUAllowed registry entry must be set properly. STIG ID: WA000-WI6092 IIS6 Rule ID: SV-38166r1_rule Vuln ID: V-13720 The maximum response size that can be cached in the kernel should be set correctly. (1) number of bytes (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\UriMaxUriBytes Rule Title: The UriMaxUriBytes registry entry must be set properly. STIG ID: WA000-WI6094 IIS6 Rule ID: SV-38167r1_rule Vuln ID: V-13721 The maximum size of the entire request body setting should be set correctly. (1) number of bytes (1) MaxRequestEntityAllowed key in IIS metabase file Rule Title: The MaxRequestEntityAllowed metabase value must be defined. STIG ID: WA000-WI6098 IIS6 Rule ID: SV-38047r1_rule Vuln ID: V-13723 The URLScan ISAPI filters should be configured correctly for the specified websites. (1) TARGET: website (2) exist/not exist (1) Internet Information Services (IIS) Manage => Web Sites =><Web Site> => right click Properties => ISAPI Filters => URLScan http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/f9b564d2-d245-4241-ba0d-266a896ca663.mspx?mfr=true The 'Replace a process-level token' setting should be configured as appropriate. (1) set of accounts (1) defined by the 'User Rights Assignment' setting in Local Policy http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/3648346f-e4f5-474b-86c7-5a86e85fa1ff.mspx?mfr=true The "Adjust memory quotas for a process" setting should be configured appropriatly. (1) set of accounts (1) defined by the 'Adjust memory quotas for a process' setting in Local Policy http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/3648346f-e4f5-474b-86c7-5a86e85fa1ff.mspx?mfr=true The startup type of the HTTP SSL (HTTPFilter) service should be configured correctly. (1) automatic/manual/disabled (1) defined by the Services Administrative Tool (2) definied by Group Policy http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/2df6ff66-da04-4e7c-997d-8f7aa46af8c8.mspx?mfr=true The identity of the IIS Application Pools service should be set correctly. (1) type of service (1) Internet Information Services (IIS) Manager => Application Pools => right click Prpoerties => Identity Tab => non-privileged account Rule Title: The web site must have a unique application pool. STIG ID: WA000-WI6010 IIS6 Rule ID: SV-38137r1_rule Vuln ID: V-13703 The worker proceess isolation should be configured appropriatly. (1) enabled/disabled (1) Internet Information Services (IIS) Manager => Web Sites => right click Properties => Services => Run WWW service in IIS 5.0 http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/ed3c22ba-39fc-4332-bdb7-a0d9c76e4355.mspx?mfr=true The IIS Application Pool "Recycle worker process (in minutes)" setting should be enabled or disabled as appropriate for the specified application pools. (1) TARGET: application pool (2) enabled/disabled (1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Recycling => Recycle worker processes (in minutes) The Recycle Worker processes in minutes monitor must be set properly. STIG ID: WA000-WI6020 IIS6 Rule ID: SV-38134r1_rule Vuln ID: V-13704 The IIS Application Pool "Recycle worker process (in minutes)" setting should be set as appropriate for the specified application pools. (1) TARGET: application pool (2) number of minutes (1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Recycling => Recycle worker processes (in minutes) The Recycle Worker processes in minutes monitor must be set properly. STIG ID: WA000-WI6020 IIS6 Rule ID: SV-38134r1_rule Vuln ID: V-13704 The IIS Application Pool "Recycle worker process (number of requests)" setting should be enabled or disabled as appropriate for the specified application pools. (1) TARGET: application pool (2) enabled/disabled (1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Recycling => Recycle worker processes (number of requests) Rule Title: The maximum number of requests an application pool can process must be set. STIG ID: WA000-WI6022 IIS6 Rule ID: SV-38132r1_rule Vuln ID: V-13705 The IIS Application Pool "Recycle worker process (number of requests)" setting should be set as appropriate for the specified application pools. (1) TARGET: application pool (2) number of requests (1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Recycling => Recycle worker processes (number of requests) Rule Title: The maximum number of requests an application pool can process must be set. STIG ID: WA000-WI6022 IIS6 Rule ID: SV-38132r1_rule Vuln ID: V-13705 The IIS Application Pool "Maximum virtual memory (in megabytes)" setting should be enabled or disabled as appropriate for the specified application pools. (1) TARGET: application pool (2) enabled/disabled (1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Recycling => Maximum virtual memory (in megabytes) Rule Title: The maximum virtual memory monitor must be enabled. STIG ID: WA000-WI6024 IIS6 Rule ID: SV-38033r1_rule Vuln ID: V-13706 The IIS Application Pool "Maximum virtual memory (in megabytes)" setting should be set correctly for the specified application pools. (1) TARGET: application pool (2) number of megabytes (1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Recycling => Maximum virtual memory (in megabytes) Rule Title: The maximum virtual memory monitor must be enabled. STIG ID: WA000-WI6024 IIS6 Rule ID: SV-38033r1_rule Vuln ID: V-13706 The IIS Application Pool "Maximum used memory (in megabytes)" setting should be enabled or disabled as appropriate for the specified application pools. (1) TARGET: application pool (2) enabled/disabled (1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Recycling => Maximum used memory (in megabytes) Rule Title: The maximum used memory monitor must be enabled. STIG ID: WA000-WI6026 IIS6 Rule ID: SV-38130r1_rule Vuln ID: V-13707 The IIS Application Pool "Maximum used memory (in megabytes)" setting should be set correctly for the specified application pools. (1) TARGET: application pool (2) number of megabytes (1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Recycling => Maximum used memory (in megabytes) Rule Title: The maximum used memory monitor must be enabled. STIG ID: WA000-WI6026 IIS6 Rule ID: SV-38130r1_rule Vuln ID: V-13707 The IIS Application Pool "Shutdown worker processes after being idle (time in minutes)" setting should be enabled or disabled as appropriate for the specified application pools. (1) TARGET: application pool (2) enabled/disabled (1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Performance => Shutdown worker processes after being idle (time in minutes) Rule Title: The Shutdown worker processes Idle Timeout monitor must be enabled. STIG ID: WA000-WI6028 IIS6 Rule ID: SV-38125r1_rule Vuln ID: V-13708 The IIS Application Pool "Shutdown worker processes after being idle (time in minutes)" setting should be set correctly for the specified application pools. (1) TARGET: application pool (2) number of minutes (1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Performance => Shutdown worker processes after being idle (time in minutes) Rule Title: The Shutdown worker processes Idle Timeout monitor must be enabled. STIG ID: WA000-WI6028 IIS6 Rule ID: SV-38125r1_rule Vuln ID: V-13708 The IIS Application Pool "Limit the kernel request queue (number of requests)" setting should be enabled or disabled as appropriate for the specified application pools. (1) TARGET: application pool (2) enabled/disabled (1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Performance => Limit the kernel request queue (number of requests) Rule Title: The Limit the kernel request queue monitor must be enabled STIG ID: WA000-WI6030 IIS6 Rule ID: SV-38123r1_rule Vuln ID: V-13709 The IIS Application Pool "Limit the kernel request queue (number of requests)" setting should be set correctly for the specified application pools. (1) TARGET: application pool (2) number of requests (1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Performance => Limit the kernel request queue (number of requests) Rule Title: The Limit the kernel request queue monitor must be enabled STIG ID: WA000-WI6030 IIS6 Rule ID: SV-38123r1_rule Vuln ID: V-13709 The IIS Application Pool "'Enable pinging" setting should be enabled or disabled as appropriate for the specified application pools.. (1) TARGET: application pool (2) enabled/disabled (1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Health => Enable pinging Rule Title: The Enable pinging monitor must be enabled. STIG ID: WA000-WI6032 IIS6 Rule ID: SV-38043r1_rule Vuln ID: V-13710 The IIS Application Pool "Ping worker process every (frequency in seconds)" setting should be set correctly for the specified application pools. (1) TARGET: application pool (2) number of seconds (1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Health => Ping worker process every (frequency in seconds) Rule Title: The Enable pinging monitor must be enabled. STIG ID: WA000-WI6032 IIS6 Rule ID: SV-38043r1_rule Vuln ID: V-13710 The IIS Application Pool "Enable rapid-fail protection" setting should be enabled or disabled as appropriate for the specified application pools. (1) TARGET: application pool (2) enabled/disabled (1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Health => Enable rapid-fail protection Rule Title: The Enable rapid-fail protection monitor must be enabled. STIG ID: WA000-WI6034 IIS6 Rule ID: SV-38044r1_rule Vuln ID: V-13711 The IIS Application Pool "Enable rapid-fail protection - Failures" setting should be set correctly for the specified application pools. (1) TARGET: application pool (2) number of failures (1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Health => Enable rapid-fail protection - Failures Rule Title: The Enable rapid-fail protection monitor must be enabled. STIG ID: WA000-WI6034 IIS6 Rule ID: SV-38044r1_rule Vuln ID: V-13711 The IIS Application Pool "Enable rapid-fail protection - Time Period" setting should be set correctly for the specified application pools. (1) TARGET: application pool (2) number of minutes (1) Internet Information Services (IIS) Manager => Application Pools => <Application Pool> => right click Properties => Health => Enable rapid-fail protection - Time Period Rule Title: The Enable rapid-fail time period monitor must be enabled. STIG ID: WA000-WI6036 IIS6 Rule ID: SV-38045r1_rule Vuln ID: V-13712 The required auditing settings for the MetaBase.xml file should be assigned for the specified websites. (1) set of accounts (2) events to audit (3) applicability (1) defined by the object's SACL http://msdn.microsoft.com/en-us/library/ff648653.aspx Application object owner accounts for a specified database should be enabled or disabled as appropriate. (1) ALTER LOGIN (1) login_name (2) enable/disable (3) default_database Rule ID: V0005683 Rule Title: Application object owner accounts should be disabled when not performing installation or maintenance actions. STIG ID: DG0004 Severity: CAT II Class: Unclass Application object owner accounts for a specified database should be configured appropriately. (1)From the query prompt: USE [database name] SELECT DISTINCT u.name FROM sysusers u, sysobjects o WHERE u.uid = o.uid AND u.uid NOT IN ('1', '3', '4') (1) set of accounts (2) database name Rule ID: V0015607 Rule Title: Application objects should be owned by accounts authorized for ownership. STIG ID: DG0008 Severity: CAT II Class: Unclass Database application permissions allowing DDL statements to modify the application schema for a specified database should be configured appropriately. (1) USE [database name] SELECT USER_NAME(uid), name, crdate FROM sysobjects WHERE uid NOT IN (1, 3, 4) (1) list of permissons (2) set of accounts (3) database name Rule ID: V0003727 Rule Title: Database applications should be restricted from using static DDL statements to modify the application schema for a specified database. STIG ID: DG0015 Severity: CAT II Class: Unclass Custom and GOTS application source code for a specified databased should be encrypted or not encrypted as appropriate. (1) ALTER PROCEDURE (1) [procedure name] (2) WITH ENCRYPTION (3) Custom/GOTS procedures (4) Database Name Rule ID: V0003823 Rule Title: Custom and GOTS application source code stored in the database should be protected with encryption or encoding. STIG ID: DG0091 Severity: CAT III Class: Unclass Permissions on system tables for a specified database should be configured appropriately (1) REVOKE / GRANT (1) list of permissons (2) [object] (3) [user name] (4) [database name] Rule ID: V0002458 Rule Title: Permissions on system tables should be restricted to authorized accounts. STIG ID: DM1749 Severity: CAT II Class: Unclass DDL permissions for a specified database and specified account should be configured appropriately (1) CREATE (2) ALTER (3) DROP (1) REVOKE/GRANT CONTROL (1) set of accounts (2) list of permissions (3) database name Rule ID: V0002463 Rule Title: DDL permissions should be granted only to authorized accounts. STIG ID: DM1760 Severity: CAT II Class: Unclass Permissions using the WITH GRANT OPTION for a specified database should be configured appropriately (1) REVOKE / GRANT (1) list of permissons (2) [object] (3) [user name] (4) [database name] Rule ID: V0002498 Rule Title : Permissions using the WITH GRANT OPTION should be granted only to DBA or application administrator accounts. STIG ID: DM5144 Severity: CAT II Class: Unclass Object permissions assigned to PUBLIC or GUEST for a specified database should be configured appropriately. (1) REVOKE / GRANT (1) list of permissons (2) [object] (3) [public or guest] (4) dtaabase name Rule ID: V0015172 Rule Title: Object permissions should not be assigned to PUBLIC or GUEST. STIG ID: DM6196 Access to DBMS software files and directories should be configured appropriately. (1) defined by the object's DACL (1) set of accounts (2) list of permissions Rule ID: V0015608 Rule Title: Access to DBMS software files and directories should not be granted to unauthorized users. STIG ID: DG0009 Severity: CAT II Class: Unclass Default demonstration and sample database objects and applications should be available or removed as appropriate. (1) DROP DATABASE (1) database_name (2) database_snapshot_name Rule ID: V0015609 Rule Title: Default demonstration and sample database objects and applications should be removed. STIG ID: DG0014 Severity: CAT II Class: Unclass Required auditing parameters for database auditing should be set appropriately (1) EXEC SP_TRACE_SETSTATUS (1) TraceID Rule ID: V0005685 Rule Title: Required auditing parameters for database auditing should be set. STIG ID: DG0029 Severity: CAT II Class: Unclass DBMS privileges to restore database data or other DBMS configurations, features or objects in a specified database should be configured appropriately. (1) Use the SQL command to assign permissions to the appropriate roles (1) database name Rule ID: V0015107 Rule Title: DBMS privileges to restore database data or other DBMS configurations, features or objects should be restricted to authorized DBMS accounts. STIG ID: DG0063 Severity: CAT II Class: Unclass DBMS login account password complexity requirements should be configured appropriately (1) ALTER LOGIN (2) CHECK_POLICY (1) login name (2) on/off Rule ID: V0015152 Rule Title: DBMS login accounts require passwords to meet complexity requirements. STIG ID: DG0079 Severity: CAT II Class: Unclass Passwords for DBMS default accounts should be set appropriately (1) ALTER LOGIN (1) username (2) WITH PASSWORD [ new password ] Rule ID: V0015635 Rule Title: DBMS default accounts should be assigned custom passwords. STIG ID: DG0128 Severity: CAT I Class: Unclass Remote DBMS administration should be enabled or disabled as appropriate. (1) EXEC SP_CONFIGURE (1) remote admin connections (2) enable/disable Rule ID: V0015651 Rule Title: Remote DBMS administration should be documented and authorized or disabled. STIG ID: DG0157 Severity: CAT II Class: Unclass C2 Audit records should be configured appropriately (1) EXEC SP_CONFIGURE (2) RECONFIGURE (1) enable/disable (2) c2 audit mode Rule ID: V0002426 Rule Title: C2 Audit mode should be enabled or custom audit traces defined. STIG ID: DG0510 Severity: CAT II Class: Unclass The SQL Mail XPs should be enabled or disabled as appropriate. (1) EXEC SP_CONFIGURE (2) RECONFIGURE (1) enable/disable Rule ID: V0003335 Rule Title: SQL Mail, SQL Mail Extended Stored Procedures (XPs) and Database Mail XPs are required and enabled. STIG ID DM0900 Severity: CAT II Class: Unclass The SQL Server Database Service account should be configured appropriately. (1) Configure the SQL Server Database Service account via the Computer Management Tool. (1) member/not member Rule ID: V0015170 Rule Title: SQL Server services should be assigned least privileges on the SQL Server Windows host. STIG ID: DM0919 Severity: CAT II Class: Unclass The SQL Server Agent account should be configured appropriately. (1) Configure the SQL Server Agent account via the Computer Management Tool. (1) member/not member Rule ID: V0015170 Rule Title: SQL Server services should be assigned least privileges on the SQL Server Windows host. STIG ID: DM0919 Severity: CAT II Class: Unclass The SQL Server Service for a specified instance should be configure appropriately. (1) net user <username> <password> /add (1) local account Rule ID: V0003835 Rule Title: The SQL Server service should use a least-privileged local or domain user account STIG ID: DM0924 Severity: CAT II Class: Unclass SQL Server registry keys and sub-keys permissions should be configured appropriately. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MSSQLServer (1) granted/revoked Rule ID: V0003838 Rule Title: SQL Server registry keys should be properly secured. STIG ID: DM0927 Severity: CAT II Class: Unclass Access extended stored procedure xp_cmdshell should be configured appropriately (1) EXEC SP_CONFIGURE (1) user (2) xp_cmdshell Rule ID: V0002461 Rule Title: Extended stored procedure xp_cmdshell should be restricted to authorized accounts. STIG ID: DM1758 Severity: CAT I Class: Unclass The xp_cmdshell should be enabled or disabled as appropriate. (1) EXEC SP_CONFIGURE (2) RECONFIGURE (1) enabled/disabled (2) xp_cmdshell Rule ID: V0002461 Rule Title: Extended stored procedure xp_cmdshell should be restricted to authorized accounts. STIG ID: DM1758 Severity: CAT I Class: Unclass OLE Automation extended stored procedures should be configured appropriately. (1) GRANT OR REVOKE Command (1) permission (2) object name (3) user name Rule ID; V0002472 Rule Title: OLE Automation extended stored procedures should be restricted to sysadmin access STIG ID: DM2095 Severity: CAT II Class: Unclass Access to registry exended stored procedures should be configured appropriately. From the SQL Server Management Studio GUI: 1. Connect/expand SQL Server 2. Expand Databases 3. Expand System databases 4. Expand Master 5. Expand Programmability 6. Expand Extended Stored Procedures 7. Expand System Extended Stored Procedures 8. Locate and select each of the Registry extended stored procedures listed in the Check section 9. Right click on the extended stored procedure 10. Select Properties 11. Click on the Permissions page 12. Select each user or role and select or deselect the Grant (and With Grant if checked) permissions from all users, database roles and public except from SYSADMINs and authorized roles when permitted 13. Click OK (1) user/role Rule ID: V0002473 Rule Title: Registry extended stored procedures should be restricted to sysadmin access. STIG ID: DM2119 Severity: CAT II Class: Unclass Remote access should be configured appropriately (1) EXEC SP_CONFIGURE (2) RECONFIGURE (1) remote access', (2) enabled/disabled Rule ID: V0002485 Rule Title: Remote access should be disabled if not authorized. STIG ID: DM2142 Severity: CAT II Class: Unclass SQL Server authentication should be configured appropriately. (1) EXEC XP_LOGINCONFIG (1) 'login mode' (2) number Rule ID: V0002487 Rule Title: SQL Server authentication mode should be set to Windows authentication mode or Mixed mode. STIG ID: DM3566 Severity: CAT II Class: Unclass Access to CmdExec and ActiveScripting jobs should be configured appropriately. (1) HKEY_LOCAL_MACHINE / SOFTWARE / MICROSOFT / MSSQLServer / SQLSERVERAGENT / (Click on the SYSAdminOnly value) or From the SQL Server Enterprise Manager GUI: 1. Connect/expand SQL Server 2. Expand Management 3. Right-click on SQL Server Agent 4. Select Properties 5. Select Job System tab 6. Select or do not select the checkbox for ‘Only users with SysAdmin privileges can execute CmdExec and ActiveScripting job steps’ 7. Click Ok. enable/disable Rule ID: V0002488 Rule Title: SQL Server Agent CmdExec or ActiveScripting jobs should be restricted to sysadmins. STIG ID: DM3763 Severity: CAT II Class: Unclass Error log retention should be configured appropriately. (1) HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Microsoft SQL Server \ MSSQL.# \MSSQLServer \ NumErrorLogs (2) HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Microsoft SQL Server \ Instance Names \ SQL\[instance name] or From the SQL Server Management Studio GUI: 1. Connect to and expand the SQL Server instance 2. Expand Management 3. Right-click on SQL Server Logs 4. Select Configure 5. Under the General Page, select or deselect Limit the number of error logs before they are recycled 6. Enter the number of error log files determined for the SQL Server instance 7. Click OK (1) number of error logs Rule ID: V0015137 Rule Title: Error log retention shoud be set to meet log retention policy. STIG ID: DM3930 Severity: CAT II Class: Unclass Trace rollover should be configured appropriately. (1) EXEC SP_TRACE_CREATE [ @traceid = ] trace_id OUTPUT , [ @options = ] option_value , [ @tracefile = ] 'trace_file' [ , [ @maxfilesize = ] max_file_size ] [ , [ @stoptime = ] 'stop_time' ] [ , [ @filecount = ] 'max_rollover_files' ] (1) enable/disable (2) trace_id (3) trace_file (4) max_file_size (5) stop_time (6) max_rollover_files (2) value query (remove) Rule ID: V0002500 Rule Title: Trace Rollover should be enabled for audit traces that have a maximum trace file size. STIG ID: DM5267 Severity: CAT II Class: Unclass Named Pipes network protocol should be configured appropriately. From SQL Server Network Utility: Under Enabled protocols: 1. Select Named Pipes 2. Click on the appropriate option (enable or disable) 3. Click OK ( to save) 4. Click OK (to exit) (1) enable/disable Rule ID: V0015124 Rule Title: The Named Pipes network protocol should be documented and approved if enabled. STIG ID: DM6015 Severity: CAT II Class: Unclass SQL Server event forwarding should be configured appropriately (1) HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Sever \ MSSQL.[#] \SQLServerAgent \ AlertForwardingServer or From the SQL Server Management Studio GUI: 1. Expand instance 2. Right-click on SQL Server Agent 3. Select Properties 4. Select the Advanced page 5. Click or do not click on Forward events to a different server check box 6. Click the OK button to save and close (1) enable/disable Rule ID: V0015176 Rule Title: SQL Server event forwarding, if enabled, should be operational. STIG ID: DM6030 Severity: CAT II Class: Unclass Application object owner accounts for a specified database should be enabled or disabled as appropriate. (1) login_name (2) enable/disable (3) default_database (1) ALTER LOGIN Rule ID: V0005683 Rule Title: Application object owner accounts should be disabled when not performing installation or maintenance actions. STIG ID: DG0004 Severity: CAT II Class: Unclass Application object owner accounts for a specified database should be configured appropriately. (1) set of accounts (2) database name (1)From the query prompt: USE [database name] SELECT DISTINCT u.name FROM sysusers u, sysobjects o WHERE u.uid = o.uid AND u.uid NOT IN ('1', '3', '4') Rule ID: V0015607 Rule Title: Application objects should be owned by accounts authorized for ownership. STIG ID: DG0008 Severity: CAT II Class: Unclass Database application permissions allowing DDL statements to modify the application schema for a specified database should be configured appropriately. (1) list of permissons (2) set of accounts (3) database name (1) USE [database name] SELECT USER_NAME(uid), name, crdate FROM sysobjects WHERE uid NOT IN (1, 3, 4) Rule ID: V0003727 Rule Title: Database applications should be restricted from using static DDL statements to modify the application schema for a specified database. STIG ID: DG0015 Severity: CAT II Class: Unclass Custom and GOTS application source code for a specified databased should be encrypted or not encrypted as appropriate. (1) [procedure name] (2) WITH ENCRYPTION (3) Custom/GOTS procedures (4) Database Name (1) ALTER PROCEDURE Rule ID: V0003823 Rule Title: Custom and GOTS application source code stored in the database should be protected with encryption or encoding. STIG ID: DG0091 Severity: CAT III Class: Unclass Access to manage the database master key for a specified database should be configured appropriately. (1) list of users (2) database name (1) REVOKE / GRANT CONTROL Rule ID: V0015654 Rule Title: DBMS symmetric keys should be protected in accordance with NSA or NIST-approved key management technology or processes. STIG ID: DG0138 Severity: CAT II Class: Unclass Ownership of the asymmetric keys should be configured appropriately (1) set of audits (2) list of permissons (1) object owners (2) defined by objects DACL Rule ID: V0015142 Rule Title: Asymmetric keys should use DoD PKI Certificates and be protected in accordance with NIST (unclassified data) or NSA (classified data) approved key management and processes. STIG ID: DG0166 Severity: CAT II Class: Unclass Encryption of the asymmetric keys should be configured appropriately (1) set of audits (2) list of permissons (1) object owners (2) defined by objects DACL Rule ID: V0015142 Rule Title: Asymmetric keys should use DoD PKI Certificates and be protected in accordance with NIST (unclassified data) or NSA (classified data) approved key management and processes. STIG ID: DG0166 Severity: CAT II Class: Unclass Auditing of unauthorized access to the asymmetric keys should be configured appropriately (1) set of audits (2) list of permissons (1) object owners (2) defined by objects DACL Rule ID: V0015142 Rule Title: Asymmetric keys should use DoD PKI Certificates and be protected in accordance with NIST (unclassified data) or NSA (classified data) approved key management and processes. STIG ID: DG0166 Severity: CAT II Class: Unclass Permissions on system tables for a specified database should be configured appropriately (1) list of permissons (2) [object] (3) [user name] (4) [database name] (1) REVOKE / GRANT Rule ID: V0002458 Rule Title: Permissions on system tables should be restricted to authorized accounts. STIG ID: DM1749 Severity: CAT II Class: Unclass DDL permissions for a specified database and specified account should be configured appropriately (1) set of accounts (2) list of permissions (3) database name (1) CREATE (2) ALTER (3) DROP (1) REVOKE/GRANT CONTROL Rule ID: V0002463 Rule Title: DDL permissions should be granted only to authorized accounts. STIG ID: DM1760 Severity: CAT II Class: Unclass Permissions using the WITH GRANT OPTION for a specified database should be configured appropriately (1) list of permissons (2) [object] (3) [user name] (4) [database name] (1) REVOKE / GRANT Rule ID: V0002498 Rule Title : Permissions using the WITH GRANT OPTION should be granted only to DBA or application administrator accounts. STIG ID: DM5144 Severity: CAT II Class: Unclass The Database Master key encryption password for a specified database should be configured appropriately (1) <regenerate option> | <encryption_option> (2) password (3) database name (1) ALTER MASTER KEY Rule ID: V0015159 Rule Title: The Database Master key encryption password should meet DoD password complexity requirements. STIG ID: DM6175 Severity: CAT II Class: Unclass http://msdn.microsoft.com/en-us/library/ms186937(v=sql.90).aspx The Database Master Key for the specified database should be encrypted appropriately. (1) encryption option (2) key option (1) ALTER MASTER KEY Rule ID: V0015161 Rule Title: The Database Master Key should be encrypted by the Service Master Key where required. STIG ID: DM6179 Severity: CATII Class: Unclass Storage of the database master key password for a speicifed database should be configured appropriately. (1) database name (1) sp_control_dbmasterkey_password Rule ID: V0015162 Rule Title: Database Master Key passwords should not be stored in credentials within the database. STIG ID: DM6180 Severity: CATII Class: Unclass Protection of symmetric keys for a specified database should be configured appropriately (1) key_name (2) ENCRYPTION (3) [certificate | password | symmetric key | asymmetric key] (4) Database name (1) ALTER SYMMETRIC KEY Rule ID: V0015168 Rule Title: Symmetric keys should use a master key, certificate, or asymmetric key to encrypt the key. STIG ID: DM6183 Severity: CATII Class: Unclass Object permissions assigned to PUBLIC or GUEST for a specified database should be configured appropriately. (1) list of permissons (2) [object] (3) [public or guest] (4) dtaabase name (1) REVOKE / GRANT Rule ID: V0015172 Rule Title: Object permissions should not be assigned to PUBLIC or GUEST. STIG ID: DM6196 Access to DBMS software files and directories should be configured appropriately. (1) set of accounts (2) list of permissions (1) defined by the object's DACL Rule ID: V0015608 Rule Title: Access to DBMS software files and directories should not be granted to unauthorized users. STIG ID: DG0009 Severity: CAT II Class: Unclass Default demonstration and sample database objects and applications should be available or removed as appropriate. (1) database_name (2) database_snapshot_name (1) DROP DATABASE Rule ID: V0015609 Rule Title: Default demonstration and sample database objects and applications should be removed. STIG ID: DG0014 Severity: CAT II Class: Unclass Required auditing parameters for database auditing should be set appropriately (1) TraceID (1) EXEC SP_TRACE_SETSTATUS Rule ID: V0005685 Rule Title: Required auditing parameters for database auditing should be set. STIG ID: DG0029 Severity: CAT II Class: Unclass DBMS privileges to restore database data or other DBMS configurations, features or objects in a specified database should be configured appropriately. (1) database name (1) Use the SQL command to assign permissions to the appropriate roles Rule ID: V0015107 Rule Title: DBMS privileges to restore database data or other DBMS configurations, features or objects should be restricted to authorized DBMS accounts. STIG ID: DG0063 Severity: CAT II Class: Unclass DBMS login account password complexity requirements should be configured appropriately (1) login name (2) on/off (1) ALTER LOGIN (2) CHECK_POLICY Rule ID: V0015152 Rule Title: DBMS login accounts require passwords to meet complexity requirements. STIG ID: DG0079 Severity: CAT II Class: Unclass DBMS settings to clear residual data from memory, data objects or files, or other storage locations should be configured appropriately. (1) show advanced options (2) common criteria compliance enabled (1) EXEC SP_CONFIGURE Rule ID: V0015614 Rule Title: The DBMS should be configured to clear residual data from memory, data objects and files, and other storage locations. STIG ID: DG0084 Severity: CAT III Class: Unclass DBMS account passwords expiration should be configured appropriately (1) user name (2) WITH CHECK_EXPIRATION [ ON | OFF ] (1) ALTER LOGIN Rule ID: V0015153 Rule Title: DBMS account passwords should be set to expire every 60 days or more frequently. STIG ID: DG0125 Severity: CAT II Class: Unclass Passwords for DBMS default accounts should be set appropriately (1) username (2) WITH PASSWORD [ new password ] (1) ALTER LOGIN Rule ID: V0015635 Rule Title: DBMS default accounts should be assigned custom passwords. STIG ID: DG0128 Severity: CAT I Class: Unclass The built-in 'sa' account should be correctly named. (1) username (2) WITH NAME = [new name] (1) ALTER LOGIN Rule ID: V0015638 Rule Title: DBMS default account names should be changed. STIG ID: DG0131 Severity: CAT III Class: Unclass Access to the ErrorDumpDir should be audited or not audited as appropriate. (1) audit/not audit (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\CPE\ErrorDumpDir Rule ID: V0015643 Rule Title: Access to DBMS security should be audited. STIG ID: DG0140 Severity: CAT II Class: Unclass Access to the DefaultLog file should be audited or not audited as appropriate. (1) audit/not audit (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\MSSQLServer\DefaultLog Access to the ErrorLogFile should be audited or not audited as appropriate. (1) audit/not audit (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\SQLServerAgent\ErrorLogFile Access to the SQLPath directory should be audited or not audited as appropriate. (1) audit/not audit (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\{INSTANCE NAME}\Setup\SQLPath Access to the BackupDirectory directory should be audited or not audited as appropriate. (1) audit/not audit (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1 \MSSQLServer\BackupDirectory Access to the FullTextDefaultPath directory should be audited or not audited as appropriate. (1) audit/not audit (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1 \MSSQLServer\FullTextDefaultPath Access to the WorkingDirectory directory should be audited or not audited as appropriate. (1) audit/not audit (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Replication\WorkingDirectory Access to the SQLBinRoot directory should be audited or not audited as appropriate. (1) audit/not audit (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup\SQLBinRoot Access to the SQLDataRoot directory should be audited or not audited as appropriate. (1) audit/not audit (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup\SQLDataRoot Access to the SQLPath directory should be audited or not audited as appropriate. (1) audit/not audit (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup\SQLPath Access to the SQLProgramDir directory should be audited or not audited as appropriate. (1) audit/not audit (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup\SQLProgramDir Access to the WorkingDirectory directory should be audited or not audited as appropriate. (1) audit/not audit HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\SQLServerAgent\WorkingDirectory Access to the DataDir directory should be audited or not audited as appropriate. (1) audit/not audit (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.2\Setup\DataDir Access to the SQLBinRoot directory should be audited or not audited as appropriate. (1) audit/not audit (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.2\Setup\SQLBinRoot Access to the SQLPath directory should be audited or not audited as appropriate. (1) audit/not audit (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.2\Setup\SQLPath Access to the SQLProgramDir directory should be audited or not audited as appropriate. (1) audit/not audit (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.2\Setup\SQLProgramDir Auditing attempts to bypass access controls should be configured appropriately. (1) on/off (1) EXEC XP_LOGINCONFIG From the SQL Server Management Studio GUI: 1. Navigate to the SQL Server instance name 2. Right-click on it 3. Select Properties 4. Select Security tab or page 5. Review Login Auditing selection 6. Select "Failed logins only" or "Both failed and successful logins" from the Login Auditing section 7. Apply changes 8. Exit the SQL Server Management Studio GUI Rule ID: V0015644 Rule Title: Attempts to bypass access controls should be audited. STIG ID: DG0141 Severity: CAT II Class: Unclass The default audit trace option should be configured appropriately. (1) show advanced options (2) default trace enabled (1) EXEC SP_CONFIGURE Rule ID: V0015645 Rule Title: Changes to configuration options should be audited. STIG ID: DG0142 Severity CAT II Class: Unclass Audit records contents should be configured appropriately. (1) @traceid (2) @eventid (3) @columnid (4) @on (1) EXEC SP_TRACE_SETEVENT Rule ID: V0015646 Rule Title: Audit records should contain required information. STIG ID: DG0145 Severity: CAT II Class: Unclass http://msdn.microsoft.com/en-us/library/ms186265(v=sql.90).aspx The port which Sql Server Analysis Services uses should be configured appropriately. (1) [ 0 | port number ] (1) Sql Server Management Studio GUI \ Analysis Services Instance From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. View the value listed for Port 5. Set value to IAO-approved value 6. Click OK Rule ID: V0015648 Rule Title: Access to the DBMS should be restricted to static, default network ports. STIG ID: DG0151 Severity: CAT II Class: Unclass The ports which the DBMS uses should be configured appropriately. (1) [ 0 | port number ] (1) HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Microsoft SQL Server \ MSSQL.[#] \ MSSQLServer \ SuperSocketNetLib \ IPAll \ TCPDynamicPorts (2) HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Microsoft SQL Server \ MSSQL.[#] \ MSSQLServer \ SuperSocketNetLib \ IPAll \ TcpPort Rule ID: V0015148 Rule Title: DBMS network communications should comply with PPS usage restrictions. STIG ID: DG0152 Severity: CAT II Class: Unclass Remote DBMS administration should be enabled or disabled as appropriate. (1) remote admin connections (2) enable/disable (1) EXEC SP_CONFIGURE Rule ID: V0015651 Rule Title: Remote DBMS administration should be documented and authorized or disabled. STIG ID: DG0157 Severity: CAT II Class: Unclass Fixed server roll membership should be configured appropriately. (1) @loginname (2) @rolename (1) SP_DROPSRVROLEMEMBER (2) SP_ADDSRVROLEMEMBER Rule ID: V0002427 Rule Title: Fixed Server roles should have only authorized users or groups assigned as members STIG ID: DG0510 Severity: CAT II Class: Unclass C2 Audit records should be configured appropriately (1) enable/disable (2) c2 audit mode (1) EXEC SP_CONFIGURE (2) RECONFIGURE Rule ID: V0002426 Rule Title: C2 Audit mode should be enabled or custom audit traces defined. STIG ID: DG0510 Severity: CAT II Class: Unclass The SQL Mail XPs should be enabled or disabled as appropriate. (1) enable/disable (1) EXEC SP_CONFIGURE (2) RECONFIGURE Rule ID: V0003335 Rule Title: SQL Mail, SQL Mail Extended Stored Procedures (XPs) and Database Mail XPs are required and enabled. STIG ID DM0900 Severity: CAT II Class: Unclass The Database Mail XPs should be enabled or disabled as appropriate. (1) enable/disable (1) EXEC SP_CONFIGURE (2) RECONFIGURE Rule ID: V0003335 Rule Title: SQL Mail, SQL Mail Extended Stored Procedures (XPs) and Database Mail XPs are required and enabled. STIG ID DM0900 Severity: CAT II Class: Unclass SQL Server Agent Email should be configured appropriately (1) enabled/disabled From the SQL Server Management Studio GUI: 1. Right click on SQL Server Agent 2. Select Properties 3. Select Alert System 4. Check or uncheck the "Enable Mail profile. Rule ID: V0003336 Rule Title: SQL Server Agent email notification usage if enabled should be documented and approved by the IAO. STIG ID: DM0901 Severity: CAT II Class: Unclass The SQL Server Database Service account should be configured appropriately. (1) member/not member (1) Configure the SQL Server Database Service account via the Computer Management Tool. Rule ID: V0015170 Rule Title: SQL Server services should be assigned least privileges on the SQL Server Windows host. STIG ID: DM0919 Severity: CAT II Class: Unclass The SQL Server Agent account should be configured appropriately. (1) member/not member (1) Configure the SQL Server Agent Service account via the Computer Management Tool. Rule ID: V0015170 Rule Title: SQL Server services should be assigned least privileges on the SQL Server Windows host. STIG ID: DM0919 Severity: CAT II Class: Unclass The Analysis Services account should be configured appropriately. (1) member/not member (1) Configure the Analysis Services account via the Computer Management Tool. Rule ID: V0015170 Rule Title: SQL Server services should be assigned least privileges on the SQL Server Windows host. STIG ID: DM0919 Severity: CAT II Class: Unclass The Integration Services account should be configured appropriately. (1) member/not member (1) Configure the Integration Services account via the Computer Management Tool. Rule ID: V0015170 Rule Title: SQL Server services should be assigned least privileges on the SQL Server Windows host. STIG ID: DM0919 Severity: CAT II Class: Unclass The Reporting Services account should be configured appropriately. (1) member/not member (1) Configure the Reporting Services account via the Computer Management Tool. Rule ID: V0015170 Rule Title: SQL Server services should be assigned least privileges on the SQL Server Windows host. STIG ID: DM0919 Severity: CAT II Class: Unclass The Notification Services account should be configured appropriately. (1) member/not member (1) Configure the Notification Services account via the Computer Management Tool. Rule ID: V0015170 Rule Title: SQL Server services should be assigned least privileges on the SQL Server Windows host. STIG ID: DM0919 Severity: CAT II Class: Unclass The Full Text Search account should be configured appropriately. (1) member/not member (1) Configure the Full Text Search account via the Computer Management Tool. Rule ID: V0015170 Rule Title: SQL Server services should be assigned least privileges on the SQL Server Windows host. STIG ID: DM0919 Severity: CAT II Class: Unclass The SQL Server Browser account should be configured appropriately. (1) member/not member (1) Configure the SQL Server Browser account via the Computer Management Tool. Rule ID: V0015170 Rule Title: SQL Server services should be assigned least privileges on the SQL Server Windows host. STIG ID: DM0919 Severity: CAT II Class: Unclass The SQL Server Active Directory Helper account should be configured appropriately. (1) member/not member (1) Configure the SQL Server Active Directory Helper account via the Computer Management Tool. Rule ID: V0015170 Rule Title: SQL Server services should be assigned least privileges on the SQL Server Windows host. STIG ID: DM0919 Severity: CAT II Class: Unclass The SQL Writer account should be configured appropriately. (1) member/not member (1) Configure the SQL Writer account via the Computer Management Tool. Rule ID: V0015170 Rule Title: SQL Server services should be assigned least privileges on the SQL Server Windows host. STIG ID: DM0919 Severity: CAT II Class: Unclass The SQL Server Service for a specified instance should be configure appropriately. (1) local account (1) net user <username> <password> /add Rule ID: V0003835 Rule Title: The SQL Server service should use a least-privileged local or domain user account STIG ID: DM0924 Severity: CAT II Class: Unclass The SQLServer2005ReportServerUser registry key permissions should be configured appropriately. (1) granted/revoked HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ Instance Names \RS \SQLServer2005ReportServerUser$[instancename] Rule ID: V0003838 Rule Title: SQL Server registry keys should be properly secured. STIG ID: DM0927 Severity: CAT II Class: Unclass The SQL Server MSSearch registry key permissions should be configured appropriately. (1) granted/revoked HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ MSSQL.1 \MSSearch \ Rule ID: V0003838 Rule Title: SQL Server registry keys should be properly secured. STIG ID: DM0927 Severity: CAT II Class: Unclass The SQL Server Agent registry key permissions should be configured appropriately. (1) granted/revoked HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ MSSQL.1 \SQLServerAgent \ Rule ID: V0003838 Rule Title: SQL Server registry keys should be properly secured. STIG ID: DM0927 Severity: CAT II Class: Unclass The SQLServerADHelperUser registry key permissions should be configured appropriately. (1) granted/revoked HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ MSSQL.1\SQLServerAgent\SQLServer2005SQLServerADHelperUser$[instance name] Rule ID: V0003838 Rule Title: SQL Server registry keys should be properly secured. STIG ID: DM0927 Severity: CAT II Class: Unclass The SQL Server RS registry key permissions should be configured appropriately. (1) granted/revoked HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ Instance Names \RS \ Rule ID: V0003838 Rule Title: SQL Server registry keys should be properly secured. STIG ID: DM0927 Severity: CAT II Class: Unclass Access extended stored procedure xp_cmdshell should be configured appropriately (1) user (2) xp_cmdshell (1) EXEC SP_CONFIGURE Rule ID: V0002461 Rule Title: Extended stored procedure xp_cmdshell should be restricted to authorized accounts. STIG ID: DM1758 Severity: CAT I Class: Unclass Access extended stored procedure xp_cmdshell should be configured appropriately (1) revoke/grant (2) REVOKE / GRANT EXECUTE Rule ID: V0002461 Rule Title: Extended stored procedure xp_cmdshell should be restricted to authorized accounts. STIG ID: DM1758 Severity: CAT I Class: Unclass The xp_cmdshell should be enabled or disabled as appropriate. (1) enabled/disabled (2) xp_cmdshell (1) EXEC SP_CONFIGURE (2) RECONFIGURE The "scan for startup procs" setting should be enabled or disabled as appropriate. (1) 'scan for startup procs' (2) enabled/disabled (1) EXEC SP_CONFIGURE (2) RECONFIGURE Rule ID: V0002464 Rule Title: Execute stored procedures at startup, if enabled, should have a custom audit trace defined. STIG ID: DM1761 Severity: CAT II Class: Unclass OLE Automation extended stored procedures should configured appropriately. (1) enabled/disabled (1) EXEC SP_CONFIGURE (2) RECONFIGURE Rule ID; V0002472 Rule Title: OLE Automation extended stored procedures should be restricted to sysadmin access STIG ID: DM2095 Severity: CAT II Class: Unclass Access to registry exended stored procedures should be configured appropriately. (1) user/role (2) Grant/Revoke From the SQL Server Management Studio GUI: 1. Connect/expand SQL Server 2. Expand Databases 3. Expand System databases 4. Expand Master 5. Expand Programmability 6. Expand Extended Stored Procedures 7. Expand System Extended Stored Procedures 8. Locate and select each of the Registry extended stored procedures listed in the Check section 9. Right click on the extended stored procedure 10. Select Properties 11. Click on the Permissions page 12. Select each user or role and select or deselect the Grant (and With Grant if checked) permissions from all users, database roles and public except from SYSADMINs and authorized roles when permitted 13. Click OK Rule ID: V0002473 Rule Title: Registry extended stored procedures should be restricted to sysadmin access. STIG ID: DM2119 Severity: CAT II Class: Unclass Remote access should be configured appropriately (1) remote access', (2) enabled/disabled (1) EXEC SP_CONFIGURE (2) RECONFIGURE Rule ID: V0002485 Rule Title: Remote access should be disabled if not authorized. STIG ID: DM2142 Severity: CAT II Class: Unclass SQL Server authentication should be configured appropriately. (1) 'login mode' (2) number (1) EXEC XP_LOGINCONFIG Rule ID: V0002487 Rule Title: SQL Server authentication mode should be set to Windows authentication mode or Mixed mode. STIG ID: DM3566 Severity: CAT II Class: Unclass Access to SQL Server Agent CmdExec should be configured appropriately. (1) '[login name]' (2) @proxy_name (1) EXEC SP_REVOKE_LOGIN_FROM_PROXY Rule ID: V0002488 Rule Title: SQL Server Agent CmdExec or ActiveScripting jobs should be restricted to sysadmins. STIG ID: DM3763 Severity: CAT II Class: Unclass Access to ActiveScripting jobs should be configured appropriately. (1) '[login name]' (2) @proxy_name (1) EXEC SP_REVOKE_LOGIN_FROM_PROXY Rule ID: V0002488 Rule Title: SQL Server Agent CmdExec or ActiveScripting jobs should be restricted to sysadmins. STIG ID: DM3763 Severity: CAT II Class: Unclass Error log retention should be configured appropriately. (1) number of error logs (1) HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Microsoft SQL Server \ MSSQL.# \MSSQLServer \ NumErrorLogs (2) HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Microsoft SQL Server \ Instance Names \ SQL\[instance name] or From the SQL Server Management Studio GUI: 1. Connect to and expand the SQL Server instance 2. Expand Management 3. Right-click on SQL Server Logs 4. Select Configure 5. Under the General Page, select or deselect Limit the number of error logs before they are recycled 6. Enter the number of error log files determined for the SQL Server instance 7. Click OK Rule ID: V0015137 Rule Title: Error log retention shoud be set to meet log retention policy. STIG ID: DM3930 Severity: CAT II Class: Unclass Trace rollover should be configured appropriately. (1) enable/disable (2) trace_id (3) trace_file (4) max_file_size (5) stop_time (6) max_rollover_files (2) value query (remove) (1) EXEC SP_TRACE_CREATE [ @traceid = ] trace_id OUTPUT , [ @options = ] option_value , [ @tracefile = ] 'trace_file' [ , [ @maxfilesize = ] max_file_size ] [ , [ @stoptime = ] 'stop_time' ] [ , [ @filecount = ] 'max_rollover_files' ] Rule ID: V0002500 Rule Title: Trace Rollover should be enabled for audit traces that have a maximum trace file size. STIG ID: DM5267 Severity: CAT II Class: Unclass Named Pipes network protocol should be configured appropriately. (1) enable/disable From the SQL Server Configuration Manager GUI: 1. Expand SQL Server 2005 Network Configuration 2. Repeat for each instance: a. Select Protocols for [instance name] b. Double-click Named Pipes. c. Select Yes or No as the value. d. Click OK 3. Click OK (acknowledge change won't take place until next restart) 4. Exit the SQL Server Configuration Manager GUI Rule ID: V0015124 Rule Title: The Named Pipes network protocol should be documented and approved if enabled. STIG ID: DM6015 Severity: CAT II Class: Unclass SQL Server event forwarding should be configured appropriately (1) enable/disable (1) HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Sever \ MSSQL.[#] \SQLServerAgent \ AlertForwardingServer or From the SQL Server Management Studio GUI: 1. Expand instance 2. Right-click on SQL Server Agent 3. Select Properties 4. Select the Advanced page 5. Click or do not click on Forward events to a different server check box 6. Click the OK button to save and close Rule ID: V0015176 Rule Title: SQL Server event forwarding, if enabled, should be operational. STIG ID: DM6030 Severity: CAT II Class: Unclass SQL Server Agent proxies should be configured appropriately. (1) '[proxy name]' (2) set of permissons (3) group of users (1) SP_ENUM_PROXY_FOR_SUBSYSTEM (2) EXEC SP_REVOKE_LOGIN_FROM_PROXY Rule ID: V0015125 Rule Title: Only authorized users should be assigned permissions to SQL Server Agent proxies. STIG ID: DM6045 Severity: CAT II Class: Unclass Replication snapshot folders should be configured appropriately. (1) list of permissions/roles (2) group of accounts From Windows Explorer: 1. Administrators/DBAs: assign appropriate permission 2. Snapshot Agents: assign appropriate permission 3. Merge, Subscription, and Distribution agents: assign appropriate permission Rule ID: V0015182 Rule Title: Replication snapshot folders should be protected from unauthorized access. STIG ID: DM6075 Severity: CAT II Class: Unclass Ad hoc data mining queries configuration option should be configured appropriately (1) enable/disable (1) The configuration file (msmdsrv.ini) may be found in the [install dir] \ MSSQL.[#] \ OLAP \ Config directory. (2) AllowAdHocOpenRowsetQueries or From the SQL Server 2005 Surface Area Configuration GUI: 1. Click on Surface Area config for features 2. Expand Analysis Services 3. Select Ad Hoc Data Mining Queries 4. Enable or disable as necessary Rule ID: V0015183 Rule Title: The Analysis Services ad hoc data mining queries configuration option should be disabled if not required. STIG ID: DM6085 Severity: CAT II Class: Unclass Analysis Services Anonymous Connections should be configured appropriately (1) enable/disable (1) The configuration file (msmdsrv.ini) may be found in the [install dir] \ MSSQL.[#] \ OLAP \ Config directory. (2) RequireClientAuthentication or From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. View the value listed for Security \ RequireClientAuthentication 5. Select value = 'true or false' 6. Click OK Rule ID: V0015184 Rule Title: Analysis Services Anonymous Connections should be disabled. STIG ID: DM6086 Severity: CAT II Class: Unclass Analysis Services Links to Objects is should be configured appropriately (1) enable/disable (1) The configuration file (msmdsrv.ini) may be found in the [install dir] \ MSSQL.[#] \ OLAP \ Config directory. (2) LinkToOtherInstanceEnabled or From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. View the value listed for Feature \ LinkToOtherInstanceEnabled 5. Select value = 'true or false' 6. Click OK Rule ID: V0015204 Rule Title: Analysis Services Links to Objects should be disabled if not required. STIG ID: DM6087 Severity: CAT II Class: Unclass Analysis Services Links From Objects should be enabled or disabled as appropriate. (1) enable/disable (1) The configuration file (msmdsrv.ini) may be found in the [install dir] \ MSSQL.[#] \ OLAP \ Config directory. (2) LinkFromOtherInstanceEnabled or From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. View the value listed for Feature \ LinkFromOtherInstanceEnabled 5. Select value = 'true or false' 6. Click Ok. Rule ID: V0015186 Rule Title: Analysis Services Links From Objects should be disabled if not required STIG ID: DM 6088 Severity: CAT II Class: Unclass Analysis Services user-defined COM functions should be configured appropriately (1) enable/disable (1) The configuration file (msmdsrv.ini) may be found in the [install dir] \ MSSQL.[#] \ OLAP \ Config directory. (2) ComUdfEnabled or From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. View the value listed for Feature \ ComUdfEnabled 5. Select value = 'true or false' 6. Click OK Rule ID: V0015181 Rule Title: Analysis Services user-defined COM functions should be disabled if not required. STIG ID: DM6099 Severity: CAT II Class: Unclass Analysis Services Required Protection Levels should be configured appropriately (1) tag level values (1) msmdsrv.ini (2) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup\SqlProgramDir Rule ID: V0015188 Rule Title: Analysis Services Required Protection Level should be set to 1. STIG ID: DM6101 Severity: CAT I Class:Unclass Analysis Services Security Package List should be configured appropriately (1) list of packages (1) msmdsrv.ini (2) [install dir] \ MSSQL.[#] \ OLAP \ Config directory. From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. View the value listed for Security \ SecurityPackageList 5. Select value and delete or do not delete all unauthorized packages from the list 6. Click OK Rule ID: V0015190 Rule Title: Analysis Services Security Package List should be disabled if not required. STIG ID: DM6103 Severity: CAT II Class: Unclass The Analysis Services server role should be configured appropriately (1) usernames From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. Select the Security page 5. Select any unauthorized user to remove 6. Click or do not click the Remove button 7. Click OK Rule ID: V0015193 Rule Title: The Analysis Services server role should be restricted to authorized users. STIG ID: DM6108 Severity: CAT II Class: Unclass Analysis Services database roles should be configured appropriately for a specified server. (1) database name (2) database roles (3) usernames From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Expand the Analysis Services instance 3. Expand Databases 4. Repeat for each database: a. Click on each database role b. Open the member list c. Select any unauthorized users d. Click or unclick the Remove button e. Click OK Rule ID: V0015194 Rule Title: Only authorized accounts should be assigned to one or more Analysis Services database roles. STIG ID: DM6109 Severity: CAT II Class: Unclass Reporting Services Web service requests and HTTP should be configured appropriately (1) enable/disable From Surface Area Configuration for Features: 1. Connect to the Report Services instance 2. Expand the instance 3. Expand Report Services 4. Select Web Service Requests and HTTP Access 5. Click on or do not click on Enable Web Service Requests and HTTP access check box 6. Click OK Rule ID: V0015199 Rule Title: Reporting Services Web service requests and HTTP access should be disabled if not required. STIG ID: DM6120 Severity: CAT III Class: Unclass Reporting Services scheduled events and report delivery should be enabled or disabled as appropriate. (1) enable/disable From Surface Area Configuration for Features: 1. Connect to the Report Services instance 2. Expand the instance 3. Expand Report Services 4. Select Scheduled events and report delivery 5. Click or do not click on the Scheduled events and report delivery check box 6. Click OK Rule ID: V0015205 Rule Title: Reporting Services scheduled events and report delivery should be disabled if not required. STIG ID: DM6121 Severity: CAT III Class: Unclass Reporting Services Windows Integrated Security accounts should be configured appropriately (1) enable/disable From Surface Area Configuration for Features: 1. Connect to the Report Services instance 2. Expand the instance 3. Expand Report Services 4. Select Windows Integrated Security 5. Click on or do not click on Windows Integrated Security check box 6. Click OK Rule ID: V0015203 Rule Title: Reporting Services Windows Integrated Security should be disabled. STIG ID: DM6122 Severity: CAT II Class: Unclass Command Language Runtime objects should be configured appropriately (1) enable/disable (3) clr_enabled (1) EXEC SP_CONFIGURE (2) RECONFIGURE Rule ID: V0015202 Rule Title: Use of Command Language Runtime objects should be disabled if not required. STIG ID: DM6123 Severity: CAT III Class: Unclass XML Web Services endpoints should be configured appropriately (1) enable/disable (1) CREATE / DROP ENDPOINT Rule ID: V0015206 Rule Title: Only authorized XML Web Service endpoints should be configured on the server STIG ID: DM6126 Severity: CAT II Class: Unclass The db_owner role members for a specified replication database should be configured appropriately. (1) database_name (2) db_owner' (3) '[account name]' (1) EXEC SP_DROPROLEMEMBER (2) EXEC SP_ADDROLEMEMBER Rule ID: V0015178 Rule Title: Replication databases should have authorized db_owner role members. The replication monitor role should have authorized members. STIG ID: DM6070 Severity: CAT II Class: Unclass The Web Assistant procedures configuration option should be configured appropriately (1) enable/disable (2) 'Web Assistant procedures' (1) EXEC SP_CONFIGURE (2) RECONFIGURE Rule ID: V0015198 Rule Title: The Web Assistant procedures configuration option should be disabled if not required. STIG ID: DM6130 Severity: CAT II Class: Unclass The permissions of the SQL Server Agent proxy accounts should be configured appropriately. (1) account creation (2) list of priveleges (1) server agent proxies Rule ID: V0015197 Rule Title: Dedicated accounts should be designated for SQL Server Agent proxies. STIG ID: DM6140 Severity: CAT II Class: Unclass "Disallow adhoc access" for linked servers should be configured appropriately (1) enable/disable From the SQL Server Management Studio GUI: 1. Expand Database 2. Expand Server Objects 3. Expand Linked Servers 4. Expand Providers 5. For each Provider listed: a. Right click on Provider name b. Select Properties c. Click on do not click the Enable check box for Name = Disallow adhoc access d. Click OK button Rule ID: V0015187 Rule Title: Linked server providers should not allow ad hoc access. STIG ID: DM6155 Severity: CAT II Class: Unclass Ad Hoc distributed queries should be configured appropriately (1) ad hoc distributed queries (2) enable/disable (1) EXEC SP_CONFIGURE Rule ID: V0015166 Rule Title: Database Engine Ad Hoc distributed queries should be disabled. STIG ID: DM6160 Severity: CAT II Class: Unclass Access to Analysis Services data sources should be configured appropriately. (1) list of roles (1) Analysis Services Database Rule ID: V0015180 Rule Title: Analysis Services permissions to data sources STIG ID: DM6193 Severity: CAT II Class: Unclass Database TRUSTWORTHY status for a specific database should be configured appropriately (1) database name (2) SET TRUSTWORTHY [on | off] (1) ALTER DATABASE Rule ID: V0015173 Rule Title: Database TRUSTWORTHY status should be authorized and documented or set to off. STIG ID: DM6195 Severity: CAT II Class: Unclass The Agent XPs options should be configured appropriately (1) Agent XPs (2) enable/disable (1) EXEC SP_CONFIGURE Rule ID: V0015210 Rule Title: The Agent XPs option should be set to disabled if not required. STIG ID: DM6198 Severity: CAT II Class: Unclass The SMO and DMO XPs options should be configured appropriately (1) SMO and DMO XPs (2) enabled/disabled (1) EXEC SP_CONFIGURE Rule ID: V0015211 Title: The SMO and DMO SPs option should be set to disabled if not required. STIG ID: DM6199 Severity: CAT II Class: Unclass The "Disable VBA for Office applications" setting should be configured correctly. (1) enabled/disabled (1) 2007: GPO Settings:Computer Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office 2007 System / Security Settings (2) Registry keys: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Office\12.0\Common\VbaOff 2003: (3) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Disable VBA for Office applications (4) HKLM\Software\Policies\Microsoft\Office\11.0\Common - VbaOff (5) User Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Disable VBA for Office applications (6) HKCU\Software\Policies\Microsoft\Office\11.0\Common - VbaOff CCE-116 Table 1.124. Disable VBA for Office applications, Table 2.5. Disable VBA for Office applications User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable VBA for Office applications, Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\Disable VBA for Office applications oval:org.mitre.oval:def:771 DisableVBAForOfficeApplications The "ActiveX Control Initialization:" setting should be configured correctly. (1) 1 = Do not prompt | 4 = Prompt user to use control defaults | 6 = Prompt user to use persisted data (1) 2007: GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office 2007 system / Security /ActiveX Control InitializationSettings (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\Common\Security\UFIControls 2003: (3) User Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\ActiveX Control Initialization (4) HKCU\Software\Policies\Microsoft\Office\Common\Security - UFIControls CCE-908 Table 1.3. ActiveX Control Initialization User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\ActiveX Control Initialization (1 | 2 | 3 | 4 | 5 | 6) oval:org.mitre.oval:def:814 ActiveXControlInitialization The "Enable Customer Experience Improvement Program" setting should be configured correctly. (1) enabled/disabled (1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office 2007 / Privacy / Trust Center , Registry Keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Common\QMEnable CCE-184 Table 1.148. Enable Customer Experience Improvement Program User Configuration\Administrative Templates\Microsoft Office 2007 system\Privacy\Trust Center\Enable Customer Experience Improvement Program oval:org.mitre.oval:def:829 EnableCustomerExperienceImprovementProgram STIG ID: DTOO184 - Office 2007 Rule ID: SV-18747r3_rule Vuln ID: V-17612: Disable the "Enable Customer Experience Improvement Program" for Office. The "Enable Customer Experience Improvement Program" setting should be configured correctly. (1) enabled/disabled (1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office 2007 / Privacy / Trust Center (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Common\UpdateReliabilityData CCE-276 Table 1.23. Automatically receive small updates to improve reliability User Configuration\Administrative Templates\Microsoft Office 2007 system\Privacy\Trust Center\Automatically receive small updates to improve reliability oval:org.mitre.oval:def:1473 AutomaticallyReceiveSmallUpdatesToImproveReliability STIG ID: DTOO185 - Office Rule ID: SV-18922r1_rule Vuln ID: V-17740: Disable Automatic receiving of small updates to improve reliability - Office. The "Online content options" setting should be configured correctly. (1) 0 = Never show online content or entry points | 1 = Search only offline content whenever available | 2 = Search online content whenever available (1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office 2007 system / Tools / Options / General / Service Options / Online Content (2) Registry keys: HKEY_CURRENT_USER\Softtware\Polices\Microsoft\Office\12.0\Common\Internet\UseOnlineContent CCE-967 Table 1.179. Online content options User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Service Options...\Online Content\Online content options (Never show online content or entry points | Search only offline content whenever available | Search online content whenever available) oval:org.mitre.oval:def:1302 OnlineContentOptions The "VBA Macro Warning Settings" setting should be configured correctly for Access 2007. (1) 1 = No Security checks for macros | 2 = Trust Bar warning for all macros | 3 = Trust Bar warning for digitally signed macros only | 4 = No Warnings for all macros but disable all macros (1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Access 2007 / Application Settings / Security / Trust Center (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Access\Security\VBAWarnings CCE-427 Table 1.234. VBA Macro Warning Settings User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\VBA Macro Warning Settings (Trust Bar warning for all macros | Trust Bar warning for digitally signed macros only (unsigned macros will be disabled) | No Warnings for all macros but disable all macros | No Security checks for macros (Not recommended, code in all documents can run)) oval:org.mitre.oval:def:1403 VBAMacroWarningSettings-Access STIG ID: DTOO304 - Access Rule ID: SV-18637r2_rule Vuln ID: V-17545: Enable Warning Bar settings for VBA macros contained in Access Files. The "VBA Macro Warning Settings" setting should be configured correctly for Excel 2007. (1) 1 = No Security checks for macros | 2 = Trust Bar warning for all macros | 3 = Trust Bar warning for digitally signed macros only | 4 = No Warnings for all macros but disable all macros (1) 2007: GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Excel 2007 / Excel Options / Security / Trust Center (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Excel\Security\VBAWarnings CCE-649 Table 1.234. VBA Macro Warning Settings User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\VBA Macro Warning Settings (Trust Bar warning for all macros | Trust Bar warning for digitally signed macros only (unsigned macros will be disabled) | No Warnings for all macros but disable all macros | No Security checks for macros (Not recommended, code in all documents can run)) oval:org.mitre.oval:def:649 VBAMacroWarningSettings-Excel STIG ID: DTOO304 - Excel Rule ID: SV-18638r2_rule Vuln ID: V-17545: Enable Warning Bar settings for VBA macros contained in Excel Files. The "Trust access to Visual Basic Project" setting should be configured correctly for Excel 2007 and 2003. (1) enabled/disabled (1) 2007GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Excel 2007 / Excel Options / Security / Trust Center (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Excel\Security\AccessVBOM 2003: (3) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Excel: Trust access to Visual Basic Project (4) HKLM\Software\Policies\Microsoft\Office\11.0\Excel\Security - AccessVBOM (5) User Configuration\Administrative Templates\Microsoft Office Excel 2003\Tools\Macros\Security\Trust access to Visual Basic Project (6) HKCU\Software\Policies\Microsoft\Office\11.0\Excel\Security - AccessVBOM CCE-862 Table 1.225. Trust access to Visual Basic Project User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Trust access to Visual Basic Project oval:org.mitre.oval:def:1560 TrustAccessToVisualBasicProject-Excel The "VBA Macro Warning Settings" setting should be configured correctly for PowerPoint 2007. (1) 1 = No Security checks for macros | 2 = Trust Bar warning for all macros | 3 = Trust Bar warning for digitally signed macros only | 4 = No Warnings for all macros but disable all macros (1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office PowerPoint 2007 / PowerPoint Options / Security / Trust Center (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\VBAWarnings CCE-567 Table 1.234. VBA Macro Warning Settings User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\VBA Macro Warning Settings (Trust Bar warning for all macros | Trust Bar warning for digitally signed macros only (unsigned macros will be disabled) | No Warnings for all macros but disable all macros | No Security checks for macros (Not recommended, code in all documents can run)) oval:org.mitre.oval:def:654 VBAMacroWarningSettings-PowerPoint The "Trust access to Visual Basic Project" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office PowerPoint 2007 / PowerPoint Options / Security / Trust Center (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\AccessVBOM CCE-68 Table 1.225. Trust access to Visual Basic Project User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Trust access to Visual Basic Project oval:org.mitre.oval:def:665 TrustAccessToVisualBasicProject-PowerPoint The "Disable Remember Passwords" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Disable Remember Passwords (2) HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Security\EnableRememberPwd CCE-537 User Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Disable Remember Passwords oval:org.mitre.oval:def:1298 DisableRememberPassword The "Configure Add-In Trust Level" setting should be configured correctly for Outlook 2007. (1) 0 = Trust all or use Exchange settings if present | 1 = Trust all loaded and installed COM addins | 2 = Do NOT trust loaded and installed COM addins (1) User Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Configure Add-In Trust Level (2) HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security\AddinTrust CCE-786 Table 1.72. Configure trusted add-ins User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Trusted Add-insConfigure trusted add-ins oval:org.mitre.oval:def:1390 ConfigureAddInTrustLevel DEPRECATED in favor of CCE-537-1. CCE-937 The "Minimum encryption settings" setting should be configured correctly. (1) enabled/disabled (1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Outlook 2007 / Security / Cryptography (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security\MinEncKey CCE-13 Table 1.173. Minimum encryption settings User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Minimum encryption settings oval:org.mitre.oval:def:661 MinimumEncryptionSettings The "Do not check e-mail address against address of certificates being using" setting should be configured correctly. (1) enabled/disabled (1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Outlook 2007 / Security / Cryptography (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security\SupressNameChecks CCE-316 Table 1.134. Do not check e-mail address against address of certificates being using User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Do not check e-mail address against address of certificates being used oval:org.mitre.oval:def:1399 DoNotCheckEmailAddressAgainstAddressOfCertificatesBeingUsed The "Send all signed messages as clear signed messages" setting should be configured correctly. (1) enabled/disabled (1) 2007: GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Outlook 2007 / Security / Cryptography (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security\ClearSign 2003: (3) User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools\Options\Security\Cryptography\Send all signed messages as clear signed messages (4) HKCU\Software\Policies\Microsoft\Office\11.0\Outlook\Security - ClearSign CCE-14 Table 1.214. Send all signed messages as clear signed messages User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Send all signed messages as clear signed messages oval:org.mitre.oval:def:1388 SendAllSignedMessagesAsClearSignedMessages The "Request an S/MIME receipt for all S/MIME signed messages" setting should be configured correctly. (1) enabled/disabled (1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Outlook 2007 / Security / Cryptography (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security\RequestSecureReceipt CCE-153 Table 1.198. Request an S/MIME receipt for all S/MIME signed messages User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Request an S/MIME receipt for all S/MIME signed messages oval:org.mitre.oval:def:705 RequestAnSMIMEReceiptForAllSMIMESignedMessages The "Do not display 'Publish to GAL' button" setting should be configured correctly. (1) enabled/disabled (1) 2007: GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Outlook 2007 / Security / Cryptography (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security\PublishToGalDisabled 2003: (3) User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools\Options\Security\Cryptography\Disable 'Publish to GAL' button (4) HKCU\Software\Policies\Microsoft\office\11.0\outlook\Security - PublishToGalDisabled CCE-345 Table 1.135. Do not display 'Publish to GAL' button User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Do not display 'Publish to GAL' button oval:org.mitre.oval:def:741 DoNotDisplayPublishToGALButton The "Signature Warning" setting should be configured correctly. (1) 0 = Let user decide if they want to be warned | 1 = Always warn about invalid signatures | 2 = Never warn about invalid signatures (1) 2007: GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Outlook 2007 / Security / Cryptography (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security\WarnAboutInvalid 2003: (3) User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools\Options\Security\Cryptography\Signature Warning (4) HKCU\Software\Policies\Microsoft\Office\11.0\Outlook\Security - WarnAboutInvalid CCE-700 Table 1.220. Signature Warning User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Warning (Let user decide if they want to be warned | Always warn about invalid signatures | Never warn about invalid signatures) oval:org.mitre.oval:def:756 SignatureWarning The "Enable Cryptography Icons" setting should be configured correctly. (1) enabled/disabled (1) 2007: GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Outlook 2007 / Security / Cryptography (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security\ConvertSMIMEBlobSignedIcons 2003: (3) User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools\Options\Security\Cryptography\Enable cryptography icons (4) HKCU\Software\Policies\Microsoft\Office\11.0\Outlook\Security - ConvertSMIMEBlobSignedIcons CCE-695 User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Enable Cryptography Icons oval:org.mitre.oval:def:1716 EnableCryptographyIcons The "Retrieving CRLs (Certificate Revocation Lists)" setting should be configured correctly. (1) 0 = Use system Default | 1 = When online always retreive the CRL | 2 = Never retreive the CRL (1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Outlook 2007 / Security / Cryptography / Signature Status Dialog Box (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security\UseCRLChasing CCE-395 Table 1.204. Retrieving CRLs (Certificate Revocation Lists) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Retrieving CRLs (Certificate Revocation Lists) (Use system Default | When online always retreive the CRL | Never retreive the CRL) oval:org.mitre.oval:def:1700 RetrievingCRLs The "VBA Macro Warning Settings" setting should be configured correctly for Word 2007. (1) 1 = No Security checks for macros | 2 = Trust Bar warning for all macros | 3 = Trust Bar warning for digitally signed macros only | 4 = No Warnings for all macros but disable all macros (1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Word 2007 / Word Options / Security / Trust Center (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\VBAWarnings CCE-659 Table 1.234. VBA Macro Warning Settings User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\VBA Macro Warning Settings (Trust Bar warning for all macros | Trust Bar warning for digitally signed macros only (unsigned macros will be disabled) | No Warnings for all macros but disable all macros | No ) oval:org.mitre.oval:def:1350 VBMacroWarningSettings-Word The "Trust access to Visual Basic Project" setting should be configured correctly for Word 2007 and 2003. (1) enabled/disabled (1) 2007: GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Word 2007 / Word Options / Security / Trust Center (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Policies\Microsoft\Office\12.0\Word\Security\AccessVBOM 2003: (3) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Word: Trust access to Visual Basic Project (4) HKLM\Software\Policies\Microsoft\Office\11.0\Word\Security - AccessVBOM (5) User Configuration\Administrative Templates\Microsoft Office Word 2003\Tools\Macro\Security\Trust access to Visual Basic Project (6) HKCU\Software\Policies\Microsoft\Office\11.0\Word\Security - AccessVBOM CCE-703 Table 1.225. Trust access to Visual Basic Project User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Trust access to Visual Basic Project oval:org.mitre.oval:def:1713 TrustAccessToVisualBasicProject-Word The "Warn before printing, saving or sending a file that contains tracked changes or comments" setting should be configured correctly. (1) enabled/disabled (1) 2007: GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Word 2007 / Word Options / Security (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Options\vpref\fWarnRevisions_1805_1 2003: (2) User Configuration\Administrative Templates\Microsoft Office Word 2003\Tools\Options\Security\Warn before printing or saving or sending a file that contains tracked changes or comments (3) HKCU\Software\Policies\Microsoft\Office\11.0\Word\Options\vpre CCE-173 oval:org.mitre.oval:def:788 WarnBeforePrintingSavingOrSendingAFileThatContainsTrackedChangesOrComments The "Block updates from the Office Update Site from applying" setting should be configured correctly. (1) enabled/disabled (1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office 2007 / Miscellaneous (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\Common\OfficeUpdate\BlockUpdates CCE-784 Table 1.64. Block updates from the Office Update Site from applying User Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Block updates from the Office Update Site from applying oval:org.mitre.oval:def:1755 BlockUpdatesFromTheOfficeUpdateSiteFromApplying STIG ID: DTOO213 - Office 2007 Rule ID: SV-18669r3_rule Vuln ID: V-17565: Block Office from receiving updates from the Office Update Site. The "Underline hyperlinks" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Web Options\General\Underline hyperlinks (2) Software\Policies\Microsoft\Office\12.0\Access\Internet CCE-1395 Table 1.230. Underline hyperlinks User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Web Options\General\Underline hyperlinks The "Number of documents in the Recent Documents list (0-9)" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\General\General\Number of documents in the Recent Documents list (0-9) (2) Software\Policies\Microsoft\Office\12.0\Access\Settings CCE-1137 User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\General\General\Number of documents in the Recent Documents list (0-9) The "Disable Trust Bar Notification for unsigned application add-ins" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins (2) Software\Policies\Microsoft\Office\12.0\Access\Security CCE-1423 Table 1.120. Disable Trust Bar Notification for unsigned application add-ins User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins STIG ID: DTOO131 - Access Rule ID: SV-18219r2_rule Vuln ID: V-17187: Disable Trust Bar Notification for unsigned application add-ins - Access The "Disable all application add-ins" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Disable all application add-ins (2) Software\Policies\Microsoft\Office\12.0\Access\Security CCE-1238 Table 1.87. Disable all application add-ins User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Disable all application add-ins The "Require that application add-ins are signed by Trusted Publisher" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher (2) Software\Policies\Microsoft\Office\12.0\Access\Security CCE-1476 Table 1.200. Require that application add-ins are signed by Trusted Publisher User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher The "Disable all trusted locations" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Trusted LocationsDisable all trusted locations (2) Software\Policies\Microsoft\Office\12.0\Access\Security\Trusted Locations CCE-1520 Table 1.89. Disable all trusted locations User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Trusted Locations\Disable all trusted locations The "Allow Trusted Locations not on the computer" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Trusted Locations\Allow Trusted Locations not on the computer (2) Software\Policies\Microsoft\Office\12.0\Access\Security\Trusted Locations CCE-780 Table 1.11. Allow Trusted Locations not on the computer User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Trusted Locations\Allow Trusted Locations not on the computer The "Modal Trust Decision Only" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Trusted Locations\Modal Trust Decision Only (2) Software\Policies\Microsoft\Office\12.0\Access\Security\Trusted Locations CCE-1214 Table 1.176. Modal Trust Decision Only User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Trusted Locations\Modal Trust Decision Only The "Disable commands" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes CCE-1370 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands The "Disable commands - Office Button | E-Mail" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Office Button | E-Mail (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes CCE-1268 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Office Button | E-Mail The "Disable commands - Office Button | Access Options | Customize | All Commands | Insert Hyperlink" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Access Options | Customize | All Commands | Insert Hyperlink (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes CCE-1400 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Access Options | Customize | All Commands | Insert Hyperlink The "Disable commands - Database Tools | Database Tools | Encrypt with Password" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Database Tools | Encrypt with Password (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes CCE-1440 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Database Tools | Encrypt with Password The "Disable commands - Database Tools | Administer | Users and Permission | User and Group Permissions" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Administer | Users and Permission | User and Group Permissions (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes CCE-581 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Administer | Users and Permission | User and Group Permissions The "Disable commands - Database Tools | Administer | Users and Permissions | User and Group Accounts" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Administer | Users and Permissions | User and Group Accounts (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes CCE-1480 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Administer | Users and Permissions | User and Group Accounts The "Disable commands - Database Tools | Administer | Users and Permission | User-Level Security Wizard..." setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Administer | Users and Permission | User-Level Security Wizard... (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes CCE-1489 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Administer | Users and Permission | User-Level Security Wizard... The "Disable commands - Database Tools | Database Tools | Encode/Decode Database" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Database Tools | Encode/Decode Database (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes CCE-1392 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Database Tools | Encode/Decode Database The "Disable commands - Database Tools | Macro | Visual Basic" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Macro | Visual Basic (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes CCE-1414 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Macro | Visual Basic The "Disable commands - Database Tools | Macro | Run Macro" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Macro | Run Macro (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes CCE-1418 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Macro | Run Macro The "Database Tools | Macro | Convert Macros to Visual Basic" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Database Tools | Macro | Convert Macros to Visual Basic (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes CCE-1405 User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Database Tools | Macro | Convert Macros to Visual Basic The "Database Tools | Macro | Create Shortcut Menu from Macro" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Database Tools | Macro | Create Shortcut Menu from Macro (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes CCE-1550 User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Database Tools | Macro | Create Shortcut Menu from Macro The "Disable shortcut keys" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable shortcut keys (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledShortcutKeysCheckBoxes CCE-1075 Table 1.114. Disable shortcut keys User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable shortcut keys The "Disable commands - Ctrl+K (Office Button | Access Options | Customize | All Commands | Insert Hyperlinks)" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Ctrl+K (Office Button | Access Options | Customize | All Commands | Insert Hyperlinks) (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledShortcutKeysCheckBoxes CCE-709 Table 1.114. Disable shortcut keys User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Ctrl+K (Office Button | Access Options | Customize | All Commands | Insert Hyperlinks) The "Disable commands - Alt+F11 (Database Tools | Macro | Visual Basic)" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Alt+F11 (Database Tools | Macro | Visual Basic) (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledShortcutKeysCheckBoxes CCE-1502 Table 1.114. Disable shortcut keys User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Alt+F11 (Database Tools | Macro | Visual Basic) The "Default file format (Access 2007 | Access 2002-2003)" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Miscellaneous\Default file format (Access 2007 | Access 2002-2003) (2) Software\Policies\Microsoft\Office\12.0\Access\Settings CCE-1260 Table 1.80. Default file format User Configuration\Administrative Templates\Microsoft Office Access 2007\Miscellaneous\Default file format (Access 2007 | Access 2002-2003) STIG ID: DTOO136 - Access Rule ID: SV-18706r2_rule Vuln ID: V-17584: Set the default saved file format for Access. The "Do not prompt to convert older databases" setting should be configured correctly for Access 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Miscellaneous\Do not prompt to convert older databases (2) Software\Policies\Microsoft\Office\12.0\Access\Settings CCE-1510 Table 1.141. Do not prompt to convert older databases User Configuration\Administrative Templates\Microsoft Office Access 2007\Miscellaneous\Do not prompt to convert older databases The "Internet and network paths as hyperlinks" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Proofing\Autocorrect Options\Internet and network paths as hyperlinks (2) Software\Policies\Microsoft\Office\12.0\Excel\Options CCE-1532 Table 1.164. Internet and network paths as hyperlinks User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Proofing\Autocorrect Options\Internet and network paths as hyperlinks The "Save Excel files as (Excel Workbook (*.xlsx) | Excel Macro-Enabled Workbook (*.xlsm) | Excel Binary Workbook (*.xlsb) | Web Page (*.htm; *.html) | Excel 97-2003 Workbook (*.xls) | Excel 5.0/95 Workbook (*.xls))" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Save\Save Excel files as (Excel Workbook (*.xlsx) | Excel Macro-Enabled Workbook (*.xlsm) | Excel Binary Workbook (*.xlsb) | Web Page (*.htm; *.html) | Excel 97-2003 Workbook (*.xls) | Excel 5.0/95 Workbook (*.xls)) (2) Software\Policies\Microsoft\Office\12.0\Excel\Options CCE-1039 Table 1.211. Save Excel files as User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Save\Save Excel files as (Excel Workbook (*.xlsx) | Excel Macro-Enabled Workbook (*.xlsm) | Excel Binary Workbook (*.xlsb) | Web Page (*.htm; *.html) | Excel 97-2003 Workbook (*.xls) | Excel 5.0/95 Workbook (*.xls)) The "Disable AutoRepublish" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Save\Disable AutoRepublish (2) Software\Policies\Microsoft\Office\12.0\Excel\Options CCE-1295 Table 1.91. Disable AutoRepublish User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Save\Disable AutoRepublish The "AutoRepublish Warning Alert (Always show the alert before publishing | Never show the alert before publishing)" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Save\AutoRepublish Warning Alert (Always show the alert before publishing | Never show the alert before publishing) (2) Software\Policies\Microsoft\Office\12.0\Excel\Options CCE-1334 Table 1.25. AutoRepublish Warning Alert User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Save\AutoRepublish Warning Alert (Always show the alert before publishing | Never show the alert before publishing) The "Determine whether to force encrypted macros to be scanned in Microsoft Excel Open XML workbooks" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Determine whether to force encrypted macros to be scanned in Microsoft Excel Open XML workbooks (2) Software\Policies\Microsoft\Office\12.0\Excel\Security CCE-1308 Table 1.81. Determine whether to force encrypted macros to be scanned in Microsoft Excel Open XML workbooks User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Determine whether to force encrypted macros to be scanned in Microsoft Excel Open XML workbooks The "Force file extension to match file type (Allow different | Allow different, but warn | Always match file type)" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Force file extension to match file type (Allow different | Allow different, but warn | Always match file type) (2) Software\Policies\Microsoft\Office\12.0\Excel\Security CCE-616 Table 1.155. Force file extension to match file type User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Force file extension to match file type (Allow different | Allow different, but warn | Always match file type) The "Store macro in Personal Macro Workbook by default" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Store macro in Personal Macro Workbook by default (2) Software\Policies\Microsoft\Office\12.0\Excel\Security CCE-1246 Table 1.221. Store macro in Personal Macro Workbook by default User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Store macro in Personal Macro Workbook by default The "Disable all application add-ins" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Disable all application add-ins (2) Software\Policies\Microsoft\Office\12.0\Excel\Security CCE-1251 Table 1.87. Disable all application add-ins User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Disable all application add-ins The "Require that application add-ins are signed by Trusted Publisher" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher (2) Software\Policies\Microsoft\Office\12.0\Excel\Security CCE-1524 Table 1.200. Require that application add-ins are signed by Trusted Publisher User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher The "Disable Trust Bar Notification for unsigned application add-ins" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins (2) Software\Policies\Microsoft\Office\12.0\Excel\Security CCE-1422 Table 1.120. Disable Trust Bar Notification for unsigned application add-ins User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins The "Allow Trusted Locations not on the computer" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Trusted LocationsAllow Trusted Locations not on the computer (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\Trusted Locations CCE-1444 Table 1.11. Allow Trusted Locations not on the computer User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Trusted LocationsAllow Trusted Locations not on the computer The "Disable all trusted locations" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Trusted LocationsDisable all trusted locations (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\Trusted Locations CCE-1449 Table 1.89. Disable all trusted locations User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Trusted LocationsDisable all trusted locations The "Ignore other applications " setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Advanced\Ignore other applications (2) Software\Policies\Microsoft\Office\12.0\Excel\Options\BinaryOptions CCE-1471 Table 1.159. Ignore other applications User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Advanced\Ignore other applications The "Ask to update automatic links" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Advanced\Ask to update automatic links (2) Software\Policies\Microsoft\Office\12.0\Excel\Options CCE-1119 Table 1.17. Ask to update automatic links User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Advanced\Ask to update automatic links The "Number of documents in the Recent Documents list (0-17)" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Advanced\Number of documents in the Recent Documents list (0-17) (2) Software\Policies\Microsoft\Office\12.0\Excel\File MRU CCE-1378 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Advanced\Number of documents in the Recent Documents list (0-17) The "Save any additional data necessary to maintain formulas" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Advanced\Web Options…\GeneralSave any additional data necessary to maintain formulas (2) Software\Policies\Microsoft\Office\12.0\Excel\Internet CCE-1277 Table 1.210. Save any additional data necessary to maintain formulas User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Advanced\Web Options…\GeneralSave any additional data necessary to maintain formulas The "Load pictures from Web pages not created in Excel" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Advanced\Web Options…\GeneralLoad pictures from Web pages not created in Excel (2) Software\Policies\Microsoft\Office\12.0\Excel\Internet CCE-1464 Table 1.169. Load pictures from Web pages not created in Excel User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Advanced\Web Options…\GeneralLoad pictures from Web pages not created in Excel The "Do not show data extraction options when opening corrupt workbooks" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Data Recovery\Do not show data extraction options when opening corrupt workbooks (2) Software\Policies\Microsoft\Office\12.0\Excel\Options CCE-1094 Table 1.143. Do not show data extraction options when opening corrupt workbooks User Configuration\Administrative Templates\Microsoft Office Excel 2007\Data Recovery\Do not show data extraction options when opening corrupt workbooks The "Assume structured storage format of workbook is intact when recovering data" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Data Recovery\Assume structured storage format of workbook is intact when recovering data (2) Software\Policies\Microsoft\Office\12.0\Excel\Options CCE-1129 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Data Recovery\Assume structured storage format of workbook is intact when recovering data The "Corrupt formula conversion (Convert unrecoverable references to: values | #REF or #NAME)" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Data Recovery\Corrupt formula conversion (Convert unrecoverable references to: values | #REF or #NAME) (2) Software\Policies\Microsoft\Office\12.0\Excel\Options CCE-1389 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Data Recovery\Corrupt formula conversion (Convert unrecoverable references to: values | #REF or #NAME) The "Connection File Locations" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Data Access Security\Connection File Locations (2) Software\Policies\Microsoft\Office\Common\Server Links\Published CCE-1433 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Data Access Security\Connection File Locations The "Automatic Query Refresh (Prompt for all workbooks | Do not prompt; do not allow auto refresh | Do not prompt; allow auto refresh)" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Data Access Security\Automatic Query Refresh (Prompt for all workbooks | Do not prompt; do not allow auto refresh | Do not prompt; allow auto refresh) (2) Software\Policies\Microsoft\Office\Common\Server Links\Published CCE-1323 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Data Access Security\Automatic Query Refresh (Prompt for all workbooks | Do not prompt; do not allow auto refresh | Do not prompt; allow auto refresh) The "Disable commands" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes CCE-1469 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands The "Disable commands - Office Button | Excel Options | Customize | All Commands | Save as Web Page" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Excel Options | Customize | All Commands | Save as Web Page (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes CCE-1473 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Excel Options | Customize | All Commands | Save as Web Page The "Disable commands - Office Button | Excel Options | Customize | All Commands | Web Page Preview" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Excel Options | Customize | All Commands | Web Page Preview (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes CCE-1499 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Excel Options | Customize | All Commands | Web Page Preview The "Disable commands - Office Button | Send | Email" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Send | Email (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes CCE-1024 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Send | Email The "Disable commands - Insert | Links | Hyperlink" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Insert | Links | Hyperlink (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes CCE-1530 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Insert | Links | Hyperlink The "Disable commands - Review | Changes | Protect Sheet" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Review | Changes | Protect Sheet (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes CCE-1120 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Review | Changes | Protect Sheet The "Disable commands - Review | Changes | Protect Workbook" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Review | Changes | Protect Workbook (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes CCE-1252 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Review | Changes | Protect Workbook The "Disable commands - Review | Changes | Protect and Share Workbook" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Review | Changes | Protect and Share Workbook (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes CCE-1151 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Review | Changes | Protect and Share Workbook The "Disable commands - View | Macros | Macros" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - View | Macros | Macros (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes CCE-1301 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - View | Macros | Macros The "Disable commands - Developer | Code | Macros" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macros (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes CCE-1310 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macros The "Disable commands - Developer | Code | Record Macro" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Record Macro (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes CCE-1213 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Record Macro The "Disable commands - Developer | Code | Macro Security" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macro Security (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes CCE-1362 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macro Security The "Disable commands - Developer | Code | Visual Basic" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Visual Basic (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes CCE-1156 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Visual Basic The "Disable commands - Office Button | Excel Options | Customize | All Commands | Document Location" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Excel Options | Customize | All Commands | Document Location (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes CCE-1429 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Excel Options | Customize | All Commands | Document Location The "Disable shortcut keys" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable shortcut keys (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledShortcutKeysCheckBoxes CCE-1182 Table 1.114. Disable shortcut keys User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable shortcut keys The "Disable shortcut keys - Ctrl+K (Insert | Links | Hyperlink)" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable shortcut keys - Ctrl+K (Insert | Links | Hyperlink) (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledShortcutKeysCheckBoxes CCE-1525 Table 1.114. Disable shortcut keys User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable shortcut keys - Ctrl+K (Insert | Links | Hyperlink) The "Disable shortcut keys - Alt+F8 (Developer | Code | Macros)" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable shortcut keys - Alt+F8 (Developer | Code | Macros) (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledShortcutKeysCheckBoxes CCE-1547 Table 1.114. Disable shortcut keys User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable shortcut keys - Alt+F8 (Developer | Code | Macros) The "Disable shortcut keys - Alt+F11 (Developer | Code | Visual Basic)" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable shortcut keys - Alt+F11 (Developer | Code | Visual Basic) (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledShortcutKeysCheckBoxes CCE-1300 Table 1.114. Disable shortcut keys User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable shortcut keys - Alt+F11 (Developer | Code | Visual Basic) The "Block opening of pre-release versions of file formats new to Excel 2007" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of pre-release versions of file formats new to Excel 2007 (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock CCE-1331 Table 1.34. Block opening of files created by pre-release versions of Excel 2007 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of pre-release versions of file formats new to Excel 2007 The "Block opening of Open XML file types" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Open XML file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock CCE-1468 Table 1.38. Block opening of Open XML file types User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Open XML file types The "Block opening of Binary 12 file types" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Binary 12 file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock CCE-1490 Table 1.29. Block opening of Binary 12 file types User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Binary 12 file types The "Block opening of Binary file types" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Binary file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock CCE-1512 Table 1.30. Block opening of Binary file types User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Binary file types The "Block opening of Html and Xmlss files types" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Html and Xmlss files types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock CCE-1543 Table 1.35. Block opening of Html and Xmlss files types User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Html and Xmlss files types The "Block opening of Xml file types" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Xml file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock CCE-1195 Table 1.49. Block opening of Xml file types User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Xml file types The "Block opening of DIF and SYLK file types" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of DIF and SYLK file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock CCE-554 Table 1.32. Block opening of DIF and SYLK file types User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of DIF and SYLK file types The "Block opening of Text file types" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Text file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock CCE-1415 Table 1.46. Block opening of Text file types User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Text file types The "Block opening of Xll file type" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Xll file type (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock CCE-1437 Table 1.48. Block opening of Xll file type User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Xll file type The "Block saving of Open Xml file types" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving of Open Xml file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileSaveBlock CCE-1446 Table 1.57. Block saving of Open Xml file types User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving of Open Xml file types The "Block saving of Binary12 file types" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving of Binary12 file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileSaveBlock CCE-1098 Table 1.52. Block saving of Binary12 file types User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving of Binary12 file types The "Block saving of Binary file types" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving of Binary file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileSaveBlock CCE-562 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving of Binary file types The "Block saving of Html and Xmlss file types" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving of Html and Xmlss file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileSaveBlock CCE-1507 Table 1.55. Block saving of Html and Xmlss file types User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving of Html and Xmlss file types The "Block saving Xml file types" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving Xml file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileSaveBlock CCE-1406 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving Xml file types The "Block saving DIF and SYLK file types" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving DIF and SYLK file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileSaveBlock CCE-573 Table 1.50. Block saving DIF and SYLK file types User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving DIF and SYLK file types The "Block saving of Text file types" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving of Text file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileSaveBlock CCE-1336 Table 1.60. Block saving of Text file types User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving of Text file types The "Locally cache network file storages" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Miscellaneous\Locally cache network file storages (2) Software\Policies\Microsoft\Office\12.0\Excel\Options CCE-1230 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Miscellaneous\Locally cache network file storages The "Locally cache PivotTable reports" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Miscellaneous\Locally cache PivotTable reports (2) Software\Policies\Microsoft\Office\12.0\Excel\Options CCE-1375 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Miscellaneous\Locally cache PivotTable reports The "OLAP PivotTable User Defined Function (UDF) security setting (Allow ALL UDFs | Allow safe UDFs only | Allow NO UDFs)" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Miscellaneous\OLAP PivotTable User Defined Function (UDF) security setting (Allow ALL UDFs | Allow safe UDFs only | Allow NO UDFs) (2) Software\Policies\Microsoft\Office\12.0\Excel\Options CCE-1380 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Miscellaneous\OLAP PivotTable User Defined Function (UDF) security setting (Allow ALL UDFs | Allow safe UDFs only | Allow NO UDFs) The "Recognize SmartTags" setting should be configured correctly for Excel 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Miscellaneous\Recognize SmartTags (2) Software\Policies\Microsoft\Office\12.0\Excel\Options CCE-1376 User Configuration\Administrative Templates\Microsoft Office Excel 2007\Miscellaneous\Recognize SmartTags The "Number of documents in the Recent Documents list (0 - 9)" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Tools | Options\General\Number of documents in the Recent Documents list (0 - 9) (2) Software\Policies\Microsoft\Office\12.0\InfoPath CCE-1398 User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Tools | Options\General\Number of documents in the Recent Documents list (0 - 9) The "Offline Mode status (Disabled | Enabled, InfoPath in Offline Mode | Enabled, InfoPath not in Offline Mode)" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Tools | Options\Advanced\Offline\Offline Mode status (Disabled | Enabled, InfoPath in Offline Mode | Enabled, InfoPath not in Offline Mode) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Editor\Offline CCE-569 Table 1.178. Offline Mode status User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Tools | Options\Advanced\Offline\Offline Mode status (Disabled | Enabled, InfoPath in Offline Mode | Enabled, InfoPath not in Offline Mode) The "Disable commands" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes CCE-1065 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands The "Disable commands - File | Print" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - File | Print (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes CCE-1361 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - File | Print The "Disable commands - File | Send to Mail Recipient" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - File | Send to Mail Recipient (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes CCE-1096 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - File | Send to Mail Recipient The "Disable commands - File | Open from SharePoint Site" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - File | Open from SharePoint Site (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes CCE-1391 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - File | Open from SharePoint Site The "Disable commands - File | Print Preview" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - File | Print Preview (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes CCE-1519 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - File | Print Preview The "Disable commands - File | Page Setup" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - File | Page Setup (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes CCE-1523 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - File | Page Setup The "Disable commands - Insert | Hyperlinks..." setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Insert | Hyperlinks... (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes CCE-1171 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Insert | Hyperlinks... The "Disable commands - Tools | Set Language" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Tools | Set Language (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes CCE-1457 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Tools | Set Language The "Disable commands - Tools | Customize..." setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Tools | Customize... (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes CCE-1426 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Tools | Customize... The "Disable commands - Tools | Options..." setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Tools | Options... (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes CCE-805 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Tools | Options... The "Disable commands - Help | Microsoft Office Online" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Help | Microsoft Office Online (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes CCE-1453 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Help | Microsoft Office Online The "Disable commands - Office Diagnostics" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Office Diagnostics (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes CCE-1351 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Office Diagnostics The "Disable commands - Help | Activate Product..." setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Help | Activate Product... (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes CCE-620 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Help | Activate Product... The "Disable commands - Print Default" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Print Default (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes CCE-1017 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Print Default The "Disable shortcut keys" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable shortcut keys (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledShortcutKeysCheckBoxes CCE-1021 Table 1.114. Disable shortcut keys User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable shortcut keys The "Disable shortcut keys - Print Shortcut (Ctrl+P)" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable shortcut keys - Print Shortcut (Ctrl+P) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledShortcutKeysCheckBoxes CCE-1299 Table 1.114. Disable shortcut keys User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable shortcut keys - Print Shortcut (Ctrl+P) The "Disable shortcut keys - Insert Hyperlink Shortcut (Ctrl+K)" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable shortcut keys - Insert Hyperlink Shortcut (Ctrl+K) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledShortcutKeysCheckBoxes CCE-1197 Table 1.114. Disable shortcut keys User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable shortcut keys - Insert Hyperlink Shortcut (Ctrl+K) The "Control behavior for Windows SharePoint Services gradual upgrade (Allow redirections to any location | Allow redirections to Intranet only | Block all redirections)" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Control behavior for Windows SharePoint Services gradual upgrade (Allow redirections to any location | Allow redirections to Intranet only | Block all redirections) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security CCE-704 Table 1.73. Control behavior for Windows SharePoint Services gradual upgrade User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Control behavior for Windows SharePoint Services gradual upgrade (Allow redirections to any location | Allow redirections to Intranet only | Block all redirections) The "Disable opening of solutions from the Internet security zone" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Disable opening of solutions from the Internet security zone (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security CCE-1105 Table 1.109. Disable opening of solutions from the Internet security zone User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Disable opening of solutions from the Internet security zone The "Disable fully trusted solutions full access to computer" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Disable fully trusted solutions full access to computer (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security CCE-1114 Table 1.102. Disable fully trusted solutions full access to computer User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Disable fully trusted solutions full access to computer The "Allow the use of ActiveX Custom Controls in InfoPath forms" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Allow the use of ActiveX Custom Controls in InfoPath forms (2) Software\Policies\Microsoft\Office\12.0\InfoPath CCE-761 User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Allow the use of ActiveX Custom Controls in InfoPath forms The "Run forms in restricted mode if they do not specify a publish location and use only features introduced before InfoPath 2003 SP1" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Run forms in restricted mode if they do not specify a publish location and use only features introduced before InfoPath 2003 SP1 (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security CCE-739 User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Run forms in restricted mode if they do not specify a publish location and use only features introduced before InfoPath 2003 SP1 The "Allow file types as attachments to forms" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Allow file types as attachments to forms (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security CCE-1259 Table 1.7. Allow file types as attachments to forms User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Allow file types as attachments to forms The "Block specific file types as attachments to forms" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Block specific file types as attachments to forms (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security CCE-1267 Table 1.62. Block specific file types as attachments to forms User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Block specific file types as attachments to forms The "Prevent users from allowing unsafe file types to be attached to forms" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Prevent users from allowing unsafe file types to be attached to forms (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security CCE-1060 Table 1.186. Prevent users from allowing unsafe file types to be attached to forms User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Prevent users from allowing unsafe file types to be attached to forms The "Display a warning that a form is digitally signed" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Display a warning that a form is digitally signed (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security CCE-955 User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Display a warning that a form is digitally signed The "Control behavior when opening forms in the Internet security zone (Block | Prompt | Allow)" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Control behavior when opening forms in the Internet security zone (Block | Prompt | Allow) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Open Behaviors CCE-1479 Table 1.74. Control behavior when opening forms in the Internet security zone User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Control behavior when opening forms in the Internet security zone (Block | Prompt | Allow) The "Control behavior when opening forms in the Intranet security zone (Block | Prompt | Allow)" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Control behavior when opening forms in the Intranet security zone (Block | Prompt | Allow) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Open Behaviors CCE-1360 Table 1.75. Control behavior when opening forms in the Intranet security zone User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Control behavior when opening forms in the Intranet security zone (Block | Prompt | Allow) The "Control behavior when opening forms in the Local Machine security zone (Block | Prompt | Allow)" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Control behavior when opening forms in the Local Machine security zone (Block | Prompt | Allow) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Open Behaviors CCE-1386 User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Control behavior when opening forms in the Local Machine security zone (Block | Prompt | Allow) The "Control behavior when opening forms in the Trusted Site security zone (Block | Prompt | Allow)" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Control behavior when opening forms in the Trusted Site security zone (Block | Prompt | Allow) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Open Behaviors CCE-893 Table 1.76. Control behavior when opening forms in the Trusted Site security zone User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Control behavior when opening forms in the Trusted Site security zone (Block | Prompt | Allow) The "Beaconing UI for forms opened in InfoPath (Never show beaconing UI | Always show beaconing UI | Show UI if Form Template is from Internet Zone)" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Beaconing UI for forms opened in InfoPath (Never show beaconing UI | Always show beaconing UI | Show UI if Form Template is from Internet Zone) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security CCE-1290 Table 1.26. Beaconing UI for forms opened in InfoPath User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Beaconing UI for forms opened in InfoPath (Never show beaconing UI | Always show beaconing UI | Show UI if Form Template is from Internet Zone) The "Beaconing UI for forms opened in InfoPath Editor ActiveX (Never show beaconing UI | Always show beaconing UI | Show UI if Form Template is from Internet Zone)" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Beaconing UI for forms opened in InfoPath Editor ActiveX (Never show beaconing UI | Always show beaconing UI | Show UI if Form Template is from Internet Zone) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security CCE-1381 Table 1.27. Beaconing UI for forms opened in InfoPath Editor ActiveX User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Beaconing UI for forms opened in InfoPath Editor ActiveX (Never show beaconing UI | Always show beaconing UI | Show UI if Form Template is from Internet Zone) The "Disable all application add-ins" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Trust Center\Disable all application add-ins (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security CCE-1135 Table 1.87. Disable all application add-ins User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Trust Center\Disable all application add-ins The "Require that application add-ins are signed by Trusted Publisher" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security CCE-1157 Table 1.200. Require that application add-ins are signed by Trusted Publisher User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher The "Disable Trust Bar Notification for unsigned application add-ins" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security CCE-1434 Table 1.120. Disable Trust Bar Notification for unsigned application add-ins User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins The "Control behavior when opening InfoPath e-mail forms containing code or script (Run without prompting | Prompt before running | Never run)" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Control behavior when opening InfoPath e-mail forms containing code or script (Run without prompting | Prompt before running | Never run) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security CCE-1315 Table 1.77. Control behavior when opening InfoPath e-mail forms containing code or script User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Control behavior when opening InfoPath e-mail forms containing code or script (Run without prompting | Prompt before running | Never run) The "Disable sending form template with e-mail forms" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable sending form template with e-mail forms (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Deployment CCE-1210 Table 1.112. Disable sending form template with e-mail forms User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable sending form template with e-mail forms The "Disable dynamic caching of the form template in InfoPath e-mail forms" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable dynamic caching of the form template in InfoPath e-mail forms (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Deployment CCE-1236 Table 1.97. Disable dynamic caching of the form template in InfoPath e-mail forms User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable dynamic caching of the form template in InfoPath e-mail forms The "Disable sending InfoPath 2003 Forms as e-mail forms" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable sending InfoPath 2003 Forms as e-mail forms (2) Software\Policies\Microsoft\Office\12.0\InfoPath CCE-884 Table 1.113. Disable sending InfoPath 2003 Forms as e-mail forms User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable sending InfoPath 2003 Forms as e-mail forms The "Disable e-mail forms running in restricted security level" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable e-mail forms running in restricted security level (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security CCE-1518 Table 1.101. Disable e-mail forms running in restricted security level User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable e-mail forms running in restricted security level The "Disable e-mail forms from the Internet security zone" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable e-mail forms from the Internet security zone (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security CCE-1170 Table 1.99. Disable e-mail forms from the Internet security zone User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable e-mail forms from the Internet security zone The "Disable e-mail forms from the Intranet security zone" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable e-mail forms from the Intranet security zone (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security CCE-1316 Table 1.100. Disable e-mail forms from the Intranet security zone User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable e-mail forms from the Intranet security zone The "Disable e-mail forms from the Full Trust security zone" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable e-mail forms from the Full Trust security zone (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security CCE-1567 Table 1.98. Disable e-mail forms from the Full Trust security zone User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable e-mail forms from the Full Trust security zone The "Disable InfoPath e-mail forms in Outlook" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable InfoPath e-mail forms in Outlook (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-1265 Table 1.106. Disable InfoPath e-mail forms in Outlook User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable InfoPath e-mail forms in Outlook The "Information Rights Management" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Restricted Features\Information Rights Management (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Designer\RestrictedFeatures CCE-1538 Table 1.163. Information Rights Management User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Restricted Features\Information Rights Management The "Custom code" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Restricted Features\Custom code (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Designer\RestrictedFeatures CCE-1564 Table 1.79. Custom code User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Restricted Features\Custom code The "Email Forms Beaconing UI (Never show UI | Always show UI | Show UI if XSN is in Internet Zone)" setting should be configured correctly for InfoPath 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Miscellaneous\Email Forms Beaconing UI (Never show UI | Always show UI | Show UI if XSN is in Internet Zone) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security CCE-1212 Table 1.147. Email Forms Beaconing UI User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Miscellaneous\Email Forms Beaconing UI (Never show UI | Always show UI | Show UI if XSN is in Internet Zone) The "Disable user customization of Quick Access Toolbar via UI" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars CCE-1344 Table 1.122. Disable user customization of Quick Access Toolbar via UI User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI The "Disable user customization of Quick Access Toolbar via UI - Disallow in Word" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI - Disallow in Word (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars CCE-723 Table 1.122. Disable user customization of Quick Access Toolbar via UI User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI - Disallow in Word The "Disable user customization of Quick Access Toolbar via UI - Disallow in Excel" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI - Disallow in Excel (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars CCE-1384 Table 1.122. Disable user customization of Quick Access Toolbar via UI User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI - Disallow in Excel The "Disable user customization of Quick Access Toolbar via UI - Disallow in PowerPoint" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI - Disallow in PowerPoint (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars CCE-1159 Table 1.122. Disable user customization of Quick Access Toolbar via UI User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI - Disallow in PowerPoint The "Disable user customization of Quick Access Toolbar via UI - Disallow in Access" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI - Disallow in Access (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars CCE-1146 Table 1.122. Disable user customization of Quick Access Toolbar via UI User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI - Disallow in Access The "Disable user customization of Quick Access Toolbar via UI - Disallow in Outlook" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI - Disallow in Outlook (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars CCE-1542 Table 1.122. Disable user customization of Quick Access Toolbar via UI User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI - Disallow in Outlook The "Disable all user customization of Quick Access Toolbar" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars CCE-582 Table 1.90. Disable all user customization of Quick Access Toolbar User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar The "Disable all user customization of Quick Access Toolbar - Disallow in Word" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar - Disallow in Word (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars CCE-1291 Table 1.90. Disable all user customization of Quick Access Toolbar User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar - Disallow in Word The "Disable all user customization of Quick Access Toolbar - Disallow in Excel" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar - Disallow in Excel (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars CCE-1326 Table 1.90. Disable all user customization of Quick Access Toolbar User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar - Disallow in Excel The "Disable all user customization of Quick Access Toolbar - Disallow in PowerPoint" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar - Disallow in PowerPoint (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars CCE-1330 Table 1.90. Disable all user customization of Quick Access Toolbar User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar - Disallow in PowerPoint The "Disable all user customization of Quick Access Toolbar - Disallow in Access" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar - Disallow in Access (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars CCE-1335 Table 1.90. Disable all user customization of Quick Access Toolbar User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar - Disallow in Access The "Disable all user customization of Quick Access Toolbar - Disallow in Outlook" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar - Disallow in Outlook (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars CCE-1229 Table 1.90. Disable all user customization of Quick Access Toolbar User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar - Disallow in Outlook The "Disable UI extending from documents and templates" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars CCE-630 Table 1.121. Disable UI extending from documents and templates User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates The "Disable UI extending from documents and templates - Disallow in Word" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates - Disallow in Word (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars CCE-1154 Table 1.121. Disable UI extending from documents and templates User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates - Disallow in Word The "Disable UI extending from documents and templates - Disallow in Excel" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates - Disallow in Excel (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars CCE-1410 Table 1.121. Disable UI extending from documents and templates User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates - Disallow in Excel The "Disable UI extending from documents and templates - Disallow in PowerPoint" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates - Disallow in PowerPoint (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars CCE-1432 Table 1.121. Disable UI extending from documents and templates User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates - Disallow in PowerPoint The "Disable UI extending from documents and templates - Disallow in Access" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates - Disallow in Access (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars CCE-1198 Table 1.121. Disable UI extending from documents and templates User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates - Disallow in Access The "Disable UI extending from documents and templates - Disallow in Outlook" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates - Disallow in Outlook (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars CCE-929 Table 1.121. Disable UI extending from documents and templates User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates - Disallow in Outlook The "Recognize smart tags in Excel" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | AutoCorrect Options... (Excel, Word, PowerPoint and Access)\Recognize smart tags in Excel (2) Software\Policies\Microsoft\Office\12.0\Excel\Options CCE-1074 Table 1.194. Recognize smart tags in Excel User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | AutoCorrect Options... (Excel, Word, PowerPoint and Access)\Recognize smart tags in Excel The "Disable Clip Art and Media downloads from the client and from Office Online website" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Disable Clip Art and Media downloads from the client and from Office Online website (2) Software\Policies\Microsoft\Office\12.0\Common\Internet CCE-1458 Table 1.93. Disable Clip Art and Media downloads from the client and from Office Online website User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Disable Clip Art and Media downloads from the client and from Office Online website The "Disable template downloads from the client and from Office Online website" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Disable template downloads from the client and from Office Online website (2) Software\Policies\Microsoft\Office\12.0\Common\Internet CCE-1233 Table 1.117. Disable template downloads from the client and from Office Online website User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Disable template downloads from the client and from Office Online website The "Disable access to updates, add-ins, and patches on the Office Online website" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Disable access to updates, add-ins, and patches on the Office Online website (2) Software\Policies\Microsoft\Office\12.0\Common\Internet CCE-1379 Table 1.85. Disable access to updates, add-ins, and patches on the Office Online website User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Disable access to updates, add-ins, and patches on the Office Online website STIG ID: DTOO177 - Office Rule ID: SV-18714r3_rule Vuln ID: V-17588: Disable access to updates, add-ins, and patches on the Office Online Website - Office. The "Prevents users from uploading document templates to the Office Online community." setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Prevents users from uploading document templates to the Office Online community. (2) Software\Policies\Microsoft\Office\12.0\Common\Internet CCE-1401 Table 1.188. Prevents users from uploading document templates to the Office Online community User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Prevents users from uploading document templates to the Office Online community. STIG ID: DTOO178 - Office Rule ID: SV-18972r3_rule Vuln ID: V-17767: Prevent upload of document templates to Office Online. The "Disable training practice downloads from the Office Online website" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Disable training practice downloads from the Office Online website (2) Software\Policies\Microsoft\Office\12.0\Common\Internet CCE-1528 Table 1.119. Disable training practice downloads from the Office Online website User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Disable training practice downloads from the Office Online website The "Disable customer-submitted templates downloads from Office Online" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Disable customer-submitted templates downloads from Office Online (2) Software\Policies\Microsoft\Office\12.0\Common\Internet CCE-1533 Table 1.95. Disable customer-submitted templates downloads from Office Online User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Disable customer-submitted templates downloads from Office Online The "Open Office documents as read/write while browsing" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Files\Open Office documents as read/write while browsing (2) Software\Policies\Microsoft\Office\12.0\Common\Internet CCE-646 Table 1.180. Open Office documents as read/write while browsing User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Files\Open Office documents as read/write while browsing STIG ID: DTOO179 - Office Rule ID: SV-18956r3_rule Vuln ID: V-17759: Disable "Open documents as Read Write when browsing" feature. - Office The "Rely on VML for displaying graphics in browsers" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Browsers\Rely on VML for displaying graphics in browsers (2) Software\Policies\Microsoft\Office\12.0\Common\Internet CCE-1438 Table 1.195. Rely on VML for displaying graphics in browsers User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Browsers\Rely on VML for displaying graphics in browsers STIG ID: DTOO180 - Office Rule ID: SV-18983r3_rule Vuln ID: V-17773: Do Not rely on Vector markup Language (VML) for displaying graphics in browsers. The "Allow PNG as an output format" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Browsers\Allow PNG as an output format (2) Software\Policies\Microsoft\Office\12.0\Common\Internet CCE-711 Table 1.9. Allow PNG as an output format User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Browsers\Allow PNG as an output format STIG ID: DTOO181 - Office Rule ID: SV-18661r3_rule Vuln ID: V-17561: Do not allow choice of output to include PNG (Portable Network Graphics) The "Improve Proofing Tools" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | Spelling\Proofing Data Collection\Improve Proofing Tools (2) Software\Policies\Microsoft\Office\12.0\Common\PTWatson CCE-1292 Table 1.160. Improve Proofing Tools User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | Spelling\Proofing Data Collection\Improve Proofing Tools STIG ID: DTOO182 - Office Rule ID: SV-18770r3_rule Vuln ID: V-17627: Configure the Help Improve Proofing Tools feature for Office. The "Disable Opt-in Wizard on first run" setting should be configured correctly. (1) enabled/disabled (1) User Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office 2007\Privacy \Trust Center\Disable Opt-in Wizard on first run (2) HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Common\QMEnable CCE-1615 Table 1.110. Disable Opt-in Wizard on first run User Configuration\Administrative Templates\Microsoft Office 2007 system\Privacy\Trust Center\Disable Opt-in Wizard on first run STIG ID: DTOO183 - Office Rule ID: SV-18824r1_rule Vuln ID: V-17664: Disable the Opt-In Wizard that enables first time users to opt into Internet–based Microsoft services. The "Microsoft Office Online" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Help\Microsoft Office Online (2) Software\Policies\Microsoft\Office\12.0\Common\Internet CCE-1191 User Configuration\Administrative Templates\Microsoft Office 2007 system\Help\Microsoft Office Online The "Disable Password Caching" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable Password Caching (2) Software\Policies\Microsoft\Office\12.0\Common\Security CCE-1587 User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable Password Caching The "Disable all Trust Bar notifications for security issues" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable all Trust Bar notifications for security issues (2) Software\Policies\Microsoft\Office\12.0\Common\TrustCenter CCE-1486 Table 1.88. Disable all Trust Bar notifications for security issues User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable all Trust Bar notifications for security issues STIG ID: DTOO186 - Office Rule ID: SV-18717r3_rule Vuln ID: V-17590: Disable the ability for users to Disable Trust Bar notifications for Security messages - Office The "Protect document metadata for rights managed Office Open XML Files" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Protect document metadata for rights managed Office Open XML Files (2) Software\Policies\Microsoft\Office\12.0\Common\Security CCE-1508 Table 1.191. Protect document metadata for rights managed Office Open XML Files User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Protect document metadata for rights managed Office Open XML Files STIG ID: DTOO187 - Office Rule ID: SV-18976r3_rule Vuln ID: V-17769: Protect document metadata for rights managed Office Open XML fiiles - Office The "Protect document metadata for password protected files." setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Protect document metadata for password protected files. (2) Software\Policies\Microsoft\Office\12.0\Common\Security CCE-1640 Table 1.190. Protect document metadata for password protected files User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Protect document metadata for password protected files. STIG ID: DTOO188 - Office Rule ID: SV-18974r3_rule Vuln ID: V-17768: Protect document metadata for password protected files - Office The "Encryption type for password protected Office Open XML files" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Encryption type for password protected Office Open XML files (2) Software\Policies\Microsoft\Office\12.0\Common\Security CCE-1539 Table 1.153. Encryption type for password protected Office Open XML files User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Encryption type for password protected Office Open XML files STIG ID: DTOO189 - Office 2007 Rule ID: SV-18758r5_rule Vuln ID: V-17619: Encryption type for password protected Open XML files - Office The "Encryption type for password protected Office 97-2003 files" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Encryption type for password protected Office 97-2003 files (2) Software\Policies\Microsoft\Office\12.0\Common\Security CCE-1561 Table 1.152. Encryption type for password protected Office 97-2003 files User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Encryption type for password protected Office 97-2003 files STIG ID: DTOO190 - Office 2007 Rule ID: SV-18755r6_rule Vuln ID: V-17617: Set encryption type for password protected Office 97 thru Office 2003 files - Office The "Load Controls in Forms3 (1 | 2 | 3 | 4)" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Load Controls in Forms3 (1 | 2 | 3 | 4) (2) Software\Policies\Microsoft\VBA\Security CCE-1068 Table 1.168. Load Controls in Forms3 User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Load Controls in Forms3 (1 | 2 | 3 | 4) STIG ID: DTOO192 - Office Rule ID: SV-18939r3_rule Vuln ID: V-17750: Enable Load controls in forms3 - Office The "Automation Security (Disable macros by default | Use application macro security level | Macros enabled)" setting should be configured correctly (1) enabled/disabled 2007: (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Automation Security (Disable macros by default | Use application macro security level | Macros enabled) (2) Software\Policies\Microsoft\Office\Common\Security 2003: (1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Automation Security (2) HKLM\Software\Policies\Microsoft\Office\11.0\Common\Security - AutomationSecurity CCE-1574 Table 1.24. Automation Security User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Automation Security (Disable macros by default | Use application macro security level | Macros enabled) STIG ID: DTOO193 - Office Rule ID: SV-18924r3_rule Vuln ID: V-17741: Enable Automation Security to enforce macro level security in Office documents The "Prevent Word and Excel from loading managed code extensions" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Prevent Word and Excel from loading managed code extensions (2) Software\Policies\Microsoft\Office\Common\Smart Tag CCE-1239 User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Prevent Word and Excel from loading managed code extensions The "Disable hyperlink warnings" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable hyperlink warnings (2) Software\Policies\Microsoft\Office\12.0\Common\Security CCE-1623 Table 1.103. Disable hyperlink warnings User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable hyperlink warnings STIG ID: DTOO194 - Office Rule ID: SV-18814r3_rule Vuln ID: V-17659: Configure the "disable hyperlink warnings" for Office to Disable. The "Disable password to open UI" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable password to open UI (2) Software\Policies\Microsoft\Office\12.0\Common\Security CCE-1083 Table 1.111. Disable password to open UI User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable password to open UI STIG ID: DTOO195 - Office Rule ID: SV-18826r3_rule Vuln ID: V-17665: Configure the "Disable Password to Open UI" for password secured documents. The "Download Office Controls" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Download Office Controls (2) Software\Policies\Microsoft\Office\12.0\Common\Internet CCE-1343 User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Download Office Controls The "Disable All ActiveX" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable All ActiveX (2) Software\Policies\Microsoft\Office\Common\Security CCE-1242 Table 1.86. Disable All ActiveX User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable All ActiveX The "Allow mix of policy and user locations" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Trust Center\Allow mix of policy and user locations (2) Software\Policies\Microsoft\Office\12.0\Common\Security\Trusted Locations CCE-770 Table 1.8. Allow mix of policy and user locations User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Trust Center\Allow mix of policy and user locations STIG ID: DTOO196 - Office Rule ID: SV-18659r3_rule Vuln ID: V-17560: Do not allow a mix of policy and user locations for Office Products. The "Disable Smart Document's use of manifests" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Smart Documents (Word, Excel)\Disable Smart Document's use of manifests (2) Software\Policies\Microsoft\Office\Common\Smart Tag CCE-903 Table 1.116. Disable Smart Document's use of manifests User Configuration\Administrative Templates\Microsoft Office 2007 system\Smart Documents (Word, Excel)\Disable Smart Document's use of manifests STIG ID: DTOO197 - Office Rule ID: SV-18834r3_rule Vuln ID: V-17669: Disable Smart Documents use of Manifests in Office The "Completely disable the Smart Documents feature in Word and Excel" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Smart Documents (Word, Excel)\Completely disable the Smart Documents feature in Word and Excel (2) Software\Policies\Microsoft\Office\Common\Smart Tag CCE-1555 User Configuration\Administrative Templates\Microsoft Office 2007 system\Smart Documents (Word, Excel)\Completely disable the Smart Documents feature in Word and Excel The "Disable Internet Fax feature" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Services\Fax\Disable Internet Fax feature (2) Software\Policies\Microsoft\Office\12.0\Common\Services\Fax CCE-1061 Table 1.107. Disable Internet Fax feature User Configuration\Administrative Templates\Microsoft Office 2007 system\Services\Fax\Disable Internet Fax feature STIG ID: DTOO198 - Office Rule ID: SV-18818r3_rule Vuln ID: V-17661: Disable the ability for Office users to use the Internet Fax Feature. The "Prevent users from changing permissions on rights managed content" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Prevent users from changing permissions on rights managed content (2) Software\Policies\Microsoft\Office\12.0\Common\DRM CCE-1603 Table 1.187. Prevent users from changing permissions on rights managed content User Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Prevent users from changing permissions on rights managed content STIG ID: DTOO199 - Office Rule ID: SV-18968r3_rule Vuln ID: V-17765: Prevent permissions change on 'rights managed' content - Office The "Allow users with earlier versions of Office to read with browsers..." setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Allow users with earlier versions of Office to read with browsers... (2) Software\Policies\Microsoft\Office\12.0\Common\DRM CCE-1612 Table 1.13. Allow users with earlier versions of Office to read with browsers… User Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Allow users with earlier versions of Office to read with browsers... STIG ID: DTOO200 - Office 2007 Rule ID: SV-18782r3_rule Vuln ID: V-17583: Allow users with earlier versions of Office to read with browsers - System The "Always require users to connect to verify permission" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Always require users to connect to verify permission (2) Software\Policies\Microsoft\Office\12.0\Common\DRM CCE-1493 Table 1.15. Always require users to connect to verify permission User Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Always require users to connect to verify permission STIG ID: DTOO201 - Office Rule ID: SV-18906r3_rule Vuln ID: V-17731: Always require users to connect to verify permissions - Office. The "Always expand groups in Office when restricting permission for documents" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Always expand groups in Office when restricting permission for documents (2) Software\Policies\Microsoft\Office\12.0\Common\DRM\AutoExpandDls CCE-1409 Table 1.14. Always expand groups in Office when restricting permission for documents User Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Always expand groups in Office when restricting permission for documents The "Never allow users to specify groups when restricting permission for documents" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Never allow users to specify groups when restricting permission for documents (2) Software\Policies\Microsoft\Office\12.0\Common\DRM CCE-1589 Table 1.177. Never allow users to specify groups when restricting permission for documents User Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Never allow users to specify groups when restricting permission for documents The "Disable Microsoft Passport service for content with restricted permission" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Disable Microsoft Passport service for content with restricted permission (2) Software\Policies\Microsoft\Office\12.0\Common\DRM CCE-1237 Table 1.108. Disable Microsoft Passport service for content with restricted permission User Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Disable Microsoft Passport service for content with restricted permission STIG ID: DTOO202 - Office Rule ID: SV-18820r3_rule Vuln ID: V-17662: Disable Microsoft passport Service for content with restricted permissions - Office. The "Do not allow users to upgrade Information Rights Management configuration" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Do not allow users to upgrade Information Rights Management configuration (2) Software\Policies\Microsoft\Office\12.0\Common\DRM CCE-1404 User Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Do not allow users to upgrade Information Rights Management configuration The "Key Usage Filtering" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Signing\Key Usage Filtering (2) Software\Policies\Microsoft\Office\12.0\Common\General CCE-1396 Table 1.166. Key Usage Filtering User Configuration\Administrative Templates\Microsoft Office 2007 system\Signing\Key Usage Filtering The "EKU filtering" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Signing\EKU filtering (2) Software\Policies\Microsoft\Office\12.0\Common\Signatures CCE-1167 Table 1.146. EKU filtering User Configuration\Administrative Templates\Microsoft Office 2007 system\Signing\EKU filtering The "Legacy format signatures" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Signing\Legacy format signatures (2) Software\Policies\Microsoft\Office\12.0\Common\Signatures CCE-1585 Table 1.167. Legacy format signatures User Configuration\Administrative Templates\Microsoft Office 2007 system\Signing\Legacy format signatures STIG ID: DTOO203 - Office Rule ID: SV-18937r3_rule Vuln ID: V-17749: Legacy format signatures should be enabled - Office The "Suppress Office Signing Providers (Enable Western and East Asian | Suppress default Western | Suppress default East Asian | Suppress both Western and East Asian)" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Signing\Suppress Office Signing Providers (Enable Western and East Asian | Suppress default Western | Suppress default East Asian | Suppress both Western and East Asian) (2) Software\Policies\Microsoft\Office\12.0\Common\Signatures CCE-1572 Table 1.223. Suppress Office Signing Providers User Configuration\Administrative Templates\Microsoft Office 2007 system\Signing\Suppress Office Signing Providers (Enable Western and East Asian | Suppress default Western | Suppress default East Asian | Suppress both Western and East Asian) The "Suppress external signature services menu item" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Signing\Suppress external signature services menu item (2) Software\Policies\Microsoft\Office\12.0\Common\Signatures CCE-1220 Table 1.222. Suppress external signature services menu item User Configuration\Administrative Templates\Microsoft Office 2007 system\Signing\Suppress external signature services menu item STIG ID: DTOO204 - Office Rule ID: SV-19036r3_rule Vuln ID: V-17805: Enable the feature to suppress external Signature Services Menu for Office. The "Disable Check For Solutions" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Office Diagnostics\Disable Check For Solutions (2) Software\Policies\Microsoft\Office\Common\OffDiag CCE-1634 Table 1.92. Disable Check For Solutions User Configuration\Administrative Templates\Microsoft Office 2007 system\Office Diagnostics\Disable Check For Solutions STIG ID: DTOO205 - Office 2007 Rule ID: SV-18802r3_rule Vuln ID: V-17653: Enable the "Disable Check for Solutions" in Office. The "Disable inclusion of document properties in PDF and XPS output" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Microsoft Save As PDF and XPS add-ins\Disable inclusion of document properties in PDF and XPS output (2) Software\Policies\Microsoft\Office\12.0\Common\FixedFormat CCE-1643 Table 1.105. Disable inclusion of document properties in PDF and XPS output User Configuration\Administrative Templates\Microsoft Office 2007 system\Microsoft Save As PDF and XPS add-ins\Disable inclusion of document properties in PDF and XPS output STIG ID: DTOO206 - Office Rule ID: SV-18816r3_rule Vuln ID: V-17660: Disable inclusion of document properties for PDF and XPS output - Office. The "Disable Document Information Panel" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Document Information Panel\Disable Document Information Panel (2) Software\Policies\Microsoft\Office\12.0\Common\DocumentInformationPanel CCE-1546 Table 1.96. Disable Document Information Panel User Configuration\Administrative Templates\Microsoft Office 2007 system\Document Information Panel\Disable Document Information Panel The "Document Information Panel Beaconing UI (Never show UI | Always show UI | Show UI if XSN is in Internet Zone)" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Document Information Panel\Document Information Panel Beaconing UI (Never show UI | Always show UI | Show UI if XSN is in Internet Zone) (2) Software\Policies\Microsoft\Office\12.0\Common\DocumentInformationPanel CCE-1505 Table 1.144. Document Information Panel Beaconing UI User Configuration\Administrative Templates\Microsoft Office 2007 system\Document Information Panel\Document Information Panel Beaconing UI (Never show UI | Always show UI | Show UI if XSN is in Internet Zone) STIG ID: DTOO207 - Office 2007 Rule ID: SV-18740r3_rule Vuln ID: V-17605: Always show Document Information Panel Beaconing UI - Office The "Disable the Office client from polling the Office server for published links" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Server Settings\Disable the Office client from polling the Office server for published links (2) Software\Policies\Microsoft\Office\12.0\Common\Portal CCE-1545 Table 1.118. Disable the Office client from polling the Office server for published links User Configuration\Administrative Templates\Microsoft Office 2007 system\Server Settings\Disable the Office client from polling the Office server for published links STIG ID: DTOO208 - Office Rule ID: SV-18836r3_rule Vuln ID: V-17670: Disable the Office client from polling the Sharepoint server for published links. The "Block opening of pre-release versions of file formats new to Word 2007 through the Compatibility Pack for the 2007 Office system and Word 2007 Open XML/Word 97-2003 Format Converter" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Office 2007 Converters\Block opening of pre-release versions of file formats new to Word 2007 through the Compatibility Pack for the 2007 Office system and Word 2007 Open XML/Word 97-2003 Format Converter (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock CCE-1549 Table 1.44. Block opening of pre-release versions of file formats new to Word 2007 through the Compatibility Pack for the 2007 Office system and Word 2007 Open XML/Word 97-2003 Format Converter User Configuration\Administrative Templates\Microsoft Office 2007 system\Office 2007 Converters\Block opening of pre-release versions of file formats new to Word 2007 through the Compatibility Pack for the 2007 Office system and Word 2007 Open XML/Word 97-2003 Format Converter The "Block opening of pre-release versions of file formats new to Excel 2007 through the Compatibility Pack for the 2007 Office system and Excel 2007 Converter" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Office 2007 Converters\Block opening of pre-release versions of file formats new to Excel 2007 through the Compatibility Pack for the 2007 Office system and Excel 2007 Converter (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock CCE-1431 Table 1.40. Block opening of pre-release versions of file formats new to Excel 2007 through the Compatibility Pack for the 2007 Office system and Excel 2007 Converter User Configuration\Administrative Templates\Microsoft Office 2007 system\Office 2007 Converters\Block opening of pre-release versions of file formats new to Excel 2007 through the Compatibility Pack for the 2007 Office system and Excel 2007 Converter The "Block opening of pre-release versions of file formats new to PowerPoint 2007 through the Compatibility Pack for the 2007 Office system and PowerPoint 2007 Converter" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Office 2007 Converters\Block opening of pre-release versions of file formats new to PowerPoint 2007 through the Compatibility Pack for the 2007 Office system and PowerPoint 2007 Converter (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileOpenBlock CCE-1594 Table 1.42. Block opening of pre-release versions of file formats new to PowerPoint 2007 through the Compatibility Pack for the 2007 Office system and PowerPoint 2007 Converter User Configuration\Administrative Templates\Microsoft Office 2007 system\Office 2007 Converters\Block opening of pre-release versions of file formats new to PowerPoint 2007 through the Compatibility Pack for the 2007 Office system and PowerPoint 2007 Converter The "Control Blogging (Enabled | Only SharePoint blogs allowed | All blogging disabled)" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Control Blogging (Enabled | Only SharePoint blogs allowed | All blogging disabled) (2) Software\Policies\Microsoft\Office\12.0\Common\Blog CCE-1241 Table 1.78. Control blogging User Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Control Blogging (Enabled | Only SharePoint blogs allowed | All blogging disabled) STIG ID: DTOO212 - Office Rule ID: SV-18701r3_rule Vuln ID: V-17581: Control Blogging entries created from inside Office products. The "Enable Smart Resume" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Enable Smart Resume (2) Software\Policies\Microsoft\Office\12.0\Common\Restore Workspace CCE-1607 User Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Enable Smart Resume The "Do not upload media files" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Do not upload media files (2) Software\Policies\Microsoft\Office\12.0\Common\Internet CCE-752 User Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Do not upload media files The "Disable hyperlinks to web templates in File | New and task panes" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Disable hyperlinks to web templates in File | New and task panes (2) Software\Policies\Microsoft\Office\12.0\Common\Internet CCE-1166 Table 1.104. Disable hyperlinks to web templates from the client and from Office Online website User Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Disable hyperlinks to web templates in File | New and task panes The "Prevent access to Web-based file storage" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Prevent access to Web-based file storage (2) Software\Policies\Microsoft\Office\12.0\Common\WebServices CCE-654 User Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Prevent access to Web-based file storage The "Do not allow attachment previewing in Outlook" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\E-mail Options\Do not allow attachment previewing in Outlook (2) Software\Policies\Microsoft\Office\12.0\Outlook\Preferences CCE-1192 Table 1.128. Do not allow attachment previewing in Outlook User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\E-mail Options\Do not allow attachment previewing in Outlook The "Read e-mail as plain text" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\E-mail Options\Read e-mail as plain text (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-791 Table 1.192. Read e-mail as plain text User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\E-mail Options\Read e-mail as plain text The "Read signed e-mail as plain text" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\E-mail Options\Read signed e-mail as plain text (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-1456 Table 1.193. Read signed e-mail as plain text User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\E-mail Options\Read signed e-mail as plain text The "Prevent publishing to Office Online" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Calendar Options\Microsoft Office Online Sharing ServicePrevent publishing to Office Online (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\PubCal CCE-1478 Table 1.185. Prevent publishing to Office Online User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Calendar Options\Microsoft Office Online Sharing ServicePrevent publishing to Office Online The "Prevent publishing to a DAV server" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Calendar Options\Microsoft Office Online Sharing ServicePrevent publishing to a DAV server (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\PubCal CCE-1368 Table 1.184. Prevent publishing to a DAV server User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Calendar Options\Microsoft Office Online Sharing ServicePrevent publishing to a DAV server The "Restrict level of calendar details users can publish (All options are available | Disables 'Full details' | Disables 'Full details' and 'Limited details')" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Calendar Options\Microsoft Office Online Sharing ServiceRestrict level of calendar details users can publish (All options are available | Disables 'Full details' | Disables 'Full details' and 'Limited details') (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\PubCal CCE-1641 Table 1.202. Restrict level of calendar details users can publish User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Calendar Options\Microsoft Office Online Sharing ServiceRestrict level of calendar details users can publish (All options are available | Disables 'Full details' | Disables 'Full details' and 'Limited details') The "Access to published calendars" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Calendar Options\Microsoft Office Online Sharing ServiceAccess to published calendars (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\PubCal CCE-1266 Table 1.1. Access to published calendars User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Calendar Options\Microsoft Office Online Sharing ServiceAccess to published calendars The "Restrict upload method" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Calendar Options\Microsoft Office Online Sharing ServiceRestrict upload method (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\PubCal CCE-1399 Table 1.203. Restrict upload method User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Calendar Options\Microsoft Office Online Sharing ServiceRestrict upload method The "Hide Junk Mail UI" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Junk E-mail\Hide Junk Mail UI (2) Software\Policies\Microsoft\Office\12.0\Outlook CCE-1187 Table 1.158. Hide Junk Mail UI User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Junk E-mail\Hide Junk Mail UI The "Junk E-mail protection level (No Protection, Low, High, Trusted Lists Only)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Junk E-mail\Junk E-mail protection level (No Protection, Low, High, Trusted Lists Only) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-1588 Table 1.165. Junk E-mail protection level User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Junk E-mail\Junk E-mail protection level (No Protection, Low, High, Trusted Lists Only) The "Trust E-mail from Contacts" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Junk E-mail\Trust E-mail from Contacts (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-1117 Table 1.226. Trust E-mail from Contacts User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Junk E-mail\Trust E-mail from Contacts The "Add e-mail recipients to users' Safe Senders Lists" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Junk E-mail\Add e-mail recipients to users' Safe Senders Lists (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-1130 Table 1.4. Add e-mail recipients to users' Safe Senders Lists User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Junk E-mail\Add e-mail recipients to users' Safe Senders Lists The "Dial-up options" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Setup\Dial-up options (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-1093 Table 1.84. Dial-up options User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Setup\Dial-up options The "Dial-up options - Warn before switching dial-up connection" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Setup\Dial-up options - Warn before switching dial-up connection (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-1599 Table 1.84. Dial-up options User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Setup\Dial-up options - Warn before switching dial-up connection The "Dial-up options - Hang up when finished sending, receiving, or updating" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Setup\Dial-up options - Hang up when finished sending, receiving, or updating (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-1621 Table 1.84. Dial-up options User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Setup\Dial-up options - Hang up when finished sending, receiving, or updating The "Dial-up options - Automatically dial during a background Send/Receive" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Setup\Dial-up options - Automatically dial during a background Send/Receive (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-1269 Table 1.84. Dial-up options User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Setup\Dial-up options - Automatically dial during a background Send/Receive The "Do not allow creating, replying, or forwarding signatures for e-mail messages" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Do not allow creating, replying, or forwarding signatures for e-mail messages (2) Software\Policies\Microsoft\Office\12.0\Common\MailSettings CCE-1419 Table 1.129. Do not allow creating, replying, or forwarding signatures for e-mail messages User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Do not allow creating, replying, or forwarding signatures for e-mail messages The "Send copy of pictures with HTML messages instead of reference to Internet location" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Internet Formatting\Send copy of pictures with HTML messages instead of reference to Internet location (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-1551 User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Internet Formatting\Send copy of pictures with HTML messages instead of reference to Internet location The "Outlook Rich Text options (Convert to HTML | Convert to Plain Text format | Send Using Outlook Rich Text format)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Internet Formatting\Outlook Rich Text options (Convert to HTML | Convert to Plain Text format | Send Using Outlook Rich Text format) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-655 Table 1.181. Outlook Rich Text options User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Internet Formatting\Outlook Rich Text options (Convert to HTML | Convert to Plain Text format | Send Using Outlook Rich Text format) The "Plain text options" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Internet Formatting\Plain text options (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-1592 Table 1.183. Plain text options User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Internet Formatting\Plain text options The "Plain text options - Encode attachments in UUENCODE format when sending a plain text message" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Internet Formatting\Plain text options - Encode attachments in UUENCODE format when sending a plain text message (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-1614 Table 1.183. Plain text options User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Internet Formatting\Plain text options - Encode attachments in UUENCODE format when sending a plain text message The "Set message format (HTML | Rich Text | Plain Text)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Internet Formatting\Message FormatSet message format (HTML | Rich Text | Plain Text) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-1526 Table 1.217. Set message format User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Internet Formatting\Message FormatSet message format (HTML | Rich Text | Plain Text) The "Make Outlook the default program for E-mail, Contacts, and Calendar" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Make Outlook the default program for E-mail, Contacts, and Calendar (2) software\policies\microsoft\office\12.0\outlook\options\general CCE-1111 Table 1.171. Make Outlook the default program for E-mail, Contacts, and Calendar User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Make Outlook the default program for E-mail, Contacts, and Calendar The "Do not allow folders in non-default stores to be set as folder home pages" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Advanced\Do not allow folders in non-default stores to be set as folder home pages (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1494 Table 1.130. Do not allow folders in non-default stores to be set as folder home pages User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Advanced\Do not allow folders in non-default stores to be set as folder home pages The "Use Unicode format when dragging e-mail message to file system" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Advanced\Use Unicode format when dragging e-mail message to file system (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\General CCE-1287 Table 1.233. Use Unicode format when dragging e-mail message to file system User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Advanced\Use Unicode format when dragging e-mail message to file system The "Do not allow Outlook object model scripts to run for shared folders" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Advanced\Do not allow Outlook object model scripts to run for shared folders (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1529 Table 1.132. Do not allow Outlook object model scripts to run for shared folders User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Advanced\Do not allow Outlook object model scripts to run for shared folders The "Do not allow Outlook object model scripts to run for public folders" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Advanced\Do not allow Outlook object model scripts to run for public folders (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1560 Table 1.131. Do not allow Outlook object model scripts to run for public folders User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Advanced\Do not allow Outlook object model scripts to run for public folders The "Set maximum level of online status on a person name (Do not allow | Allow everywhere except To and CC field | Allow everywhere)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Person Names\Set maximum level of online status on a person name (Do not allow | Allow everywhere except To and CC field | Allow everywhere) (2) Software\Policies\Microsoft\Office\12.0\Outlook\IM CCE-1596 Table 1.216. Set maximum level of online status on a person name User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Person Names\Set maximum level of online status on a person name (Do not allow | Allow everywhere except To and CC field | Allow everywhere) The "Display online status on a person name (Never | Everywhere except To and CC field | Everywhere)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Person Names\Display online status on a person name (Never | Everywhere except To and CC field | Everywhere) (2) Software\Policies\Microsoft\Office\12.0\Outlook\IM CCE-1604 Table 1.126. Display online status on a person name User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Person Names\Display online status on a person name (Never | Everywhere except To and CC field | Everywhere) The "Turn off Enable the Person Names Smart Tag option" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Person Names\Turn off Enable the Person Names Smart Tag option (2) Software\Policies\Microsoft\Office\12.0\Outlook\IM CCE-1648 Table 1.227. Turn off Enable the Person Names Smart Tag option User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Person Names\Turn off Enable the Person Names Smart Tag option The "Outlook Security Mode (Outlook Default Security | Use Security Form from 'Outlook Security Settings' Public Folder | Use Security Form from 'Outlook 10 Security Settings' Public Folder | Use Outlook Security Group Policy)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Outlook Security Mode (Outlook Default Security | Use Security Form from 'Outlook Security Settings' Public Folder | Use Security Form from 'Outlook 10 Security Settings' Public Folder | Use Outlook Security Group Policy) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1516 Table 1.182. Outlook Security Mode User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Outlook Security Mode (Outlook Default Security | Use Security Form from 'Outlook Security Settings' Public Folder | Use Security Form from 'Outlook 10 Security Settings' Public Folder | Use Outlook Security Group Policy) The "Display Level 1 attachments" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Display Level 1 attachments (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1296 Table 1.125. Display Level 1 attachments User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Display Level 1 attachments The "Allow users to demote attachments to Level 2" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Allow users to demote attachments to Level 2 (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1388 Table 1.12. Allow users to demote attachments to Level 2 User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Allow users to demote attachments to Level 2 The "Do not prompt about Level 1 attachments when sending an item" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Do not prompt about Level 1 attachments when sending an item (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1652 Table 1.140. Do not prompt about Level 1 attachments when sending an item User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Do not prompt about Level 1 attachments when sending an item The "Do not prompt about Level 1 attachments when closing an item" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Do not prompt about Level 1 attachments when closing an item (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1569 Table 1.139. Do not prompt about Level 1 attachments when closing an item User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Do not prompt about Level 1 attachments when closing an item The "Allow in-place activation of embedded OLE objects" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Allow in-place activation of embedded OLE objects (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1459 User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Allow in-place activation of embedded OLE objects The "Display OLE package objects" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Display OLE package objects (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1608 User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Display OLE package objects The "Add file extensions to block as Level 1" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Add file extensions to block as Level 1 (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1617 Table 1.5. Add file extensions to block as Level 1 User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Add file extensions to block as Level 1 The "Remove file extensions blocked as Level 1" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Remove file extensions blocked as Level 1 (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1631 Table 1.196. Remove file extensions blocked as Level 1 User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Remove file extensions blocked as Level 1 The "Add file extensions to block as Level 2" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Add file extensions to block as Level 2 (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1155 Table 1.6. Add file extensions to block as Level 2 User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Add file extensions to block as Level 2 The "Remove file extensions blocked as Level 2" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Remove file extensions blocked as Level 2 (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1556 Table 1.197. Remove file extensions blocked as Level 2 User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Remove file extensions blocked as Level 2 The "Allow scripts in one-off Outlook forms" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Custom Form Security\Allow scripts in one-off Outlook forms (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1595 Table 1.10. Allow scripts in one-off Outlook forms User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Custom Form Security\Allow scripts in one-off Outlook forms The "Set Outlook object model Custom Actions execution prompt (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Custom Form Security\Set Outlook object model Custom Actions execution prompt (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1436 Table 1.218. Set Outlook object model Custom Actions execution prompt User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Custom Form Security\Set Outlook object model Custom Actions execution prompt (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) The "Set control ItemProperty prompt (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security)" setting should be configured correctly (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Custom Form Security\Set control ItemProperty prompt (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1586 Table 1.215. Set control ItemProperty prompt User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Custom Form Security\Set control ItemProperty prompt (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) The "Configure Outlook object model prompt when sending mail (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when sending mail (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1590 Table 1.71. Configure Outlook object model prompt when sending mail User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when sending mail (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) The "Configure Outlook object model prompt when accessing an address book (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when accessing an address book (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1004 Table 1.65. Configure Outlook object model prompt when accessing an address book User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when accessing an address book (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) The "Configure Outlook object model prompt when reading address information (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when reading address information (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1273 Table 1.69. Configure Outlook object model prompt when reading address information User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when reading address information (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) The "Configure Outlook object model prompt when responding to meeting and task requests (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when responding to meeting and task requests (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1172 Table 1.70. Configure Outlook object model prompt when responding to meeting and task requests User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when responding to meeting and task requests (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) The "Configure Outlook object model prompt when executing Save As (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when executing Save As (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1568 Table 1.68. Configure Outlook object model prompt when executing Save As User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when executing Save As (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) The "Configure Outlook object model prompt When accessing the Formula property of a UserProperty object (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt When accessing the Formula property of a UserProperty object (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1573 Table 1.67. Configure Outlook object model prompt When accessing the Formula property of a UserProperty object User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt When accessing the Formula property of a UserProperty object (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) The "Configure Outlook object model prompt when accessing address information via UserProperties.Find (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when accessing address information via UserProperties.Find (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1454 Table 1.66. Configure Outlook object model prompt when accessing address information via UserProperties.Find User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when accessing address information via UserProperties.Find (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) The "Required Certificate Authority" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Required Certificate Authority (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1498 Table 1.201. Required Certificate Authority User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Required Certificate Authority The "S/MIME interoperability with external clients: (Handle internally | Handle externally | Handle if possible)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\S/MIME interoperability with external clients: (Handle internally | Handle externally | Handle if possible) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1630 Table 1.207. S/MIME interoperability with external clients: User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\S/MIME interoperability with external clients: (Handle internally | Handle externally | Handle if possible) The "Always use Rich Text formatting in S/MIME messages" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Always use Rich Text formatting in S/MIME messages (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1626 User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Always use Rich Text formatting in S/MIME messages The "S/MIME password settings" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\S/MIME password settings (2) Software\Policies\Microsoft\Cryptography\Defaults\Provider\Microsoft Exchange Cryptographic Provider v1.0 CCE-1163 Table 1.208. S/MIME password settings User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\S/MIME password settings The "S/MIME password settings - Default S/MIME password time (minutes): (0 - 2147483647)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\S/MIME password settings - Default S/MIME password time (minutes): (0 - 2147483647) (2) Software\Policies\Microsoft\Cryptography\Defaults\Provider\Microsoft Exchange Cryptographic Provider v1.0 CCE-1445 Table 1.208. S/MIME password settings User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\S/MIME password settings - Default S/MIME password time (minutes): (0 - 2147483647) The "S/MIME password settings - Maximum S/MIME password time (minutes): (0 - 2147483647)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\S/MIME password settings - Maximum S/MIME password time (minutes): (0 - 2147483647) (2) Software\Policies\Microsoft\Cryptography\Defaults\Provider\Microsoft Exchange Cryptographic Provider v1.0 CCE-1582 Table 1.208. S/MIME password settings User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\S/MIME password settings - Maximum S/MIME password time (minutes): (0 - 2147483647) The "Message Formats" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Message Formats (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1357 Table 1.172. Message Formats User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Message Formats The "Message Formats - Support the following message formats: (S/MIME | Exchange | Fortezza | S/MIME and Exchange | S/MIME and Fortezza | Exchange and Fortezza | S/MIME, Exchange, and Fortezza)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Message Formats - Support the following message formats: (S/MIME | Exchange | Fortezza | S/MIME and Exchange | S/MIME and Fortezza | Exchange and Fortezza | S/MIME, Exchange, and Fortezza) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1132 Table 1.172. Message Formats User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Message Formats - Support the following message formats: (S/MIME | Exchange | Fortezza | S/MIME and Exchange | S/MIME and Fortezza | Exchange and Fortezza | S/MIME, Exchange, and Fortezza) 2007: The "Do not provide Continue option on Encryption warning dialog boxes" setting should be configured correctly for Outlook 2007. 2003: The "Disable Continue button on all Encryption warning dialogs" setting should be configured correctly. (1) enabled/disabled (1) 2007: User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Do not provide Continue option on Encryption warning dialog boxes (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security 2003: (3) User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools\Options\Security\Cryptography\Disable Continue button on all Encryption warning dialogs (4) HKCU\Software\Policies\Microsoft\office\11.0\outlook\Security - DisableContinue CCE-1511 Table 1.142. Do not provide Continue option on Encryption warning dialog boxes User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Do not provide Continue option on Encryption warning dialog boxes The "Run in FIPS compliant mode" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Run in FIPS compliant mode (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1018 Table 1.205. Run in FIPS compliant mode User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Run in FIPS compliant mode The "Encrypt all e-mail messages" setting should be configured correctly for Outlook 2007 and 2003. (1) enabled/disabled 2007: (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Encrypt all e-mail messages (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security 2003: (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools\Options\Security\Cryptography\Encrypt all e-mail messages (2) HKCU\Software\Policies\Microsoft\Office\11.0\Outlook\Security - AlwaysEncrypt CCE-1181 Table 1.151. Encrypt all e-mail messages User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Encrypt all e-mail messages The "Sign all e-mail messages" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Sign all e-mail messages (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1639 Table 1.219. Sign all e-mail messages User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Sign all e-mail messages The "URL for S/MIME certificates" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\URL for S/MIME certificates (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-677 Table 1.232. URL for S/MIME certificates User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\URL for S/MIME certificates The "Ensure all S/MIME signed messages have a label" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Ensure all S/MIME signed messages have a label (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-687 Table 1.154. Ensure all S/MIME signed messages have a label User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Ensure all S/MIME signed messages have a label The "S/MIME receipt requests (Open message if receipt can't be sent | Don't open message if receipt can't be sent | Always prompt before sending receipt | Never send S/MIME )" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\S/MIME receipt requests (Open message if receipt can't be sent | Don't open message if receipt can't be sent | Always prompt before sending receipt | Never send S/MIME ) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1613 Table 1.209. S/MIME receipt requests User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\S/MIME receipt requests (Open message if receipt can't be sent | Don't open message if receipt can't be sent | Always prompt before sending receipt | Never send S/MIME ) The "Fortezza certificate policies" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Fortezza certificate policies (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1402 Table 1.156. Fortezza certificate policies User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Fortezza certificate policies The "Require SuiteB algorithms for S/MIME operations" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Require SuiteB algorithms for S/MIME operations (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1658 Table 1.199. Require SuiteB algorithms for S/MIME operations User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Require SuiteB algorithms for S/MIME operations The "Missing CRLs" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Missing CRLs (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1662 Table 1.174. Missing CRLs User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Missing CRLs The "Missing CRLs - Indicate a missing CRL as a(n): (warning | error)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Missing CRLs - Indicate a missing CRL as a(n): (warning | error) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1080 Table 1.174. Missing CRLs User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Missing CRLs - Indicate a missing CRL as a(n): (warning | error) The "Missing root certificates" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Missing root certificates (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1076 Table 1.175. Missing root certificates User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Missing root certificates The "Missing root certificates - Indicate a missing root certificate as a(n): (neither error nor warning | warning | error)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Missing root certificates - Indicate a missing root certificate as a(n): (neither error nor warning | warning | error) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1636 Table 1.175. Missing root certificates User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Missing root certificates - Indicate a missing root certificate as a(n): (neither error nor warning | warning | error) The "Promote Level 2 errors as errors, not warnings" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Promote Level 2 errors as errors, not warnings (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-943 Table 1.189. Promote Level 2 errors as errors, not warnings User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Promote Level 2 errors as errors, not warnings The "Attachment Secure Temporary Folder" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Attachment Secure Temporary Folder (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1591 Table 1.18. Attachment Secure Temporary Folder User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Attachment Secure Temporary Folder The "Display pictures and external content in HTML e-mail" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Display pictures and external content in HTML e-mail (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-1133 Table 1.127. Display pictures and external content in HTML e-mail User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Display pictures and external content in HTML e-mail The "Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-725 Table 1.22. Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists The "Do not permit download of content from safe zones" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Do not permit download of content from safe zones (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-1347 Table 1.138. Do not permit download of content from safe zones User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Do not permit download of content from safe zones The "Block Trusted Zones" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Block Trusted Zones (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-1475 Table 1.63. Block Trusted Zones User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Block Trusted Zones The "Include Internet in Safe Zones for Automatic Picture Download" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Include Internet in Safe Zones for Automatic Picture Download (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-1497 Table 1.161. Include Internet in Safe Zones for Automatic Picture Download User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Include Internet in Safe Zones for Automatic Picture Download The "Include Intranet in Safe Zones for Automatic Picture Download" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Include Intranet in Safe Zones for Automatic Picture Download (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-1501 Table 1.162. Include Intranet in Safe Zones for Automatic Picture Download User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Include Intranet in Safe Zones for Automatic Picture Download The "Security setting for macros (Always warn | Never warn, disable all | Warn for signed, disable unsigned | No security check)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Trust Center\Security setting for macros (Always warn | Never warn, disable all | Warn for signed, disable unsigned | No security check) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1030 Table 1.213. Security setting for macros User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Trust Center\Security setting for macros (Always warn | Never warn, disable all | Warn for signed, disable unsigned | No security check) The "Enable links in e-mail messages" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Trust Center\Enable links in e-mail messages (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-1052 Table 1.149. Enable links in e-mail messages User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Trust Center\Enable links in e-mail messages The "Apply macro security settings to macros, add-ins, and SmartTags" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Trust Center\Apply macro security settings to macros, add-ins, and SmartTags (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1462 Table 1.16. Apply macro security settings to macros, add-ins, and SmartTags User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Trust Center\Apply macro security settings to macros, add-ins, and SmartTags The "Automatically configure profile based on Active Directory Primary SMTP address" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Exchange\Automatically configure profile based on Active Directory Primary SMTP address (2) Software\Policies\Microsoft\Office\12.0\Outlook\AutoDiscover CCE-1281 Table 1.20. Automatically configure profile based on Active Directory Primary SMTP address User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Exchange\Automatically configure profile based on Active Directory Primary SMTP address The "Do not allow users to change permissions on folders" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Exchange\Do not allow users to change permissions on folders (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Folders CCE-1303 Table 1.133. Do not allow users to change permissions on folders User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Exchange\Do not allow users to change permissions on folders The "Enable RPC encryption" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Exchange\Enable RPC encryption (2) Software\Policies\Microsoft\Office\12.0\Outlook\RPC CCE-1082 Table 1.150. Enable RPC encryption User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Exchange\Enable RPC encryption The "Authentication with Exchange Server (Kerberos/NTLM Password Authentication | Kerberos Password Authentication | NTLM Password Authentication)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Exchange\Authentication with Exchange Server (Kerberos/NTLM Password Authentication | Kerberos Password Authentication | NTLM Password Authentication) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security CCE-1712 Table 1.19. Authentication with Exchange Server User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Exchange\Authentication with Exchange Server (Kerberos/NTLM Password Authentication | Kerberos Password Authentication | NTLM Password Authentication) The "Synchronize Outlook RSS Feeds with Common Feed List" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\RSS Feeds\Synchronize Outlook RSS Feeds with Common Feed List (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\RSS CCE-1131 Table 1.224. Synchronize Outlook RSS Feeds with Common Feed List User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\RSS Feeds\Synchronize Outlook RSS Feeds with Common Feed List The "Turn off RSS feature" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\RSS Feeds\Turn off RSS feature (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\RSS CCE-1620 Table 1.228. Turn off RSS feature User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\RSS Feeds\Turn off RSS feature The "Automatically download enclosures" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\RSS Feeds\Automatically download enclosures (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\RSS CCE-1541 User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\RSS Feeds\Automatically download enclosures The "Download full text of articles as HTML attachments" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\RSS Feeds\Download full text of articles as HTML attachments (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\RSS CCE-1311 Table 1.145. Download full text of articles as HTML attachments User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\RSS Feeds\Download full text of articles as HTML attachments The "Automatically download attachments" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Internet Calendars\Automatically download attachments (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\WebCal CCE-1682 Table 1.21. Automatically download attachments User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Internet Calendars\Automatically download attachments The "Do not include Internet Calendar integration in Outlook" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Internet Calendars\Do not include Internet Calendar integration in Outlook (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\WebCal CCE-1461 Table 1.137. Do not include Internet Calendar integration in Outlook User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Internet Calendars\Do not include Internet Calendar integration in Outlook The "Disable user entries to server list (Publish default, allow others | Publish default, disallow others)" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Meeting Workspace\Disable user entries to server list (Publish default, allow others | Publish default, disallow others) (2) Software\Policies\Microsoft\Office\12.0\Meetings\Profile CCE-1041 Table 1.123. Disable user entries to server list User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Meeting Workspace\Disable user entries to server list (Publish default, allow others | Publish default, disallow others) The "Do not expand distribution lists" setting should be configured correctly for Outlook 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Miscellaneous\Do not expand distribution lists (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail CCE-1565 Table 1.136. Do not expand distribution lists User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Miscellaneous\Do not expand distribution lists The "Save files in this format (PowerPoint Presentation (*.pptx) | PowerPoint Macro-Enabled Presentation (*.pptm) | PowerPoint 97-2003 Presentation (*.ppt))" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Save\Save files in this format (PowerPoint Presentation (*.pptx) | PowerPoint Macro-Enabled Presentation (*.pptm) | PowerPoint 97-2003 Presentation (*.ppt)) (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Options CCE-1719 Table 1.212. Save files in this format User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Save\Save files in this format (PowerPoint Presentation (*.pptx) | PowerPoint Macro-Enabled Presentation (*.pptm) | PowerPoint 97-2003 Presentation (*.ppt)) The "Number of documents in the Recent Documents list (0 - 50)" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Advanced\Number of documents in the Recent Documents list (0 - 50) (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\File MRU CCE-1477 User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Advanced\Number of documents in the Recent Documents list (0 - 50) The "Determine whether to force encrypted macros to be scanned in Microsoft PowerPoint Open XML presentations" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Determine whether to force encrypted macros to be scanned in Microsoft PowerPoint Open XML presentations (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security CCE-1142 Table 1.82. Determine whether to force encrypted macros to be scanned in Microsoft PowerPoint Open XML presentations User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Determine whether to force encrypted macros to be scanned in Microsoft PowerPoint Open XML presentations The "Run Programs (disable (don't run any programs) | enable (prompt user before running) | enable all (run without prompting))" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Run Programs (disable (don't run any programs) | enable (prompt user before running) | enable all (run without prompting)) (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security CCE-1649 Table 1.206. Run Programs User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Run Programs (disable (don't run any programs) | enable (prompt user before running) | enable all (run without prompting)) The "Make hidden markup visible" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Make hidden markup visible (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security CCE-1279 Table 1.170. Make hidden markup visible User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Make hidden markup visible The "Unblock automatic download of linked images" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Unblock automatic download of linked images (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security CCE-1451 Table 1.229. Unblock automatic download of linked images User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Unblock automatic download of linked images The "Disable all application add-ins" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Disable all application add-ins (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security CCE-1204 Table 1.87. Disable all application add-ins User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Disable all application add-ins The "Require that application add-ins are signed by Trusted Publisher" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security CCE-1107 Table 1.200. Require that application add-ins are signed by Trusted Publisher User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher The "Disable Trust Bar Notification for unsigned application add-ins" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security CCE-743 Table 1.120. Disable Trust Bar Notification for unsigned application add-ins User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins The "Allow Trusted Locations not on the computer" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Trusted LocationsAllow Trusted Locations not on the computer (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\Trusted Locations CCE-747 Table 1.11. Allow Trusted Locations not on the computer User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Trusted LocationsAllow Trusted Locations not on the computer The "Disable all trusted locations" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Trusted LocationsDisable all trusted locations (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\Trusted Locations CCE-782 Table 1.89. Disable all trusted locations User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Trusted LocationsDisable all trusted locations The "Disable commands" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledCmdBarItemsCheckBoxes CCE-1327 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands The "Disable commands - Office Button | PowerPoint Options | Customize | All Commands | Web Page Preview" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Office Button | PowerPoint Options | Customize | All Commands | Web Page Preview (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledCmdBarItemsCheckBoxes CCE-1723 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Office Button | PowerPoint Options | Customize | All Commands | Web Page Preview The "Disable commands - Office Button | Send | Email" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Send | Email (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledCmdBarItemsCheckBoxes CCE-1366 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Send | Email The "Disable commands - Insert | Links | Hyperlink" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Insert | Links | Hyperlink (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledCmdBarItemsCheckBoxes CCE-1679 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Insert | Links | Hyperlink The "Disable commands - Review | Proofing | Language" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Review | Proofing | Language (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledCmdBarItemsCheckBoxes CCE-1173 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Review | Proofing | Language The "Disable commands - View | Macros | Macros" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - View | Macros | Macros (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledCmdBarItemsCheckBoxes CCE-1714 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - View | Macros | Macros The "Disable commands - Developer | Code | Macros" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macros (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledCmdBarItemsCheckBoxes CCE-1485 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macros The "Disable commands - Developer | Code | Macro Security" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macro Security (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledCmdBarItemsCheckBoxes CCE-1687 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macro Security The "Disable commands - Developer | Code | Visual Basic" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Visual Basic (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledCmdBarItemsCheckBoxes CCE-1709 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Visual Basic The "Disable commands - Office Button | PowerPoint Options | Customize | All Commands | Document Location" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Office Button | PowerPoint Options | Customize | All Commands | Document Location (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledCmdBarItemsCheckBoxes CCE-1463 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Office Button | PowerPoint Options | Customize | All Commands | Document Location The "Disable commands - Disable shortcut keys" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Disable shortcut keys (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledShortcutKeysCheckBoxes CCE-1467 Table 1.94. Disable commands, Table 1.114. Disable shortcut keys User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Disable shortcut keys The "Disable commands - Ctrl+K (Insert | Links | Hyperlink)" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Ctrl+K (Insert | Links | Hyperlink) (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledShortcutKeysCheckBoxes CCE-1740 Table 1.94. Disable commands, Table 1.114. Disable shortcut keys User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Ctrl+K (Insert | Links | Hyperlink) The "Disable commands - Alt+F8 (Developer | Code | Macros)" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Alt+F8 (Developer | Code | Macros) (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledShortcutKeysCheckBoxes CCE-1780 Table 1.94. Disable commands, Table 1.114. Disable shortcut keys User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Alt+F8 (Developer | Code | Macros) The "Disable commands - Alt+F11 (Developer | Code | Visual Basic)" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Alt+F11 (Developer | Code | Visual Basic) (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledShortcutKeysCheckBoxes CCE-1661 Table 1.94. Disable commands, Table 1.114. Disable shortcut keys User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Alt+F11 (Developer | Code | Visual Basic) The "Block opening of pre-release versions of file formats new to PowerPoint 2007" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of pre-release versions of file formats new to PowerPoint 2007 (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileOpenBlock CCE-1688 Table 1.41. Block opening of pre-release versions of file formats new to PowerPoint 2007 User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of pre-release versions of file formats new to PowerPoint 2007 The "Block opening of Open Xml files types" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of Open Xml files types (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileOpenBlock CCE-1701 Table 1.38. Block opening of Open XML file types User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of Open Xml files types The "Block opening of Binary file types" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of Binary file types (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileOpenBlock CCE-1348 Table 1.30. Block opening of Binary file types User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of Binary file types The "Block opening of Html file types" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of Html file types (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileOpenBlock CCE-1644 Table 1.36. Block opening of HTML file types User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of Html file types The "Block opening of Outlines" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of Outlines (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileOpenBlock CCE-1194 Table 1.39. Block opening of Outlines User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of Outlines The "Block opening of Converters" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of Converters (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileOpenBlock CCE-1216 Table 1.31. Block opening of Converters User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of Converters The "Block saving of Open Xml file types" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Save\Block saving of Open Xml file types (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileSaveBlock CCE-1506 Table 1.57. Block saving of Open Xml file types User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Save\Block saving of Open Xml file types The "Block saving of Binary file types" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Save\Block saving of Binary file types (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileSaveBlock CCE-1136 Table 1.51. Block saving of Binary file types User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Save\Block saving of Binary file types The "Block saving of Html file types" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Save\Block saving of Html file types (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileSaveBlock CCE-1766 Table 1.56. Block saving of HTML file types User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Save\Block saving of Html file types The "Block saving of Outlines" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Save\Block saving of Outlines (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileSaveBlock CCE-1180 Table 1.58. Block saving of Outlines User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Save\Block saving of Outlines The "Block saving of GraphicFilters" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Save\Block saving of GraphicFilters (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileSaveBlock CCE-1722 Table 1.54. Block saving of GraphicFilters User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Save\Block saving of GraphicFilters The "Disable Slide Update" setting should be configured correctly for PowerPoint 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Miscellaneous\Disable Slide Update (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\slide libraries CCE-1731 Table 1.115. Disable Slide Update User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Miscellaneous\Disable Slide Update The "Hidden text" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Display\Hidden text (2) Software\Policies\Microsoft\Office\12.0\Word\Options\vpref CCE-885 Table 1.157. Hidden text User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Display\Hidden text The "Save files in this format (Word document (*.docx) | Single Files Web Page (*.mht) | Web Page (*.htm; *.html) | Web Page, Filtered (*.htm, *.html) | Rich Text Format (*.rtf) | Plain Text (*.txt) | Word 6.0/95 (*.doc) | Word 6.0/95 - Chinese (Simplified) (*.doc) | Word 6.0/95 - Chinese (Traditional) (*.doc) | Word 6.0/95 - Japanese (*.doc) | Word 6.0/95 - Korean (*.doc) | Word 97-2002 & 6.0/95 - RTF | Word 5.1 for Macintosh (*.mcw) | Word 5.0 for Macintosh (*.mcw) | Word 2.x for Windows (*.doc) | Works 4.0 for Windows (*.wps) | WordPerfect 5.x for Windows (*.doc) | WordPerfect 5.1 for DOS (*.doc) | Word 2007 Macro Enabled Document (*.docm) | Word 2007 Macro Free Template (*.dotx) | Word 2007 Macro Enabled Template (*.dotm) | Word 97 - 2003 Document (*.doc) | Word 97 - 2003 Template (*.dot) | Flat XML Document (*.xml))" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Save\Save files in this format (Word document (*.docx) | Single Files Web Page (*.mht) | Web Page (*.htm; *.html) | Web Page, Filtered (*.htm, *.html) | Rich Text Format (*.rtf) | Plain Text (*.txt) | Word 6.0/95 (*.doc) | Word 6.0/95 - Chinese (Simplified) (*.doc) | Word 6.0/95 - Chinese (Traditional) (*.doc) | Word 6.0/95 - Japanese (*.doc) | Word 6.0/95 - Korean (*.doc) | Word 97-2002 & 6.0/95 - RTF | Word 5.1 for Macintosh (*.mcw) | Word 5.0 for Macintosh (*.mcw) | Word 2.x for Windows (*.doc) | Works 4.0 for Windows (*.wps) | WordPerfect 5.x for Windows (*.doc) | WordPerfect 5.1 for DOS (*.doc) | Word 2007 Macro Enabled Document (*.docm) | Word 2007 Macro Free Template (*.dotx) | Word 2007 Macro Enabled Template (*.dotm) | Word 97 - 2003 Document (*.doc) | Word 97 - 2003 Template (*.dot) | Flat XML Document (*.xml)) (2) Software\Policies\Microsoft\Office\12.0\Word\Options CCE-1656 Table 1.212. Save files in this format User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Save\Save files in this format (Word document (*.docx) | Single Files Web Page (*.mht) | Web Page (*.htm; *.html) | Web Page, Filtered (*.htm, *.html) | Rich Text Format (*.rtf) | Plain Text (*.txt) | Word 6.0/95 (*.doc) | Word 6.0/95 - Chinese (Simplified) (*.doc) | Word 6.0/95 - Chinese (Traditional) (*.doc) | Word 6.0/95 - Japanese (*.doc) | Word 6.0/95 - Korean (*.doc) | Word 97-2002 & 6.0/95 - RTF | Word 5.1 for Macintosh (*.mcw) | Word 5.0 for Macintosh (*.mcw) | Word 2.x for Windows (*.doc) | Works 4.0 for Windows (*.wps) | WordPerfect 5.x for Windows (*.doc) | WordPerfect 5.1 for DOS (*.doc) | Word 2007 Macro Enabled Document (*.docm) | Word 2007 Macro Free Template (*.dotx) | Word 2007 Macro Enabled Template (*.dotm) | Word 97 - 2003 Document (*.doc) | Word 97 - 2003 Template (*.dot) | Flat XML Document (*.xml)) The "Number of documents in the Recent Documents list (0-50)" setting should be configured correctly for Word 2007. enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Advanced\Number of documents in the Recent Documents list (0-50) (2) Software\Policies\Microsoft\Office\12.0\Word\File MRU CCE-1537 User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Advanced\Number of documents in the Recent Documents list (0-50) The "Update automatic links at Open" setting should be configured correctly for Word 2007. enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Advanced\Update automatic links at Open (2) Software\Policies\Microsoft\Office\12.0\Word\Options CCE-1249 Table 1.231. Update automatic links at Open User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Advanced\Update automatic links at Open The "Save smart tags in e-mail" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Advanced\E-mail Options\Save smart tags in e-mail (2) Software\Policies\Microsoft\Office\12.0\Word\Options\vpref CCE-1509 User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Advanced\E-mail Options\Save smart tags in e-mail The "Determine whether to force encrypted macros to be scanned in Microsoft Word Open XML documents" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Determine whether to force encrypted macros to be scanned in Microsoft Word Open XML documents (2) Software\Policies\Microsoft\Office\12.0\Word\Security CCE-1280 Table 1.83. Determine whether to force encrypted macros to be scanned in Microsoft Word Open XML documents User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Determine whether to force encrypted macros to be scanned in Microsoft Word Open XML documents The "Disable all application add-ins" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Disable all application add-ins (2) Software\Policies\Microsoft\Office\12.0\Word\Security CCE-1681 Table 1.87. Disable all application add-ins User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Disable all application add-ins The "Require that application add-ins are signed by Trusted Publisher" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher (2) Software\Policies\Microsoft\Office\12.0\Word\Security CCE-1562 Table 1.200. Require that application add-ins are signed by Trusted Publisher User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher The "Disable Trust Bar Notification for unsigned application add-ins" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins (2) Software\Policies\Microsoft\Office\12.0\Word\Security CCE-1333 Table 1.120. Disable Trust Bar Notification for unsigned application add-ins User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins The "Allow Trusted Locations not on the computer" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Trusted LocationsAllow Trusted Locations not on the computer (2) Software\Policies\Microsoft\Office\12.0\Word\Security\Trusted Locations CCE-1355 Table 1.11. Allow Trusted Locations not on the computer User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Trusted LocationsAllow Trusted Locations not on the computer The "Disable all trusted locations" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Trusted LocationsDisable all trusted locations (2) Software\Policies\Microsoft\Office\12.0\Word\Security\Trusted Locations CCE-1637 Table 1.89. Disable all trusted locations User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Trusted LocationsDisable all trusted locations The "Disable commands" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes CCE-1659 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands The "Disable commands - Office Button | Word Options | Customize | All Commands | Save As Web Page" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Word Options | Customize | All Commands | Save As Web Page (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes CCE-1329 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Word Options | Customize | All Commands | Save As Web Page The "Disable commands - Office Button | Word Options | Customize | All Commands | Web Page Preview" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Word Options | Customize | All Commands | Web Page Preview (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes CCE-1632 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Word Options | Customize | All Commands | Web Page Preview The "Disable commands - Office Button | Send | Email" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Send | Email (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes CCE-1425 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Send | Email The "Disable commands - Insert | Links | Hyperlink" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Insert | Links | Hyperlink (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes CCE-1196 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Insert | Links | Hyperlink The "Disable commands - Review | Protect | Protect Document" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Review | Protect | Protect Document (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes CCE-936 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Review | Protect | Protect Document The "Disable commands - View | Macros | Macros" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - View | Macros | Macros (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes CCE-1354 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - View | Macros | Macros The "Disable commands - Developer | Code | Macros" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macros (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes CCE-1125 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macros The "Disable commands - Developer | Code | Record Macro" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Record Macro (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes CCE-1742 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Record Macro The "Disable commands - Developer | Code | Macro Security" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macro Security (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes CCE-1782 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macro Security The "Disable commands - Developer | Code | Visual Basic" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Visual Basic (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes CCE-1306 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Visual Basic The "Disable commands - Developer | Templates | Document Template" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Developer | Templates | Document Template (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes CCE-1548 Table 1.94. Disable commands User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Developer | Templates | Document Template The "Disable shortcut keys" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable shortcut keys (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledShortcutKeysCheckBoxes CCE-1716 Table 1.114. Disable shortcut keys User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable shortcut keys The "Disable shortcut keys - Ctrl+F (Home | Editing | Find)" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable shortcut keys - Ctrl+F (Home | Editing | Find) (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledShortcutKeysCheckBoxes CCE-1597 Table 1.114. Disable shortcut keys User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable shortcut keys - Ctrl+F (Home | Editing | Find) The "Disable shortcut keys - Ctrl+K (Insert | Links | Hyperlink)" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable shortcut keys - Ctrl+K (Insert | Links | Hyperlink) (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledShortcutKeysCheckBoxes CCE-1689 Table 1.114. Disable shortcut keys User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable shortcut keys - Ctrl+K (Insert | Links | Hyperlink) The "Disable shortcut keys - Alt+F8 (Developer | Code | Macros)" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable shortcut keys - Alt+F8 (Developer | Code | Macros) (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledShortcutKeysCheckBoxes CCE-1570 Table 1.114. Disable shortcut keys User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable shortcut keys - Alt+F8 (Developer | Code | Macros) The "Disable shortcut keys - Alt+F11 (Developer | Code | Visual Basic)" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable shortcut keys - Alt+F11 (Developer | Code | Visual Basic) (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledShortcutKeysCheckBoxes CCE-1720 Table 1.114. Disable shortcut keys User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable shortcut keys - Alt+F11 (Developer | Code | Visual Basic) The "Block opening of pre-release versions of file formats new to Word 2007" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of pre-release versions of file formats new to Word 2007 (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock CCE-1746 Table 1.43. Block opening of pre-release versions of file formats new to Word 2007 User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of pre-release versions of file formats new to Word 2007 The "Block opening of Open XML file types" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of Open XML file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock CCE-1504 Table 1.38. Block opening of Open XML file types User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of Open XML file types The "Block opening of Binary file types" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of Binary file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock CCE-1654 Table 1.30. Block opening of Binary file types User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of Binary file types The "Block opening of HTML file types" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of HTML file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock CCE-1160 Table 1.36. Block opening of HTML file types User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of HTML file types The "Block opening of Word 2003 XML file types" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of Word 2003 XML file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock CCE-958 Table 1.47. Block opening of Word 2003 XML file types User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of Word 2003 XML file types The "Block opening of RTF file types" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of RTF file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock CCE-1579 Table 1.45. Block opening of RTF file types User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of RTF file types The "Block open Converters" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block open Converters (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock CCE-984 Table 1.28. Block open Converters User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block open Converters The "Block opening of Text file types" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of Text file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock CCE-1072 Table 1.46. Block opening of Text file types User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of Text file types The "Block opening of Internal file types" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of Internal file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock CCE-1503 Table 1.37. Block opening of Internal file types User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of Internal file types The "Block opening of files before version" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of files before version (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock CCE-1371 Table 1.33. Block opening of files before version User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of files before version The "Block saving of Open XML file types" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of Open XML file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileSaveBlock CCE-1019 Table 1.57. Block saving of Open Xml file types User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of Open XML file types The "Block saving of Binary file types" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of Binary file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileSaveBlock CCE-1684 Table 1.51. Block saving of Binary file types User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of Binary file types The "Block saving of HTML file types" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of HTML file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileSaveBlock CCE-1675 Table 1.56. Block saving of HTML file types User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of HTML file types The "Block saving of Word 2003 XML file types" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of Word 2003 XML file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileSaveBlock CCE-1200 Table 1.61. Block saving of Word 2003 XML file types User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of Word 2003 XML file types The "Block saving of RTF file types" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of RTF file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileSaveBlock CCE-1741 Table 1.59. Block saving of RTF file types User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of RTF file types The "Block saving of Converters" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of Converters (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileSaveBlock CCE-1231 Table 1.53. Block saving of Converters User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of Converters The "Block saving of Text file types" setting should be configured correctly for Word 2007. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of Text file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileSaveBlock CCE-1755 Table 1.60. Block saving of Text file types User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of Text file types The InfoPath APTCA Assembly Whitelist setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office InfoPath 2007 (Machine)\Security\InfoPath APTCA Assembly Whitelist (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security\APTCA CCE-1169 Table 2.6. InfoPath APTCA Assembly allowable list Computer Configuration\Administrative Templates\Microsoft Office InfoPath 2007 (Machine)\Security\InfoPath APTCA Assembly Whitelist The Windows Internet Explorer Feature Control Opt-In (None | InfoPath.exe, Document Information Panel and Workflow forms | InfoPath.exe, Document Information Panel, Workflow forms and 3rd Party Hosting) setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office InfoPath 2007 (Machine)\Security\Windows Internet Explorer Feature Control Opt-In (None | InfoPath.exe, Document Information Panel and Workflow forms | InfoPath.exe, Document Information Panel, Workflow forms and 3rd Party Hosting) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security CCE-1735 Computer Configuration\Administrative Templates\Microsoft Office InfoPath 2007 (Machine)\Security\Windows Internet Explorer Feature Control Opt-In (None | InfoPath.exe, Document Information Panel and Workflow forms | InfoPath.exe, Document Information Panel, Workflow forms and 3rd Party Hosting) The InfoPath APTCA Assembly Whitelist Enforcement setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office InfoPath 2007 (Machine)\Security\InfoPath APTCA Assembly Whitelist Enforcement (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security CCE-1739 Table 2.7. InfoPath APTCA Assembly Allowable List Enforcement Computer Configuration\Administrative Templates\Microsoft Office InfoPath 2007 (Machine)\Security\InfoPath APTCA Assembly Whitelist Enforcement The Disable Package Repair setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\Disable Package Repair (2) Software\Policies\Microsoft\Office\12.0\Common\OpenXMLFormat CCE-933 Table 2.3. Disable Package Repair Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\Disable Package Repair The Disable user name and password setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE CCE-1563 Table 2.4. Disable user name and password Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password The Disable user name and password - excel.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - excel.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE CCE-1215 Table 2.4. Disable user name and password Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - excel.exe STIG ID: DTOO104 - Excel Rule ID: SV-18567r3_rule Vuln ID: V-17173: Disable user name and password syntax from being used in URLs. The Disable user name and password - powerpnt.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - powerpnt.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE CCE-1484 Table 2.4. Disable user name and password Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - powerpnt.exe STIG ID: DTOO104 - PowerPoint Rule ID: SV-18179r3_rule Vuln ID: V-17173: Disable user name and password syntax from being used in URLs. The Disable user name and password - pptview.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - pptview.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE CCE-1629 Table 2.4. Disable user name and password Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - pptview.exe STIG ID: DTOO104 - PowerPoint Rule ID: SV-18179r3_rule Vuln ID: V-17173: Disable user name and password syntax from being used in URLs. The Disable user name and password - winword.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - winword.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE CCE-1762 Table 2.4. Disable user name and password Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - winword.exe STIG ID: DTOO104 - Word Rule ID: SV-18180r3_rule Vuln ID: V-17173: Disable user name and password for Word. The Disable user name and password - outlook.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - outlook.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE CCE-1660 Table 2.4. Disable user name and password Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - outlook.exe STIG ID: DTOO104 - Outlook Rule ID: SV-18181r3_rule Vuln ID: V-17173 Disable user name and password syntax from being used in URLs The Disable user name and password - spDesign.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - spDesign.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE CCE-1057 Table 2.4. Disable user name and password Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - spDesign.exe STIG ID: DTOO104 - InfoPath Rule ID: SV-18182r3_rule Vuln ID: V-17173 Disable user name and password syntax from being used in URLs The Disable user name and password - msaccess.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - msaccess.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE CCE-1285 Table 2.4. Disable user name and password Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - msaccess.exe STIG ID: DTOO104 - Access Rule ID: SV-19429r3_rule Vuln ID: V-17173: Disable user name and password syntax from being used in URLs The Bind to object setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT CCE-1669 Table 2.1. Bind to object Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object The Bind to object - excel.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - excel.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT CCE-1691 Table 2.1. Bind to object Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - excel.exe STIG ID: DTOO111 - Excel Rule ID: SV-18185r3_rule Vuln ID: V-17174: Bind to Object - Excel The Bind to object - powerpnt.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - powerpnt.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT CCE-1338 Table 2.1. Bind to object Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - powerpnt.exe STIG ID: DTOO111 - PowerPoint Rule ID: SV-18186r3_rule Vuln ID: V-17174: Enable IE Bind to Object functionality for instances of IE launched from PowerPoint. The Bind to object - pptview.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - pptview.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT CCE-1717 Table 2.1. Bind to object Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - pptview.exe STIG ID: DTOO111 - PowerPoint Rule ID: SV-18186r3_rule Vuln ID: V-17174: Enable IE Bind to Object functionality for instances of IE launched from PowerPoint. The Bind to object - winword.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - winword.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT CCE-1488 Table 2.1. Bind to object Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - winword.exe STIG ID: DTOO111 - Word Rule ID: SV-18187r3_rule Vuln ID: V-17174: Enable IE Bind to Object functionality for instances of IE launched from Word. The Bind to object - outlook.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - outlook.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT CCE-1638 Table 2.1. Bind to object Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - outlook.exe STIG ID: DTOO111 - Outlook Rule ID: SV-18188r3_rule Vuln ID: V-17174: Enable IE Bind to Object functionality for instances of IE launched from Outlook The Bind to object - spDesign.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - spDesign.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT CCE-1647 Table 2.1. Bind to object Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - spDesign.exe STIG ID: DTOO111 - InfoPath Rule ID: SV-18189r3_rule Vuln ID: V-17174: Enable IE Bind to Object functionality for instances of IE launched from InfoPath. The Bind to object - msaccess.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - msaccess.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT CCE-1294 Table 2.1. Bind to object Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - msaccess.exe STIG ID: DTOO111 - Access Rule ID: SV-18190r3_rule Vuln ID: V-17174: Bind to Object - Access The Saved from URL setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK CCE-1193 Table 2.9. Saved from URL Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL The Saved from URL - excel.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - excel.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK CCE-1352 Table 2.9. Saved from URL Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - excel.exe STIG ID: DTOO117 - Excel Rule ID: SV-18200r3_rule Vuln ID: V-17175: Evaluate Saved from URL mark when launched from Excel The Saved from URL - powerpnt.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - powerpnt.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK CCE-928 Table 2.9. Saved from URL Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - powerpnt.exe STIG ID: DTOO117 - PowerPoint Rule ID: SV-18201r3_rule Vuln ID: V-17175: Evaluate Saved from URL mark when launched from PowerPoint The Saved from URL - pptview.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - pptview.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK CCE-1576 Table 2.9. Saved from URL Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - pptview.exe STIG ID: DTOO117 - PowerPoint Rule ID: SV-18201r3_rule Vuln ID: V-17175: Evaluate Saved from URL mark when launched from PowerPoint The Saved from URL - word.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - winword.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK CCE-1100 Table 2.9. Saved from URL Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - winword.exe STIG ID: DTOO117 - Word Rule ID: SV-18202r3_rule Vuln ID: V-17175: Saved from URL - Word The Saved from URL - outlook.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - outlook.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK CCE-1232 Table 2.9. Saved from URL Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - outlook.exe STIG ID: DTOO117 - Outlook Rule ID: SV-18203r3_rule Vuln ID: V-17175: Evaluate Saved from URL mark when launched from OutLook The Saved from URL - spDesign.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - spDesign.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK CCE-1774 Table 2.9. Saved from URL Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - spDesign.exe STIG ID: DTOO117 - InfoPath Rule ID: SV-18204r3_rule Vuln ID: V-17175: Evaluate Saved from URL mark when launched from InfoPath. The Saved from URL - msaccess.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - msaccess.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK CCE-906 Table 2.9. Saved from URL Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - msaccess.exe STIG ID: DTOO117 - Access Rule ID: SV-18205r3_rule Vuln ID: V-17175: Saved from URL - Access The Navigate URL setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL CCE-1034 Table 2.8. Navigate URL Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL The Navigate URL - excel.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - excel.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL CCE-1435 Table 2.8. Navigate URL Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - excel.exe STIG ID: DTOO123 - Excel Rule ID: SV-18207r3_rule Vuln ID: V-17183: Block navigation to URL embedded in Office products to protect against attack by malformed URL. The Navigate URL - powerpnt.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - powerpnt.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL CCE-1708 Table 2.8. Navigate URL Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - powerpnt.exe STIG ID: DTOO123 - PowerPoint Rule ID: SV-18208r3_rule Vuln ID: V-17183: Block navigation to URL embedded in Office products to protect against attack by malformed URL. The Navigate URL - pptview.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - pptview.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL CCE-808 Table 2.8. Navigate URL Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - pptview.exe STIG ID: DTOO123 - PowerPoint Rule ID: SV-18208r3_rule Vuln ID: V-17183: Block navigation to URL embedded in Office products to protect against attack by malformed URL. The Navigate URL - winword.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - winword.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL CCE-1650 Table 2.8. Navigate URL Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - winword.exe STIG ID: DTOO123 - Word Rule ID: SV-18604r3_rule Vuln ID: V-17183: Block navigation to URL embedded in Office products to protect against attack by malformed URL. The Navigate URL - outlook.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - outlook.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL CCE-1223 Table 2.8. Navigate URL Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - outlook.exe STIG ID: DTOO123 - Outlook Rule ID: SV-18602r4_rule Vuln ID: V-17183: Block navigation to URL embedded in Office products to protect against attack by malformed URL. The Navigate URL - spDesign.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - spDesign.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL CCE-1764 Table 2.8. Navigate URL Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - spDesign.exe STIG ID: DTOO123 - InfoPath Rule ID: SV-18601r3_rule Vuln ID: V-17183: Block navigation to URL embedded in Office products to protect against attack by malformed URL. The Navigate URL - msaccess.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - msaccess.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL CCE-1769 Table 2.8. Navigate URL Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - msaccess.exe STIG ID: DTOO123 - Access Rule ID: SV-18603r4_rule Vuln ID: V-17183: Block navigation to URL embedded in Office products to protect against attack by malformed URL. The Block popups setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT CCE-1152 Table 2.2. Block popups Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups The Block popups - excel.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - excel.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT CCE-1566 Table 2.2. Block popups Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - excel.exe STIG ID: DTOO129 - Excel Rule ID: SV-18210r3_rule Vuln ID: V-17184: Block pop-ups for links that invoke instances of IE from within Excel The Block popups - powerpnt.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - powerpnt.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT CCE-1077 Table 2.2. Block popups Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - powerpnt.exe STIG ID: DTOO129 - PowerPoint Rule ID: SV-18211r3_rule Vuln ID: V-17184: Block pop-ups for links that invoke instances of IE from within PowerPoint. The Block popups - pptview.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - pptview.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT CCE-1606 Table 2.2. Block popups Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - pptview.exe STIG ID: DTOO129 - PowerPoint Rule ID: SV-18211r3_rule Vuln ID: V-17184: Block pop-ups for links that invoke instances of IE from within PowerPoint. The Block popups - winword.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - winword.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT CCE-1738 Table 2.2. Block popups Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - winword.exe STIG ID: DTOO129 - Word Rule ID: SV-18212r4_rule Vuln ID: V-17184: Block pop-ups for links that invoke instances of IE from within Word. The Block popups - outlook.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - outlook.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT CCE-1262 Table 2.2. Block popups Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - outlook.exe STIG ID: DTOO129 - Outlook Rule ID: SV-18213r3_rule Vuln ID: V-17184: Block pop-ups for links that invoke instances of IE from within Outlook. The Block popups - spDesign.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - spDesign.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT CCE-1663 Table 2.2. Block popups Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - spDesign.exe STIG ID: DTOO129 - InfoPath Rule ID: SV-18214r3_rule Vuln ID: V-17184: Block pop-ups for links that invoke instances of IE from within InfoPath. The Block popups - msaccess.exe setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - msaccess.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT CCE-1544 Table 2.2. Block popups Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - msaccess.exe STIG ID: DTOO129 - Access Rule ID: SV-18215r3_rule Vuln ID: V-17184: No pop-ups - Access The "Prevent users from customizing attachment security settings" setting should be configured correctly. (1) 1 = Enabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Prevent users from customizing attachment security settings (2) HKCU\Software\Policies\Microsoft\Office\12.0\Outlook - DisallowAttachmentCustomization CCE-1443 User Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Prevent users from customizing attachment security settings The "Access: Macro Security Level" setting should be configured correctly. (1) 1 = Enabled - Low | 2 = Enabled - Medium | 3 = Enabled - High (1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Access: Macro Security Leve (2) HKLM\Software\Policies\Microsoft\Office\11.0\Access\Security - Level (3) User Configuration\Administrative Templates\Microsoft Office Access 2003\Tools\Macros\Security\Security level (4) HKCU\Software\Policies\Microsoft\Office\11.0\Access\Security - Level CCE-1161 The "Access: Trust all installed add – ins and templates" setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Access: Trust all installed add – ins and templates (2) HKLM\Software\Policies\Microsoft\Office\11.0\Access\Security - DontTrustInstalledFiles (3) User Configuration\Administrative Templates\Microsoft Office Access 2003\Tools\Macros\Security\Trust all installed add-ins and templates (4) HKCU\Software\Policies\Microsoft\Office\11.0\Access\Security - DontTrustInstalledFiles CCE-1421 The "Excel: Macro Security Level" setting should be configured correctly. (1) 1 = Enabled - Low | 2 = Enabled - Medium | 3 = Enabled - High (1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Excel: Macro Security Level (2) HKLM\Software\Policies\Microsoft\Office\11.0\Excel\Security - Level (3) User Configuration\Administrative Templates\Microsoft Office Excel 2003\Tools\Macros\Security\Security level (4) HKCU\Software\Policies\Microsoft\Office\11.0\Excel\Security - Level CCE-1571 The "Excel: Trust all installed add – ins and templates" setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Excel: Trust all installed add – ins and templates (2) HKLM\Software\Policies\Microsoft\Office\11.0\Excel\Security - DontTrustInstalledFiles (3) User Configuration\Administrative Templates\Microsoft Office Excel 2003\Tools\Macros\Security\Trust all installed add-ins and templates (4) HKCU\Software\Policies\Microsoft\Office\11.0\Excel\Security - DontTrustInstalledFiles CCE-1721 The "Outlook: Macro Security Level" setting should be configured correctly. (1) 1 = Enabled - Low | 2 = Enabled - Medium | 3 = Enabled - High (1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Outlook: Macro Security Level (2) HKLM\Software\Policies\Microsoft\Office\11.0\Outlook\Security - Level (3) User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools\Macros\Security\Security Level (4) HKCU\Software\Policies\Microsoft\Office\11.0\Outlook - Security\Level CCE-1602 The "Outlook: Trust all installed add-ins and templates" setting should be configured correctly. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools\Macros\Security\Outlook: Trust all installed add-ins and templates (2) HKCU\Software\Policies\Microsoft\Office\11.0\Outlook\Security - DontTrustInstalledFiles CCE-1624 The "Outlook virus security settings" setting should be configured correctly. (1) 0 = Uses default administrative settings | 1 = Look in the Outlook Security Settings folder | 2 = Look in the Outlook 10 Security Settings folder (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools\Options\Security\Outlook virus security settings (2) HKCU\Software\Policies\Microsoft\Security - CheckAdminSettings CCE-1522 The "S/MIME receipt requests" setting should be configured correctly. (1) 0 = Open message if receipt can't be sent | 1 = Always prompt before sending receipt | 2 = Never send S/MIME receipts | 3 = Don't open message if receipt can't be sent (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools\Options\Security\Cryptography\S/MIME receipt requests (2) HKCU\Software\Policies\Microsoft\Office\11.0\Outlook\Security - RespondToReceiptRequests CCE-1183 The "PowerPoint: Macro Security Level" setting should be configured correctly. (1) 1 = Enabled - Low | 2 = Enabled - Medium | 3 = Enabled - High (1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\PowerPoint: Macro Security Level (2) HKLM\Software\Policies\Microsoft\Office\11.0\PowerPoint\Security - Level (3) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2003\Tools\Macro\Security\Security Level (4) HKCU\Software\Policies\Microsoft\Office\11.0\PowerPoint - Security\Level CCE-1611 The "PowerPoint: Trust all installed add – ins and templates" setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\PowerPoint: Trust all installed add – ins and templates (2) HKLM\Software\Policies\Microsoft\Office\11.0\PowerPoint\Security - DontTrustInstalledFiles (3) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2003\Tools\Macro\Security\Trust all installed add – ins and templates (4) HKCU\Software\Policies\Microsoft\Office\11.0\PowerPoint\Security - DontTrustInstalledFiles CCE-1633 The "Publisher: Macro Security Level" setting should be configured correctly. (1) 1 = Enabled - Low | 2 = Enabled - Medium | 3 = Enabled - High (1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Publisher: Macro Security Level (2) HKLM\Software\Policies\Microsoft\Office\11.0\Publisher\Security - Level CCE-822 The "Publisher: Trust all installed add–ins and templates" setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Publisher: Trust all installed add–ins and templates (2) HKLM\Software\Policies\Microsoft\Office\11.0\Publisher\Security - DontTrustInstalledFiles CCE-1734 The "Word: Macro Security Level" setting should be configured correctly. (1) 1 = Enabled - Low | 2 = Enabled - Medium | 3 = Enabled - High (1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Word: Macro Security Level (2) HKLM\Software\Policies\Microsoft\Office\11.0\Word\Security - Level (3) User Configuration\Administrative Templates\Microsoft Office Word 2003\Tools\Macro\Security\Security Level (4) HKCU\Software\Policies\Microsoft\Office\11.0\Word - Security\Level CCE-1628 The "Word: Trust all installed add–ins and templates" setting should be configured correctly. (1) enabled/disabled (1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Word: Trust all installed add–ins and templates (2) HKLM\Software\Policies\Microsoft\Office\11.0\Word\Security - DontTrustInstalledFiles (3) User Configuration\Administrative Templates\Microsoft Office Word 2003\Tools\Macro\Security\Trust all installed add – ins and templates (4) HKCU\Software\Policies\Microsoft\Office\11.0\Word\Security - DontTrustInstalledFiles CCE-1761 The "Store random number to improve merge accuracy" setting should be configured correctly. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office Word 2003\Tools\Options\Security\Store random number to improve merge accuracy (2) HKCU\Software\Policies\Microsoft\Office\11.0\Word\Options\vpref - fDontSaveRSID_1804_1 CCE-1302 The "Prevent Users from Changing Office Encryption Settings" setting should be configured correctly. (1) enabled/disabled (1) User Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Prevent Users from Changing Office Encryption Settings (2) HKCU\Software\Policies\Microsoft\Office\11.0\Common\Security - DisableCustomEncryption CCE-1307 The "Disable Update Diagnostics" setting should be configured correctly. (1) 0 = Disabled | 1 = Enabled (1)Computer Configuration\Administrative Templates\Classic Administrative Templates (ADM)\Microsoft Office 2007 system\Office Diagnostics\Disable Update Diagnostics (2) HKLM\Software\Policies\Microsoft\Office\Common\OffDiag\DisableOffDiagnostics Computer Configuration\Administrative Templates\Classic Administrative Templates (ADM)\Microsoft Office 2007 system\Office Diagnostics\Disable Update Diagnostics The "Allow Active X One Off Forms" setting should be configured correctly for Outlook 2007. (1) 0 = Enabled (Load only Outlook Controls) | 1 = Enabled (Allows only Safe Controls) | 2 = Enabled (Allows all ActiveX Controls) (1) User Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Allow Active X One Off Forms (2) HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Security\AllowActiveXOneOffForms User Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Allow Active X One Off Forms The "Allow access to e-mail attachments" setting should be configured correctly for Outlook 2007. (1) 0 = Disabled | 1 = Enabled (1) User Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Allow access to e-mail attachments (2) HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Security\Level1Add User Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Allow access to e-mail attachments The "Do not automatically sign replies" setting should be configured correctly for Outlook 2007. 0 = Disabled | 1 = Enabled (1) User Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Do not automatically sign replies (2) HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Security\NoSignOnReply User Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Do not automatically sign replies The "Prompt user to choose security settings if default settings fail" setting should be configured correctly for Outlook 2007. (1) 0 = Disabled | 1 = Enabled (1) User Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Prompt user to choose security settings if default settings fail (2) HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Security\ForceDefaultProfile User Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Prompt user to choose security settings if default settings fail “Configure trusted add-ins” setting should be configured correctly for Outlook 2007. Enabled | Disabled (1) User Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Trusted Add-ins (2) HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Security\TrustedAddins STIG ID: DTOO256 - Outlook Rule ID: SV-18689r2_rule Vuln ID: V-17575: Configure trusted add-ins behavior for eMail. The "Default file location" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Save\Default file location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\recentfolderlist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Suppress file format compatibility dialog box for OpenDocument Presentation format" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Save\Suppress file format compatibility dialog box for OpenDocument Presentation format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Keep the last AutoSaved versions of files for the next session" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Save\Keep the last AutoSaved versions of files for the next session HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Package For CD" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Save\Disable Package For CD HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default file format" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Save\Default file format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Save AutoRecover info" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Save\Save AutoRecover info HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable commands" SharePoint Designer setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft SharePoint Designer 2010\Disable Items in User Interface\Predefined\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\sharepoint designer\disabledcmdbaritemscheckboxes Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable commands" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Disable Items in User Interface\Predefined\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\disabledcmdbaritemscheckboxes Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable shortcut keys" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Disable Items in User Interface\Predefined\Disable shortcut keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\disabledshortcutkeyscheckboxes Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Places Bar Location 6" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Places Bar Locations\Places Bar Location 6 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\adminaddedplaces\place5 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Places Bar Location 5" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Places Bar Locations\Places Bar Location 5 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\adminaddedplaces\place4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Places Bar Location 7" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Places Bar Locations\Places Bar Location 7 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\adminaddedplaces\place6 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Places Bar Location 3" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Places Bar Locations\Places Bar Location 3 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\adminaddedplaces\place2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Places Bar Location 8" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Places Bar Locations\Places Bar Location 8 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\adminaddedplaces\place7 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Places Bar Location 1" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Places Bar Locations\Places Bar Location 1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\adminaddedplaces\place0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Places Bar Location 9" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Places Bar Locations\Places Bar Location 9 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\adminaddedplaces\place8 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Places Bar Location 4" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Places Bar Locations\Places Bar Location 4 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\adminaddedplaces\place3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Places Bar Location 10" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Places Bar Locations\Places Bar Location 10 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\adminaddedplaces\place9 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Places Bar Location 2" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Places Bar Locations\Places Bar Location 2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\adminaddedplaces\place1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Project Guide Functionality and Layout page" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Interface\Project Guide settings for 'Project1'\Project Guide Functionality and Layout page HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\interface Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Project Guide Content" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Interface\Project Guide settings for 'Project1'\Project Guide Content HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\interface Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not show data extraction options when opening corrupt workbooks" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Data Recovery\Do not show data extraction options when opening corrupt workbooks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scroll Bars" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\View\Show\Scroll Bars HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\view Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Windows in Taskbar" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\View\Show\Windows in Taskbar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\view Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatically add new items to the global project" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\View\Show\Automatically add new items to the global project HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\view Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Status Bar" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\View\Show\Status Bar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\view Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "OLE Link Indicators" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\View\Show\OLE Link Indicators HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\view Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Project Screentips" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\View\Show\Project Screentips HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\view Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Entry Bar" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\View\Show\Entry Bar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\view Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure fast shutdown behavior for add-ins" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Miscellaneous\Configure fast shutdown behavior for add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\shutdown Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure fast shutdown behavior" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Miscellaneous\Configure fast shutdown behavior HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\shutdown Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent shutdown if external references exist" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Miscellaneous\Prevent shutdown if external references exist HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\shutdown Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set query items limit" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Synchronization\Set query items limit HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\synchronization Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set subscription refresh retry interval" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Synchronization\Set subscription refresh retry interval HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\synchronization Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set maximum number of retries when synchronization fails" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Synchronization\Set maximum number of retries when synchronization fails HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\synchronization Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set errors cleanup interval" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Synchronization\Set errors cleanup interval HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\synchronization Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set refresh frequency limit" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Synchronization\Set refresh frequency limit HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\synchronization Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set maximum sleep interval" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Synchronization\Set maximum sleep interval HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\synchronization Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set the cleanup interval" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Synchronization\Set the cleanup interval HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\synchronization Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set query processing timeout limit" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Synchronization\Set query processing timeout limit HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\synchronization Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Trust Bar Notification for unsigned application add-ins" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable all application add-ins" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Disable all application add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Data Execution Prevention" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Turn off Data Execution Prevention HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Block cross-domain data form retrieval" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Block cross-domain data form retrieval HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Require that application add-ins are signed by Trusted Publisher" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable all trusted locations" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Disable all trusted locations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locations Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off file synchronization via SOAP over HTTP" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Miscellaneous\Server Settings\Turn off file synchronization via SOAP over HTTP HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Insertions color" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Track changes and compare\Insertions color HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Table compare colors" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Track changes and compare\Table compare colors HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Balloons" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Track changes and compare\Balloons HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Deletions color" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Track changes and compare\Deletions color HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Compare resulting document" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Track changes and compare\Compare resulting document HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Ignore White Space" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Track changes and compare\Ignore White Space HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Outlook send email to OneNote option" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Send to OneNote\Disable Outlook send email to OneNote option HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\outlookandweb Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Offline data cached per form template" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Advanced\Offline\Offline data cached per form template HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\editor\offline Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Offline Mode cache size" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Advanced\Offline\Offline Mode cache size HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\editor\offline Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Offline Mode status" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Advanced\Offline\Offline Mode status HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\editor\offline Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include new rows and columns in table" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Proofing\Autocorrect Options\Include new rows and columns in table HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Internet and network paths as hyperlinks" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Proofing\Autocorrect Options\Internet and network paths as hyperlinks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hyperlink color" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Web Options...\General\Hyperlink color HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Underline hyperlinks" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Web Options...\General\Underline hyperlinks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Followed hyperlink color" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Web Options...\General\Followed hyperlink color HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open last file on startup" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\General\General options for Microsoft Project\Open last file on startup HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prompt for project info for new projects" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\General\General options for Microsoft Project\Prompt for project info for new projects HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Recently used file list (MRU)" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\General\General options for Microsoft Project\Recently used file list (MRU) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set AutoFilter on for new projects" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\General\General options for Microsoft Project\Set AutoFilter on for new projects HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "List of error messages to customize" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Customizable Error Messages\List of error messages to customize HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\customizablealerts Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable user from setting personal site as default location" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Shared Workspace\Disable user from setting personal site as default location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic Discovery" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Shared Workspace\Automatic Discovery HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\sharepointtracking Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "OLAP PivotTable User Defined Function (UDF) security setting" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Miscellaneous\OLAP PivotTable User Defined Function (UDF) security setting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not cache network files locally" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Miscellaneous\Do not cache network files locally HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Graph gallery path" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Miscellaneous\Graph gallery path HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\graph\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable four-digit year display" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Miscellaneous\Enable four-digit year display HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set maximum number of trusted documents" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Set maximum number of trusted documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted documents Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable all application add-ins" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Disable all application add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set maximum number of trust records to preserve" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Set maximum number of trust records to preserve HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted documents Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Require that application add-ins are signed by Trusted Publisher" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "VBA Macro Notification Settings" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\VBA Macro Notification Settings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Store macro in Personal Macro Workbook by default" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Store macro in Personal Macro Workbook by default HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust access to Visual Basic Project" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trust access to Visual Basic Project HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Trusted Documents on the network" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Turn off Trusted Documents on the network HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted documents Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Data Execution Prevention" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Turn off Data Execution Prevention HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Trust Bar Notification for unsigned application add-ins and block them" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins and block them HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off trusted documents" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Turn off trusted documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted documents Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show scheduling messages" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Schedule options for Microsoft Project\Show scheduling messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\scheduling Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show assignment units as" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Schedule options for Microsoft Project\Show assignment units as HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\scheduling Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Primary Editing Language" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Primary Editing Language HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off CAD/DWG functionality" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Save\Turn off CAD/DWG functionality HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set refresh time for Calendar information for the person name action" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Set refresh time for Calendar information for the person name action HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Send Mail item in the person name actions menu." common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable the Send Mail item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable all person name actions menu items" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable all person name actions menu items HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Manager item in the person name actions menu." common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable the Manager item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Office Location item in the person name actions menu." common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable the Office Location item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Messaging item in the person name actions menu." common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable the Messaging item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Phone Number item in the person name actions menu." common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable the Phone Number item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Registered Person item in the person name actions menu." common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable the Registered Person item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Free/Busy item in the person name actions menu." common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable the Free/Busy item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable person name actions for my messaging contacts in Word and Excel" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable person name actions for my messaging contacts in Word and Excel HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Add/Open Outlook Contacts item in the person name actions menu." common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable the Add/Open Outlook Contacts item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Outlook Properties item in the person name actions menu." common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable the Outlook Properties item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Online Status item in the person name actions menu." common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable the Online Status item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Create Rule item in the person name actions menu." common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable Create Rule item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Internet Fax feature" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Services\Fax\Disable Internet Fax feature HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\services\fax Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disallow custom cover sheet" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Services\Fax\Disallow custom cover sheet HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\services\fax Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Plain text options" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Mail Format\Internet Formatting\Plain text options HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\mailsettings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Outlook Rich Text options" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Mail Format\Internet Formatting\Outlook Rich Text options HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Warn before permanently deleting items" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Warn before permanently deleting items HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Minimize Outlook to the system tray" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Minimize Outlook to the system tray HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not allow Outlook object model scripts to run for shared folders" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Do not allow Outlook object model scripts to run for shared folders HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Unicode format when dragging e-mail message to file system" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Use Unicode format when dragging e-mail message to file system HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Save calendar sync conflicts" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Save calendar sync conflicts HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on logging for all conflicts" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Turn on logging for all conflicts HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Save RSS conflicts" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Save RSS conflicts HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable mail logging (troubleshooting)" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Enable mail logging (troubleshooting) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not allow Outlook object model scripts to run for public folders" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Do not allow Outlook object model scripts to run for public folders HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not allow folders in non-default stores to be set as folder home pages" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Do not allow folders in non-default stores to be set as folder home pages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent saving sync conflicts" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Prevent saving sync conflicts HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure CNG cipher chaining mode" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Security\Cryptography\Configure CNG cipher chaining mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set CNG password spin count" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Security\Cryptography\Set CNG password spin count HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set CNG cipher algorithm" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Security\Cryptography\Set CNG cipher algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify encryption compatibility" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Security\Cryptography\Specify encryption compatibility HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set parameters for CNG context" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Security\Cryptography\Set parameters for CNG context HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set CNG cipher key length" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Security\Cryptography\Set CNG cipher key length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify CNG hash algorithm" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Security\Cryptography\Specify CNG hash algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify CNG random number generator algorithm" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Security\Cryptography\Specify CNG random number generator algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify CNG salt length" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Security\Cryptography\Specify CNG salt length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set Outlook object model custom actions execution prompt" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Custom Form Security\Set Outlook object model custom actions execution prompt HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow scripts in one-off Outlook forms" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Custom Form Security\Allow scripts in one-off Outlook forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "AutoArchive Settings" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\AutoArchive\AutoArchive Settings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable File|Archive" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\AutoArchive\Disable File|Archive HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent co-authoring" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Collaboration Settings\Co-authoring\Prevent co-authoring HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\coauthoring Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Internal ID Matching" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Interface\Disable Internal ID Matching HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\interface Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable shortcut keys" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Disable Items in User Interface\Custom\Disable shortcut keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\disabledshortcutkeyslist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable commands" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Disable Items in User Interface\Custom\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\disabledcmdbaritemslist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Force selection of account before sending" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Mail\Compose Messages\Force selection of account before sending HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default servers and data for Meeting Workspaces" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Meeting Workspace\Default servers and data for Meeting Workspaces HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\meetings\profile Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable user entries to server list" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Meeting Workspace\Disable user entries to server list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\meetings\profile Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not display Meeting Workspace button on the Meeting Request form" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Meeting Workspace\Do not display Meeting Workspace button on the Meeting Request form HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\meetings\profile Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #8" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #8 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location8 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Trusted Locations on the network" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Allow Trusted Locations on the network HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #13" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #13 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location13 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #1" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #16" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #16 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location16 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable all trusted locations" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Disable all trusted locations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #3" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #3 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #19" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #19 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location19 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #17" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #17 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location17 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #4" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #4 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #14" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #14 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location14 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #2" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #18" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #18 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location18 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #6" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #6 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location6 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #15" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #15 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location15 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #11" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #11 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location11 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #10" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #10 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location10 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #5" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #5 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location5 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #12" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #12 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location12 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #7" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #7 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location7 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #20" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #20 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location20 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #9" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #9 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location9 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Email message for 'Send To' commands" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Miscellaneous\Email message for 'Send To' commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use sequence checking" Publisher setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Complex scripts\Use sequence checking HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default Publisher direction" Publisher setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Complex scripts\Default Publisher direction HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use type and replace" Publisher setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Complex scripts\Use type and replace HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking for blank table rows and columns" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking for blank table rows and columns HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking for table header accessibility information" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking for table header accessibility information HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking for alt text accessibility information" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking for alt text accessibility information HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking for tables used for layout" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking for tables used for layout HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking for merged and split cells" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking for merged and split cells HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking to ensure hyperlink text is meaningful" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking to ensure hyperlink text is meaningful HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking for image watermarks" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking for image watermarks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking to ensure styles have been used frequently" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking to ensure styles have been used frequently HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking to ensure documents allow programmatic access" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking to ensure documents allow programmatic access HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking to ensure long documents use styles for structure" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking to ensure long documents use styles for structure HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking whether objects are floating" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking whether objects are floating HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking whether blank characters are used for formatting" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking whether blank characters are used for formatting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking to ensure heading styles do not skip style level" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking to ensure heading styles do not skip style level HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking to ensure headings are succinct" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking to ensure headings are succinct HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off automatic search index reconciliation" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Search Options\Turn off automatic search index reconciliation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\search Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not display search results as the user types" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Search Options\Do not display search results as the user types HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\search Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not include the Online Archive in All Mail Item search" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Search Options\Do not include the Online Archive in All Mail Item search HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\search Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Change color used to highlight search matches" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Search Options\Change color used to highlight search matches HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\search Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Expand scope of searches" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Search Options\Expand scope of searches HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\search Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not display hit highlights in search results" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Search Options\Do not display hit highlights in search results HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\search Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent clear signed message and attachment indexing" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Search Options\Prevent clear signed message and attachment indexing HKEY_CURRENT_USER\software\policies\microsoft\windows\windows search\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent installation prompts when Windows Desktop Search component is not present" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Search Options\Prevent installation prompts when Windows Desktop Search component is not present HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\search Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open e-mail attachments in Full Screen Reading view" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\General\Open e-mail attachments in Full Screen Reading view HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show Mini Toolbar on selection" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\General\Show Mini Toolbar on selection HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars\word Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable Live Preview" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\General\Enable Live Preview HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify CNG random number generator algorithm" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Security\Cryptography\Specify CNG random number generator algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify CNG salt length" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Security\Cryptography\Specify CNG salt length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set CNG cipher key length" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Security\Cryptography\Set CNG cipher key length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set parameters for CNG context" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Security\Cryptography\Set parameters for CNG context HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify CNG hash algorithm" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Security\Cryptography\Specify CNG hash algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure CNG cipher chaining mode" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Security\Cryptography\Configure CNG cipher chaining mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set CNG password spin count" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Security\Cryptography\Set CNG password spin count HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set CNG cipher algorithm" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Security\Cryptography\Set CNG cipher algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Always create backup copy" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Always create backup copy HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show measurements in units of" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show measurements in units of HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prompt to update style" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Prompt to update style HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Print on front of the sheet for duplex printing" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Print on front of the sheet for duplex printing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprsu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Month names" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Month names HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Confirm file format conversion on open" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Confirm file format conversion on open HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Cursor movement" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Cursor movement HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show control characters" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show control characters HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use draft font in Draft and Outline views" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Use draft font in Draft and Outline views HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Print pages in reverse order" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Print pages in reverse order HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprsu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable click and type" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Enable click and type HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "When selecting, automatically select entire word" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\When selecting, automatically select entire word HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Add control characters in Cut and Copy" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Add control characters in Cut and Copy HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "English Word 6.0/95 documents" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\English Word 6.0/95 documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Add Bi-Directional Marks when saving Text files" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Add Bi-Directional Marks when saving Text files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Left scroll bar" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Left scroll bar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatically create drawing canvas when inserting AutoShapes" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Automatically create drawing canvas when inserting AutoShapes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Number of documents in the Recent Documents list" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Number of documents in the Recent Documents list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\file mru Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show vertical scroll bar" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show vertical scroll bar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Numeral" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Numeral HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use CTRL + Click to follow hyperlink" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Use CTRL + Click to follow hyperlink HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Print in background" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Print in background HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show vertical ruler in Print Layout view" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show vertical ruler in Print Layout view HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow text to be dragged and dropped" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Allow text to be dragged and dropped HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set number of places in the Recent Places list" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Set number of places in the Recent Places list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\place mru Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Typing replaces selected text" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Typing replaces selected text HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Type and replace" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Type and replace HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show horizontal scroll bar" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show horizontal scroll bar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Auto-Keyboard switching" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Auto-Keyboard switching HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "IME Control Active" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\IME Control Active HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Mark formatting inconsistencies" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Mark formatting inconsistencies HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing tools Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Add double quote for Hebrew alphabet numbering" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Add double quote for Hebrew alphabet numbering HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Asian fonts also apply to Latin text" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Asian fonts also apply to Latin text HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show field codes instead of their values" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show field codes instead of their values HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show pixels for HTML features" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show pixels for HTML features HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use this color for diacritics" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Use this color for diacritics HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use smart paragraph selection" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Use smart paragraph selection HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show picture placeholders" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show picture placeholders HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Keep track of formatting" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Keep track of formatting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow background saves" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Allow background saves HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Provide feedback with animation" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Provide feedback with animation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Update automatic links at Open" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Update automatic links at Open HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use draft quality" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Use draft quality HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprsu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show all windows in the Taskbar" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show all windows in the Taskbar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show text boundaries" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show text boundaries HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Style area pane width in Draft and Outline views" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Style area pane width in Draft and Outline views HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Diacritics" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Diacritics HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show measurements in width of characters" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show measurements in width of characters HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scale content for A4 or 8.5'' x 11'' paper sizes" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Scale content for A4 or 8.5'' x 11'' paper sizes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Document view" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Document view HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Cursor visual selection" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Cursor visual selection HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Copy remotely stored files onto your computer, and update the remote file when saving" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Copy remotely stored files onto your computer, and update the remote file when saving HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "IME TrueInLine" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\IME TrueInLine HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show text wrapped within the document window" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show text wrapped within the document window HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Field shading" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Field shading HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow accented uppercase in French" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Allow accented uppercase in French HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show text animation" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show text animation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show drawings and text boxes on screen" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show drawings and text boxes on screen HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Print on back of the sheet for duplex printing" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Print on back of the sheet for duplex printing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprsu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prompt before saving Normal template" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Prompt before saving Normal template HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use the Insert key for paste" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Use the Insert key for paste HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show bookmarks" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show bookmarks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use sequence checking" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Use sequence checking HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable commands" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Disable Items in User Interface\Custom\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\disabledcmdbaritemslist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable shortcut keys" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Disable Items in User Interface\Custom\Disable shortcut keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\disabledshortcutkeyslist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable Customer Experience Improvement Program" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Privacy\Trust Center\Enable Customer Experience Improvement Program HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatically receive small updates to improve reliability" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Privacy\Trust Center\Automatically receive small updates to improve reliability HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Opt-in Wizard on first run" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Privacy\Trust Center\Disable Opt-in Wizard on first run HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Calculate all open projects" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for Microsoft Project\Calculate all open projects HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic Calculation" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for Microsoft Project\Automatic Calculation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Options" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Free/Busy Options\Options HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Internet Free/Busy Options" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Free/Busy Options\Internet Free/Busy Options HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar\internet free/busy Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable shortcut keys" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Disable Items in User Interface\Custom\Disable shortcut keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\disabledshortcutkeyslist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable command bar buttons and menu items" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Disable Items in User Interface\Custom\Disable command bar buttons and menu items HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\disabledcmdbaritemslist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Store deleted items in owner's mailbox instead of delegate's mailbox" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Delegates\Store deleted items in owner's mailbox instead of delegate's mailbox HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Check for new actions URL" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Tools | AutoCorrect Options... (Excel, PowerPoint and Access)\Additional Actions\Check for new actions URL HKEY_CURRENT_USER\software\policies\microsoft\office\common\smart tag Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable additional actions in Excel" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Tools | AutoCorrect Options... (Excel, PowerPoint and Access)\Additional Actions\Enable additional actions in Excel HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "More actions URL" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Tools | AutoCorrect Options... (Excel, PowerPoint and Access)\Additional Actions\More actions URL HKEY_CURRENT_USER\software\policies\microsoft\office\common\smart tag Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Graph gallery path" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Graph settings\Graph gallery path HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\graph\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable MS Graph as Default Chart Tool in PowerPoint and Word" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Graph settings\Enable MS Graph as Default Chart Tool in PowerPoint and Word HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\charting Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Chart Templates Server Location" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Graph settings\Chart Templates Server Location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general\charttemplates Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Translation direction" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Review Tab\Chinese Conversion | Convert with Options\Translation direction HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing tools\tcsc translator Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Convert common terms" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Review Tab\Chinese Conversion | Convert with Options\Convert common terms HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing tools\tcsc translator Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Taiwan, Hong Kong SAR and Macao SAR character variants" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Review Tab\Chinese Conversion | Convert with Options\Use Taiwan, Hong Kong SAR and Macao SAR character variants HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing tools\tcsc translator Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Local Project Cache Location" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Tools | Local Project Cache\Local Project Cache Location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Local Project Cache Size Limit in MB" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Tools | Local Project Cache\Local Project Cache Size Limit in MB HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Edit directly in cell" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Edit\Edit options for Microsoft Project\Edit directly in cell HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\edit Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow cell drag and drop" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Edit\Edit options for Microsoft Project\Allow cell drag and drop HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\edit Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Ask to update automatic links" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Edit\Edit options for Microsoft Project\Ask to update automatic links HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\edit Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Move selection after enter" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Edit\Edit options for Microsoft Project\Move selection after enter HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\edit Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set new tasks to be automatically scheduled" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Set new tasks to be automatically scheduled HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\scheduling Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Tasks can be made inactive" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Tasks can be made inactive HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\scheduling Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Autolink inserted or moved tasks" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Autolink inserted or moved tasks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\scheduling Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Update manually scheduled tasks when editing links" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Update manually scheduled tasks when editing links HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\scheduling Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "New tasks are effort driven" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\New tasks are effort driven HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\scheduling Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "New tasks" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\New tasks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\scheduling Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "New tasks have estimated durations" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\New tasks have estimated durations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\scheduling Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Tasks will always honor their constraint dates" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Tasks will always honor their constraint dates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\scheduling Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default task type" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Default task type HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\scheduling Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Keep tasks on nearest working day" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Keep tasks on nearest working day HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\scheduling Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show tasks schedule suggestions" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Show tasks schedule suggestions HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\scheduling Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Duration is entered in" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Duration is entered in HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\scheduling Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Work is entered in" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Work is entered in HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\scheduling Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set default start date for new tasks" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Set default start date for new tasks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\scheduling Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show that tasks have estimated durations" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Show that tasks have estimated durations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\scheduling Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show tasks schedule warnings" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Show tasks schedule warnings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\scheduling Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Split in-progress tasks" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Split in-progress tasks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\scheduling Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Function tooltips" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Function tooltips HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Number of documents in the Recent Workbooks list" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Number of documents in the Recent Workbooks list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\file mru Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Transition navigation keys" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Transition navigation keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Edit directly in cell" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Edit directly in cell HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Ask to update automatic links" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Ask to update automatic links HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Alternate startup file location" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Alternate startup file location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show Formula bar in Full View" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Show Formula bar in Full View HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Zoom on roll with IntelliMouse" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Zoom on roll with IntelliMouse HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Microsoft Excel menu or Help key" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Microsoft Excel menu or Help key HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show Insert Options buttons" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Show Insert Options buttons HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Alert before overwriting cells" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Alert before overwriting cells HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default sheet direction" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Default sheet direction HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show Formula bar in Normal View" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Show Formula bar in Normal View HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Provide feedback with Animation" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Provide feedback with Animation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show values" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Show values HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Move selection after Enter direction" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Move selection after Enter direction HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable automatic percent entry" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Enable automatic percent entry HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Extend data range formats and formulas" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Extend data range formats and formulas HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable AutoComplete for cell values" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Enable AutoComplete for cell values HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Cursor movement" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Cursor movement HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set number of places in the Recent Places list" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Set number of places in the Recent Places list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\place mru Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable fill handle and cell drag-and-drop" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Enable fill handle and cell drag-and-drop HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Ignore other applications" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Ignore other applications HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show names" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Show names HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Comments" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Comments HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show control characters" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Show control characters HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show Paste Options button when content is pasted" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Show Paste Options button when content is pasted HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Cut and copy objects with cells" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Cut and copy objects with cells HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatically insert a decimal point" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Automatically insert a decimal point HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Move selection after Enter" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Move selection after Enter HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set maximum web service default timeout" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Web Service\Set maximum web service default timeout HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\limits\wcf\timeout Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set maximum web service return size limit" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Web Service\Set maximum web service return size limit HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\limits\wcf\size Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set web service default timeout" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Web Service\Set web service default timeout HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\limits\wcf\timeout Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set web service default return size limit" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Web Service\Set web service default return size limit HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\limits\wcf\size Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Require SuiteB algorithms for S/MIME operations" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Require SuiteB algorithms for S/MIME operations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Fortezza certificate policies" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Fortezza certificate policies HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not display 'Publish to GAL' button" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Do not display 'Publish to GAL' button HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Sign all e-mail messages" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Sign all e-mail messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Minimum encryption settings" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Minimum encryption settings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable Cryptography Icons" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Enable Cryptography Icons HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replies or forwards to signed/encrypted messages are signed/encrypted" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Replies or forwards to signed/encrypted messages are signed/encrypted HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Always use TNEF formatting in S/MIME messages" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Always use TNEF formatting in S/MIME messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Required Certificate Authority" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Required Certificate Authority HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "S/MIME interoperability with external clients:" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\S/MIME interoperability with external clients: HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not provide Continue option on Encryption warning dialog boxes" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Do not provide Continue option on Encryption warning dialog boxes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Encrypt all e-mail messages" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Encrypt all e-mail messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Send all signed messages as clear signed messages" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Send all signed messages as clear signed messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Request an S/MIME receipt for all S/MIME signed messages" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Request an S/MIME receipt for all S/MIME signed messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "S/MIME receipt requests behavior" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\S/MIME receipt requests behavior HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not check e-mail address against address of certificates being used" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Do not check e-mail address against address of certificates being used HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Ensure all S/MIME signed messages have a label" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Ensure all S/MIME signed messages have a label HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Signature Warning" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Signature Warning HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run in FIPS compliant mode" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Run in FIPS compliant mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "URL for S/MIME certificates" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\URL for S/MIME certificates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Message when Outlook cannot find the digital ID to decode a message" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Message when Outlook cannot find the digital ID to decode a message HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Message Formats" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Message Formats HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run Programs" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Run Programs HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Unblock automatic download of linked images" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Unblock automatic download of linked images HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scan encrypted macros in PowerPoint Open XML presentations" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Scan encrypted macros in PowerPoint Open XML presentations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Make hidden markup visible" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Make hidden markup visible HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off file validation" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Turn off file validation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\filevalidation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "List of error messages to customize" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Customizable Error Messages\List of error messages to customize HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\customizablealerts Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Save new Web pages as Web archives" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Web Archives\Save new Web pages as Web archives HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Web Archives to be saved in any HTML encoding" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Web Archives\Allow Web Archives to be saved in any HTML encoding HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default format for 'Publish'" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Web Archives\Default format for 'Publish' HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "PowerPoint: web page format compatibility" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Web Archives\PowerPoint: web page format compatibility HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "PowerPoint: Save an additional version of the presentation for older browsers" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Web Archives\PowerPoint: Save an additional version of the presentation for older browsers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Save multiple credentials for basic authentication" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\E-mail\Save multiple credentials for basic authentication HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify Offline Address Book path" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\E-mail\Specify Offline Address Book path HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached mode Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent saving credentials for Basic Authentication policy" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\E-mail\Prevent saving credentials for Basic Authentication policy HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Excel 2007 and later macro-enabled workbooks and templates" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 2007 and later macro-enabled workbooks and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Excel 2 worksheets" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 2 worksheets HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "OpenDocument Spreadsheet files" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\OpenDocument Spreadsheet files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Excel 3 macrosheets and add-in files" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 3 macrosheets and add-in files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Microsoft Office data connection files" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Microsoft Office data connection files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web pages and Excel 2003 XML spreadsheets" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Web pages and Excel 2003 XML spreadsheets HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Excel 95-97 workbooks and templates" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 95-97 workbooks and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set default file block behavior" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Set default file block behavior HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "dBase III / IV files" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\dBase III / IV files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Excel 2007 and later binary workbooks" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 2007 and later binary workbooks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Excel 97-2003 add-in files" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 97-2003 add-in files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Other data source files" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Other data source files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Offline cube files" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Offline cube files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Excel add-in files" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel add-in files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Microsoft Office query files" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Microsoft Office query files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Legacy converters for Excel" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Legacy converters for Excel HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Excel 95 workbooks" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 95 workbooks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Microsoft Office Open XML converters for Excel" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Microsoft Office Open XML converters for Excel HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Excel 2007 and later add-in files" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 2007 and later add-in files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Excel 4 worksheets" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 4 worksheets HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Text files" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Text files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "XML files" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\XML files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Excel 4 macrosheets and add-in files" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 4 macrosheets and add-in files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Excel 2007 and later workbooks and templates" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 2007 and later workbooks and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Excel 4 workbooks" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 4 workbooks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Excel 97-2003 workbooks and templates" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 97-2003 workbooks and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Excel 2 macrosheets and add-in files" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 2 macrosheets and add-in files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Dif and Sylk files" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Dif and Sylk files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Excel 3 worksheets" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 3 worksheets HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow mix of policy and user locations" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Allow mix of policy and user locations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable connector splitting" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Editing Options\Enable connector splitting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off smart delete behavior of connectors when deleting shapes" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Editing Options\Turn off smart delete behavior of connectors when deleting shapes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable AutoConnect" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Editing Options\Enable AutoConnect HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off ShapeSheet Formula AutoComplete" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Editing Options\Turn off ShapeSheet Formula AutoComplete HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off transitions" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Editing Options\Turn off transitions HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable live dynamics" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Editing Options\Enable live dynamics HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Center selection on zoom" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Editing Options\Center selection on zoom HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Zoom on roll with IntelliMouse" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Editing Options\Zoom on roll with IntelliMouse HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show more handles on hover" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Editing Options\Show more handles on hover HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Select shapes partially within area" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Editing Options\Select shapes partially within area HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Save Microsoft Project files as" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Save\Save Microsoft Project files as HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\save Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatically add new resources and tasks" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\General\General options for 'Project1'\Automatically add new resources and tasks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default overtime rate" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\General\General options for 'Project1'\Default overtime rate HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default standard rate" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\General\General options for 'Project1'\Default standard rate HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off file synchronization via SOAP over HTTP" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Miscellaneous\Server Settings\Turn off file synchronization via SOAP over HTTP HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "List of error messages to customize" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Customizable Error Messages\List of error messages to customize HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\customizablealerts Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Message handling" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Message handling HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not use Conversation arrangement in Views" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Do not use Conversation arrangement in Views HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\setup Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure Cross Folder Content in conversation view" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Configure Cross Folder Content in conversation view HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\conversations Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Read e-mail as plain text" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Read e-mail as plain text HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "On replies and forwards" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\On replies and forwards HKEY_CURRENT_USER\software\policies\microsoft\office\common\mailsettings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not allow attachment previewing in Outlook" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Do not allow attachment previewing in Outlook HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Change CTRL+ENTER shortcut behavior" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Change CTRL+ENTER shortcut behavior HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Read signed e-mail as plain text" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Read signed e-mail as plain text HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set message format" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Mail Format\Internet Formatting\Message Format\Set message format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable commands under File tab | Help" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Disable Items in User Interface\Disable commands under File tab | Help HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\disabledcmdbaritemscheckboxes Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure Outlook object model prompt when executing Save As" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when executing Save As HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure Outlook object model prompt when responding to meeting and task requests" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when responding to meeting and task requests HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure Outlook object model prompt When accessing the Formula property of a UserProperty object" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt When accessing the Formula property of a UserProperty object HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure Outlook object model prompt when sending mail" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when sending mail HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure Outlook object model prompt when reading address information" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when reading address information HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure Outlook object model prompt when accessing an address book" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when accessing an address book HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable built-in graphics" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office SmartArt\Disable built-in graphics HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\smartart graphics Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Log File Entries Number" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office SmartArt\Log File Entries Number HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\smartart graphics Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Built-in Quick Styles" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office SmartArt\Disable Built-in Quick Styles HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\smartart graphics Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Log File Maximum Size" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office SmartArt\Log File Maximum Size HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\smartart graphics Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable built-in color variations" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office SmartArt\Disable built-in color variations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\smartart graphics Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Error Severity Level" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office SmartArt\Error Severity Level HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\smartart graphics Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure CNG cipher chaining mode" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Cryptography\Configure CNG cipher chaining mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set CNG cipher key length" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Cryptography\Set CNG cipher key length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set CNG password spin count" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Cryptography\Set CNG password spin count HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify CNG salt length" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Cryptography\Specify CNG salt length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify encryption compatibility" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Cryptography\Specify encryption compatibility HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify CNG hash algorithm" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Cryptography\Specify CNG hash algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set CNG cipher algorithm" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Cryptography\Set CNG cipher algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use new key on password change" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Cryptography\Use new key on password change HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set parameters for CNG context" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Cryptography\Set parameters for CNG context HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify CNG random number generator algorithm" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Cryptography\Specify CNG random number generator algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Save Messages" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Advanced E-mail Options\Save Messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "When sending a message" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Advanced E-mail Options\When sending a message HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "More save messages" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Advanced E-mail Options\More save messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "When new items arrive" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Advanced E-mail Options\When new items arrive HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not allow e-mail postmark functionality" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Advanced E-mail Options\Do not allow e-mail postmark functionality HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Most Recently Used Template List Length" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Most Recently Used Template List Length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show Paste Options button when content is pasted" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Show Paste Options button when content is pasted HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Clipboard Toolbar triggers" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Disable Clipboard Toolbar triggers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Print ticket safe mode" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Print ticket safe mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set ScreenTip Language download location" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Set ScreenTip Language download location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\uicaptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disallow Convert Document (Excel, PowerPoint, Word)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Disallow Convert Document (Excel, PowerPoint, Word) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable web view in the Office file dialog boxes" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Disable web view in the Office file dialog boxes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\filedialogwebviewsettings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable Workflows on My Site" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Enable Workflows on My Site HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\home Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Increase the visibility of Accessibility Checker violations" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Increase the visibility of Accessibility Checker violations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show Screen Tips" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Show Screen Tips HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not validate printers before using them" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Do not validate printers before using them HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Control Blogging" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Control Blogging HKEY_CURRENT_USER\software\policies\microsoft\office\common\blog Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Graphic filter legacy mode" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Graphic filter legacy mode HKEY_CURRENT_USER\software\policies\microsoft\shared tools\graphics filters Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not allow Save to Web integration" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Do not allow Save to Web integration HKEY_CURRENT_USER\software\policies\microsoft\office\common\webintegration Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Home Workflow Library" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Home Workflow Library HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\home Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not use hardware graphics acceleration" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Do not use hardware graphics acceleration HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\gfx Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable Smart Resume" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Enable Smart Resume HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\restore workspace Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Change destination URL for SharePoint hyperlink" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Change destination URL for SharePoint hyperlink HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\sharepointintegration Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable hyperlinks to web templates in File | New and task panes" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Disable hyperlinks to web templates in File | New and task panes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hide the Learn more about SharePoint Hyperlink" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Hide the Learn more about SharePoint Hyperlink HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\sharepointintegration Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Microsoft Office shared drawing code for blip caching" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Disable Microsoft Office shared drawing code for blip caching HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\gelprefs Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not emulate tabs with spaces when exporting HTML" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Do not emulate tabs with spaces when exporting HTML HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Change label of Save to SharePoint" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Change label of Save to SharePoint HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\sharepointintegration Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not display paths in alerts" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Do not display paths in alerts HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Provide feedback with sound" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Provide feedback with sound HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not track document editing time" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Do not track document editing time HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not upload media files" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Do not upload media files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Microsoft Office shared drawing code for metafile rendering" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Disable Microsoft Office shared drawing code for metafile rendering HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\gelprefs Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent access to Web-based file storage" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Prevent access to Web-based file storage HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\webservices Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Undo Levels" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\General\Undo Levels HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #13" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #13 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location13 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #5" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #5 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location5 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Trusted Locations on the network" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Allow Trusted Locations on the network HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #20" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #20 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location20 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable all trusted locations" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Disable all trusted locations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #19" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #19 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location19 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #3" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #3 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #16" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #16 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location16 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #7" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #7 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location7 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #4" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #4 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #18" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #18 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location18 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #11" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #11 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location11 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #2" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #10" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #10 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location10 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #12" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #12 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location12 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #15" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #15 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location15 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #6" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #6 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location6 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #8" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #8 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location8 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #17" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #17 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location17 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #1" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #9" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #9 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location9 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #14" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #14 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location14 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Security Level" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Security\Tools | Macro\Security Level HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify CNG hash algorithm" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Cryptography\Specify CNG hash algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify encryption compatibility" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Cryptography\Specify encryption compatibility HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set CNG cipher algorithm" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Cryptography\Set CNG cipher algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify CNG salt length" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Cryptography\Specify CNG salt length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set CNG cipher key length" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Cryptography\Set CNG cipher key length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set CNG password spin count" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Cryptography\Set CNG password spin count HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set parameters for CNG context" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Cryptography\Set parameters for CNG context HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify CNG random number generator algorithm" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Cryptography\Specify CNG random number generator algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure CNG cipher chaining mode" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Cryptography\Configure CNG cipher chaining mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\crypto Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable commands" Publisher setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Publisher 2010\Disable Items in User Interface\Predefined\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\disabledcmdbaritemscheckboxes Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Overwrite or Append Junk Mail Import List" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Junk E-mail\Overwrite or Append Junk Mail Import List HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify path to Safe Recipients list" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Junk E-mail\Specify path to Safe Recipients list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hide Junk Mail UI" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Junk E-mail\Hide Junk Mail UI HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify path to Blocked Senders list" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Junk E-mail\Specify path to Blocked Senders list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify path to Safe Senders list" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Junk E-mail\Specify path to Safe Senders list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Add e-mail recipients to users' Safe Senders Lists" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Junk E-mail\Add e-mail recipients to users' Safe Senders Lists HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Junk E-mail protection level" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Junk E-mail\Junk E-mail protection level HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Permanently delete Junk E-mail" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Junk E-mail\Permanently delete Junk E-mail HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hide warnings about suspicious domain names in e-mail addresses" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Junk E-mail\Hide warnings about suspicious domain names in e-mail addresses HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust e-mail from contacts" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Junk E-mail\Trust e-mail from contacts HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Max number of documents being reviewed using 'send for review'" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Max number of documents being reviewed using 'send for review' HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycle\docslots Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Outlook: Ad hoc reviewing" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Outlook: Ad hoc reviewing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prompt for sending reviewed document to author" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Prompt for sending reviewed document to author HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default subject for a review request" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default subject for a review request HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycle Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt users to share Excel workbooks when sending for review" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Do not prompt users to share Excel workbooks when sending for review HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Max number of documents being reviewed using ad hoc review" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Max number of documents being reviewed using ad hoc review HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycle\adhoc\docslots Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Outlook: 'send for review'" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Outlook: 'send for review' HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hide spelling errors" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Spelling & Grammar\Hide spelling errors HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\proofing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default or specific encoding" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Encoding\Default or specific encoding HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default file format" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Save\Default file format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set default compatibility mode on file creation" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Save\Set default compatibility mode on file creation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Save As Open XML in Compatibility Mode" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Save\Save As Open XML in Compatibility Mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not display file format compatibility dialog box for OpenDocument text format" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Save\Do not display file format compatibility dialog box for OpenDocument text format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Keep the last AutoSaved versions of files for the next session" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Save\Keep the last AutoSaved versions of files for the next session HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Save AutoRecover info" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Save\Save AutoRecover info HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Maximum number of recipients in an Outlook item to scan to determine the user's colleagues for recommendation" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\SharePoint Server\Maximum number of recipients in an Outlook item to scan to determine the user's colleagues for recommendation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal\colleagueimport Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Maximum number of items to scan from today to determine the user's colleagues for recommendation" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\SharePoint Server\Maximum number of items to scan from today to determine the user's colleagues for recommendation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal\colleagueimport Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Minimum time to wait before rescanning the Outlook mailbox for new colleague recommendations" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\SharePoint Server\Minimum time to wait before rescanning the Outlook mailbox for new colleague recommendations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal\colleagueimport Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable Colleague Import Outlook Add-in to work with Microsoft SharePoint Server" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\SharePoint Server\Enable Colleague Import Outlook Add-in to work with Microsoft SharePoint Server HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal\colleagueimport Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Maximum number of days to scan from today to determine the user's colleagues for recommendation" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\SharePoint Server\Maximum number of days to scan from today to determine the user's colleagues for recommendation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal\colleagueimport Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Maximum number of rows fetched per request while populating a lookup in the SharePoint list control" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\SharePoint Server\Maximum number of rows fetched per request while populating a lookup in the SharePoint list control HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\list\settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Minimum time before starting Colleague recommendation scan" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\SharePoint Server\Minimum time before starting Colleague recommendation scan HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal\colleagueimport Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Closing style to letter closings" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Apply as you type\Closing style to letter closings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Tables" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Apply as you type\Tables HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Border lines" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Apply as you type\Border lines HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic numbered lists" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Apply as you type\Automatic numbered lists HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Date style" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Apply as you type\Date style HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatic bulleted lists" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Apply as you type\Automatic bulleted lists HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Headings" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Apply as you type\Headings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default end time" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calendar\Default end time HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default start time" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calendar\Default start time HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Days per month" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calendar\Days per month HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Week starts on" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calendar\Week starts on HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Fiscal year starts in" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calendar\Fiscal year starts in HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hours per day" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calendar\Hours per day HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hours per week" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calendar\Hours per week HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use starting year for FY numbering" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calendar\Use starting year for FY numbering HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Data Execution Prevention" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Security\Trust Center\Turn off Data Execution Prevention HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set document synchronization timeout" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Co-authoring\Set document synchronization timeout HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable commands" SharePoint Designer setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft SharePoint Designer 2010\Disable Items in User Interface\Custom\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\sharepoint designer\disabledcmdbaritemslist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Baseline for Earned Value calculations" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Earned Value options for Project1\Baseline for Earned Value calculations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default task Earned Value method" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Earned Value options for Project1\Default task Earned Value method HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Rewind from start of paragraph by the following number of seconds" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Audio and Video\Rewind from start of paragraph by the following number of seconds HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\audio Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify number of channels to record" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Audio and Video\Specify number of channels to record HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\audio Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Choose default codec to be used for Video notebook" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Audio and Video\Choose default codec to be used for Video notebook HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\audio Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable audio search" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Audio and Video\Disable audio search HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\other Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify rate to sample audio (bits/second)" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Audio and Video\Specify rate to sample audio (bits/second) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\audio Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Linked Audio feature" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Audio and Video\Disable Linked Audio feature HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\audio Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify number of bits to sample when recording" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Audio and Video\Specify number of bits to sample when recording HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\audio Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on purge when switching folders" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\IMAP\Turn on purge when switching folders HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set signature verification level" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Set signature verification level HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signatures Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable All ActiveX" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Disable All ActiveX HKEY_CURRENT_USER\software\policies\microsoft\office\common\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not include XAdES reference object in the manifest" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Do not include XAdES reference object in the manifest HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signatures Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure time stamping hashing algorithm" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Configure time stamping hashing algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signatures Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Select digital signature hashing algorithm" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Select digital signature hashing algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signatures Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "ActiveX Control Initialization" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\ActiveX Control Initialization HKEY_CURRENT_USER\software\policies\microsoft\office\common\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Encryption type for password protected Office Open XML files" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Encryption type for password protected Office Open XML files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Protect document metadata for rights managed Office Open XML Files" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Protect document metadata for rights managed Office Open XML Files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Check the XAdES portions of a digital signature" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Check the XAdES portions of a digital signature HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signatures Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable password to open UI" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Disable password to open UI HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Require OCSP at signature generation time" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Require OCSP at signature generation time HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signatures Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set timestamp server timeout" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Set timestamp server timeout HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signatures Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set minimum password length" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Set minimum password length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\passwordcomplexity Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Protect document metadata for password protected files" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Protect document metadata for password protected files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Check Excel RTD servers" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Check Excel RTD servers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\com categories Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Check OWC data source providers" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Check OWC data source providers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\com categories Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Requested XAdES level for signature generation" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Requested XAdES level for signature generation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signatures Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set password hash format as ISO-compliant" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Set password hash format as ISO-compliant HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automation Security" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Automation Security HKEY_CURRENT_USER\software\policies\microsoft\office\common\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Word and Excel from loading managed code extensions" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Prevent Word and Excel from loading managed code extensions HKEY_CURRENT_USER\software\policies\microsoft\office\common\smart tag Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set password rules domain timeout" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Set password rules domain timeout HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\passwordcomplexity Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable all Trust Bar notifications for security issues" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Disable all Trust Bar notifications for security issues HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\trustcenter Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable VBA for Office applications" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Disable VBA for Office applications HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Encrypt document properties" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Encrypt document properties HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set password rules level" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Set password rules level HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\passwordcomplexity Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Load Controls in Forms3" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Load Controls in Forms3 HKEY_CURRENT_USER\software\policies\microsoft\vba\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Encryption type for password protected Office 97-2003 files" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Encryption type for password protected Office 97-2003 files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Check ActiveX objects" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Check ActiveX objects HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\com categories Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Check OLE objects" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Check OLE objects HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\com categories Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not allow expired certificates when validating signatures" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Do not allow expired certificates when validating signatures HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signatures Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Protected View for attachments received from internal senders" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Use Protected View for attachments received from internal senders HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prompt user to choose security settings if default settings fail" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Prompt user to choose security settings if default settings fail HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure Add-In Trust Level" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Configure Add-In Trust Level HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Active X One Off Forms" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Allow Active X One Off Forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not automatically sign replies" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Do not automatically sign replies HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable 'Remember password' for Internet e-mail accounts" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Disable 'Remember password' for Internet e-mail accounts HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent users from customizing attachment security settings" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Prevent users from customizing attachment security settings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Trust Bar Notification for unsigned application add-ins and block them" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins and block them HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #14" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #14 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location14 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Trusted Locations on the network" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Allow Trusted Locations on the network HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set maximum number of trust records to preserve" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Set maximum number of trust records to preserve HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted documents Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable all application add-ins" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Disable all application add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #17" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #17 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location17 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #4" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #4 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #13" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #13 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location13 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "VBA Macro Notification Settings" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\VBA Macro Notification Settings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #15" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #15 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location15 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set maximum number of trusted documents" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Set maximum number of trusted documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted documents Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #9" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #9 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location9 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #10" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #10 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location10 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #11" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #11 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location11 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #19" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #19 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location19 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #18" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #18 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location18 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #6" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #6 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location6 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable all trusted locations" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Disable all trusted locations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #1" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #3" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #3 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #5" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #5 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location5 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off trusted documents" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Turn off trusted documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted documents Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #16" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #16 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location16 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Trusted Documents on the network" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Turn off Trusted Documents on the network HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted documents Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #12" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #12 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location12 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #7" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #7 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location7 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Data Execution Prevention" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Turn off Data Execution Prevention HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #8" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #8 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location8 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Require that application add-ins are signed by Trusted Publisher" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #20" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #20 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location20 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #2" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Load Microsoft Visual Basic for Applications projects from text" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Macro Security\Load Microsoft Visual Basic for Applications projects from text HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable Microsoft Visual Basic for Applications project creation" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Macro Security\Enable Microsoft Visual Basic for Applications project creation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not show Mini Toolbar on selection of text" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\General\User Interface Options\Do not show Mini Toolbar on selection of text HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Live Preview in the Shapes window" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\General\User Interface Options\Turn off Live Preview in the Shapes window HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Live Preview" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\General\User Interface Options\Turn off Live Preview HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Number of backup copies to keep" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Backup\Number of backup copies to keep HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\save Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatically back up my notebook..." OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Backup\Automatically back up my notebook... HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\save Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Move start of remaining parts before status date forward to status date" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Move start of remaining parts before status date forward to status date HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Edits to total actual cost will be spread to the status date" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Edits to total actual cost will be spread to the status date HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "And move end of completed parts forward to status date" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\And move end of completed parts forward to status date HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default fixed costs accrual" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Default fixed costs accrual HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Calculate multiple critical paths" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Calculate multiple critical paths HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Edits to total task % complete will be spread to the status date" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Edits to total task % complete will be spread to the status date HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Move end of completed parts after status date back to status date" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Move end of completed parts after status date back to status date HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Tasks are critical if slack is less than or equal to" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Tasks are critical if slack is less than or equal to HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Updating task status updates resource status" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Updating task status updates resource status HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "And move start of remaining parts back to status date" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\And move start of remaining parts back to status date HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Actual costs are always calculated by Microsoft Project" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Actual costs are always calculated by Microsoft Project HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Inserted projects are calculated like summary tasks" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Inserted projects are calculated like summary tasks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Previous-version file formats" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Security\Previous-version file formats HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Ink Entry" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Ink\Ink Entry HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\editorcommon Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display a shaded ink guide for handwriting" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Ink\Display a shaded ink guide for handwriting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\editorcommon Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display a warning dialog box that user is entering text in Ink entry mode" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Ink\Display a warning dialog box that user is entering text in Ink entry mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\editorcommon Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enter milliseconds before recognizing handwriting" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Ink\Enter milliseconds before recognizing handwriting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\editorcommon Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display Developer tab in the Ribbon" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Customize Ribbon\Display Developer tab in the Ribbon HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not automatically merge server and local document" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Collaboration Settings\Co-authoring\Do not automatically merge server and local document HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\coauthoring Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent co-authoring" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Collaboration Settings\Co-authoring\Prevent co-authoring HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\coauthoring Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Match hyu/iyu, byu/vyu" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match hyu/iyu, byu/vyu HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuz Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Match 'repeat character' marks" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match 'repeat character' marks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuz Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Match ki/ku (tekisuto/tekusuto)" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match ki/ku (tekisuto/tekusuto) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuz Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Match full/half width form" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match full/half width form HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuz Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Ignore whitespace characters" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Ignore whitespace characters HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuz Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Match cho-on used for vowels" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match cho-on used for vowels HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuz Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Match tsi/thi/chi, dhi/zi" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match tsi/thi/chi, dhi/zi HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuz Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Match se/she, ze/je" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match se/she, ze/je HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuz Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Match ba/va, ha/fa" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match ba/va, ha/fa HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuz Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Match variant-form kanji (itaiji)" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match variant-form kanji (itaiji) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuz Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Ignore punctuation characters" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Ignore punctuation characters HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuz Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Match old kana forms" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match old kana forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuz Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Match contractions (yo-on, sokuon)" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match contractions (yo-on, sokuon) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuz Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Match di/zi, du/zu" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match di/zi, du/zu HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuz Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Match case" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match case HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuz Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Match ia/iya (piano/piyano)" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match ia/iya (piano/piyano) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuz Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Match hiragana/katakana" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match hiragana/katakana HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuz Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Match minus/dash/cho-on" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match minus/dash/cho-on HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuz Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display Developer tab in the Ribbon" Publisher setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Customize Ribbon\Display Developer tab in the Ribbon HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default database folder" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\General\Default database folder HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Number of documents in the Recent Documents list" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\General\Number of documents in the Recent Documents list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatically download attachments" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Internet Calendars\Automatically download attachments HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\webcal Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Override published sync interval" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Internet Calendars\Override published sync interval HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\webcal Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default Internet Calendar subscriptions" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Internet Calendars\Default Internet Calendar subscriptions HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\accounts Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable roaming of Internet Calendars" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Internet Calendars\Disable roaming of Internet Calendars HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\webcal Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not include Internet Calendar integration in Outlook" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Internet Calendars\Do not include Internet Calendar integration in Outlook HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\webcal Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Calendar Type" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\View\Calendar Type\Calendar Type HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\view Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Path to shared Workgroup information file for secured MDB files" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Tools | Security\Workgroup Administrator...\Path to shared Workgroup information file for secured MDB files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\access connectivity engine\engines Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display Developer tab in the Ribbon" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Customize Ribbon\Display Developer tab in the Ribbon HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable OneNote COM API" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Add-ins\Disable OneNote COM API HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable installed OneNote Add-ins" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Add-ins\Disable installed OneNote Add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default direction" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\International\Default direction HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Cursor movement" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\International\Cursor movement HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "General Alignment" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\International\General Alignment HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\settings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking for table header accessibility information" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\File Tab\Check Accessibility\Stop checking for table header accessibility information HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking for blank table rows and columns" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\File Tab\Check Accessibility\Stop checking for blank table rows and columns HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking to ensure each slide has a unique title" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\File Tab\Check Accessibility\Stop checking to ensure each slide has a unique title HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking for merged and split cells" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\File Tab\Check Accessibility\Stop checking for merged and split cells HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking for alt text accessibility information" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\File Tab\Check Accessibility\Stop checking for alt text accessibility information HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking to ensure hyperlink text is meaningful" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\File Tab\Check Accessibility\Stop checking to ensure hyperlink text is meaningful HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking to ensure a meaningful order of objects on slides" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\File Tab\Check Accessibility\Stop checking to ensure a meaningful order of objects on slides HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking for media files which might need captions" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\File Tab\Check Accessibility\Stop checking for media files which might need captions HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking to ensure presentations allow programmatic access" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\File Tab\Check Accessibility\Stop checking to ensure presentations allow programmatic access HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking that slide titles exist" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\File Tab\Check Accessibility\Stop checking that slide titles exist HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Publisher Automation Security Level" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Publisher 2010\Security\Publisher Automation Security Level HKEY_CURRENT_USER\software\policies\microsoft\office\common\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prompt to allow fatally corrupt files to open instead of blocking them" Publisher setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Publisher 2010\Security\Prompt to allow fatally corrupt files to open instead of blocking them HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not show ScreenTips on toolbars" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Do not show ScreenTips on toolbars HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Menu animations" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Menu animations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "List font names in their font" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\List font names in their font HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable UI extending from documents and templates" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Disable UI extending from documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars\publisher Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow roaming of all user customizations" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Allow roaming of all user customizations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show shortcut keys in ScreenTips" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Show shortcut keys in ScreenTips HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Large icons" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Large icons HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Resource Assigments" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Interface\Show indicators and Option butons for\Resource Assigments HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\interface Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Edits to work, units or duration" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Interface\Show indicators and Option butons for\Edits to work, units or duration HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\interface Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Edits to start and finish dates" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Interface\Show indicators and Option butons for\Edits to start and finish dates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\interface Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Deletions in the Name column" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Interface\Show indicators and Option butons for\Deletions in the Name column HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\interface Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable commands" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Disable Items in User Interface\Custom\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\disabledcmdbaritemslist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Token Activation dialog from closing" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Volume Activation\Prevent Token Activation dialog from closing HKEY_LOCAL_MACHINE\software\policies\microsoft\officesoftwareprotectionplatform Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use only Token Activation" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Volume Activation\Use only Token Activation HKEY_LOCAL_MACHINE\software\policies\microsoft\officesoftwareprotectionplatform Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use contextual spelling" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Proofing\Use contextual spelling HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing tools\1.0\office Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Check spelling as you type" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Proofing\Check spelling as you type HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable Automation events" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\General Options\Enable Automation events HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Put all settings in Windows registry" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\General Options\Put all settings in Windows registry HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open each ShapeSheet in the same window" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\General Options\Open each ShapeSheet in the same window HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\document Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Language for file conversion" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Save/Open\Language for file conversion HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show file open warnings" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Save/Open\Show file open warnings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show file save warnings" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Save/Open\Show file save warnings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not show social network info-bars" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Do not show social network info-bars HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnector Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Block network activity synchronization" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Block network activity synchronization HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnector Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set GAL contact synchronization interval" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Set GAL contact synchronization interval HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnector Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not download photos from Active Directory" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Do not download photos from Active Directory HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnector Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not allow on-demand activity synchronization" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Do not allow on-demand activity synchronization HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnector Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Block specific social network providers" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Block specific social network providers HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnector Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify activity feed synchronization interval" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Specify activity feed synchronization interval HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnector Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent social network connectivity" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Prevent social network connectivity HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnector Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Block social network contact synchronization" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Block social network contact synchronization HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnector Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify list of social network providers to load" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Specify list of social network providers to load HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnector Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Block Global Address List synchronization" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Block Global Address List synchronization HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnector Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Outlook Social Connector" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Turn off Outlook Social Connector HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnector Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "List of error messages to customize" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Customizable Error Messages\List of error messages to customize HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\customizablealerts Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Insert closing phrase to match Japanese salutation" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Automatically as you type\Insert closing phrase to match Japanese salutation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Auto space" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Automatically as you type\Auto space HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Insert closing phrase to match memo style" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Automatically as you type\Insert closing phrase to match memo style HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set left indent on tabs and backspace" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Automatically as you type\Set left indent on tabs and backspace HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Define styles based on your formatting" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Automatically as you type\Define styles based on your formatting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Format beginning of list item like the one before it" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Automatically as you type\Format beginning of list item like the one before it HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Match parentheses" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Automatically as you type\Match parentheses HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display Developer tab in the Ribbon" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Customize Ribbon\Display Developer tab in the Ribbon HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable task list" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Task Options\Disable task list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\todobar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not display the To-Do Bar" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Task Options\Do not display the To-Do Bar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\todobar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "To-Do Bar Date Navigators" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Task Options\To-Do Bar Date Navigators HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\todobar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not display Quick Contacts in the To-Do Bar" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Task Options\Do not display Quick Contacts in the To-Do Bar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\todobar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable shortcut keys" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Disable Items in User Interface\Custom\Disable shortcut keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\disabledshortcutkeyslist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable commands" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Disable Items in User Interface\Custom\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\disabledcmdbaritemslist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable features not supported by specified browsers" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Web Options...\Browser\Disable features not supported by specified browsers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Groove Server Manager Name" SharePoint Workspace setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft SharePoint Workspace 2010\Groove Server Manager\Groove Server Manager Name HKEY_CURRENT_USER\software\policies\microsoft\office\groove\manager Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Outlook Today availability" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Today Settings\Outlook Today availability HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\today Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "URL for custom Outlook Today" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Today Settings\URL for custom Outlook Today HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\today Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify delay before sending people search request" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Specify delay before sending people search request HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\im Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not show unread message count on Windows Welcome screen" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Do not show unread message count on Windows Welcome screen HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent users from making changes to Outlook profiles" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Prevent users from making changes to Outlook profiles HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\setup Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not expand Contact Groups" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Do not expand Contact Groups HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only show Auto Account Setup on first boot" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Only show Auto Account Setup on first boot HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatically show the Outlook Attachment pane when adding attachment" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Automatically show the Outlook Attachment pane when adding attachment HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\mailsettings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off fast people search" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Turn off fast people search HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\im Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off SharePoint Portal Server Colleague Import" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Turn off SharePoint Portal Server Colleague Import HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal\colleagueimport Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Add new categories" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Add new categories HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not display "Open this task" button for workflow tasks" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Do not display "Open this task" button for workflow tasks HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Extend Outlook Autosave to include encrypted e-mail messages" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Extend Outlook Autosave to include encrypted e-mail messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\mailsettings Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent users from adding e-mail account types" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Prevent users from adding e-mail account types HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable VLV Browsing on LDAP servers" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Disable VLV Browsing on LDAP servers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\ldap Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Windows event logging for Outlook add-ins" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Disable Windows event logging for Outlook add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\logging Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "PAB Migration" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\PAB Migration HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\setup Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not download rights permission license information for IRM e-mail during Exchange folder sync" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Do not download rights permission license information for IRM e-mail during Exchange folder sync HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\drm Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Managing Categories during e-mail exchanges" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Managing Categories during e-mail exchanges HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent MAPI services from being added" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Prevent MAPI services from being added HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default Doctype" SharePoint Designer setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft SharePoint Designer 2010\Default Authoring Options\Default Doctype HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\sharepoint designer\restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default New Page Type on SharePoint" SharePoint Designer setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft SharePoint Designer 2010\Default Authoring Options\Default New Page Type on SharePoint HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\sharepoint designer Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default CSS Schema" SharePoint Designer setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft SharePoint Designer 2010\Default Authoring Options\Default CSS Schema HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\sharepoint designer\restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default New Page Type" SharePoint Designer setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft SharePoint Designer 2010\Default Authoring Options\Default New Page Type HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\sharepoint designer Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default Secondary Schema" SharePoint Designer setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft SharePoint Designer 2010\Default Authoring Options\Default Secondary Schema HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\sharepoint designer\restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow attendees to propose new times for meetings you organize" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Allow attendees to propose new times for meetings you organize HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hide lucky days when using Rokuyou (Japanese) calendar" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Hide lucky days when using Rokuyou (Japanese) calendar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not regenerate meetings" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Do not regenerate meetings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show details of private appointments" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Show details of private appointments HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\todobar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Send Internet meeting requests using iCalendar format" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Send Internet meeting requests using iCalendar format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not display reminders on Calendar items by default" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Do not display reminders on Calendar items by default HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Secondary calendar settings" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Secondary calendar settings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Calendar item defaults" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Calendar item defaults HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Working hours" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Working hours HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not provide Click to Add feature in calendar" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Do not provide Click to Add feature in calendar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "First day of the week" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\First day of the week HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include appointments only within working hours" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Include appointments only within working hours HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\pubcal Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "First week of year" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\First week of year HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Work week" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Work week HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Control Calendar Sharing" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Control Calendar Sharing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use this response when you propose new meeting times" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Use this response when you propose new meeting times HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Calendar week numbers" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Calendar week numbers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hide Send Latest Version button" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Hide Send Latest Version button HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open Hyperlinks to documents in Windows Internet Explorer" machine PowerPoint setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft PowerPoint 2010 (Machine)\Miscellaneous\Open Hyperlinks to documents in Windows Internet Explorer HKEY_LOCAL_MACHINE\software\policies\classes\powerpoint.slideshowmacroenabled.12 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Frequency for polling the server to download published links" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\Frequency for polling the server to download published links HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the user from setting the Personal Site URL" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\Disable the user from setting the Personal Site URL HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Folder name for Published Links" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\Folder name for Published Links HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Length AD Attribute containing Personal Site URL" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\Length AD Attribute containing Personal Site URL HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file synchronization via SOAP over HTTP only on domain networks" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\Allow file synchronization via SOAP over HTTP only on domain networks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\fileio Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable the Office client from polling the SharePoint Server for published links" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\Disable the Office client from polling the SharePoint Server for published links HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "AD attribute containing Personal Site URL" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\AD attribute containing Personal Site URL HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Suppress file format compatibility dialog box for OpenDocument Spreadsheet format" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\Suppress file format compatibility dialog box for OpenDocument Spreadsheet format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "AutoRecover delay" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\AutoRecover delay HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default file location" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\Default file location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not show AutoRepublish warning alert" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\Do not show AutoRepublish warning alert HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "AutoRecover save location" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\AutoRecover save location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Save date and time values using ISO 8601 date format" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\Save date and time values using ISO 8601 date format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "AutoRecover time" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\AutoRecover time HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Keep the last AutoSaved versions of files for the next session" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\Keep the last AutoSaved versions of files for the next session HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Save AutoRecover info" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\Save AutoRecover info HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default file format" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\Default file format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prompt for workbook properties" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\Prompt for workbook properties HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable AutoRepublish" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\Disable AutoRepublish HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Correct accidental usage of cAPS LOCK key" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoCorrect\Correct accidental usage of cAPS LOCK key HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Correct TWo INitial CApitals" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoCorrect\Correct TWo INitial CApitals HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Capitalize names of days" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoCorrect\Capitalize names of days HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace text as you type" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoCorrect\Replace text as you type HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Capitalize first letter of sentence" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoCorrect\Capitalize first letter of sentence HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Correct keyboard setting" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoCorrect\Correct keyboard setting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Outlook Security Mode" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Outlook Security Mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking to ensure hyperlink text is meaningful" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\File tab\Check Accessibility\Stop checking to ensure hyperlink text is meaningful HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking for blank table rows used as formatting" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\File tab\Check Accessibility\Stop checking for blank table rows used as formatting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking for table header accessibility information" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\File tab\Check Accessibility\Stop checking for table header accessibility information HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking to ensure non-default sheet names" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\File tab\Check Accessibility\Stop checking to ensure non-default sheet names HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking for alt text accessibility information" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\File tab\Check Accessibility\Stop checking for alt text accessibility information HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking for merged cells" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\File tab\Check Accessibility\Stop checking for merged cells HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop checking to ensure workbooks allow programmatic access" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\File tab\Check Accessibility\Stop checking to ensure workbooks allow programmatic access HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\accchecker Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Select the default setting for how to file new contacts" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Contact Options\Select the default setting for how to file new contacts HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\contact Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show Contacts linking controls on all Forms" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Contact Options\Show Contacts linking controls on all Forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off contact export" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Contact Options\Turn off contact export HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Determine order of sources for photos" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Contact Options\Determine order of sources for photos HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Information Bar" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Information Bar HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_securityband Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Add-on Management" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Add-on Management HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_addon_management Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict ActiveX Install" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Restrict ActiveX Install HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstall Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Saved from URL" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Saved from URL HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheck Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable user name and password" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Disable user name and password HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disable Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Block popups" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Block popups HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagement Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Consistent Mime Handling" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Consistent Mime Handling HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_mime_handling Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Bind to object" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Bind to object HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobject Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Navigate URL" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Navigate URL HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_url Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Object Caching Protection" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Object Caching Protection HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_object_caching Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Protection From Zone Elevation" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Protection From Zone Elevation HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_zone_elevation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Mime Sniffing Safety Feature" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Mime Sniffing Safety Feature HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict File Download" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Restrict File Download HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownload Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scripted Window Security Restrictions" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Scripted Window Security Restrictions HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Local Machine Zone Lockdown Security" machine setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Local Machine Zone Lockdown Security HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdown Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace AD attribute - "home phone"" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace AD attribute - "home phone" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace Label - Location" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace Label - Location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace MAPI property - "office location"" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace MAPI property - "office location" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace MAPI property - "work phone"" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace MAPI property - "work phone" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace AD attribute - "location information"" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace AD attribute - "location information" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace AD attribute - "work phone"" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace AD attribute - "work phone" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace Label - Work" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace Label - Work HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Move Calendar Line" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Move Calendar Line HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace AD attribute - "mobile phone"" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace AD attribute - "mobile phone" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace AD attribute - "calendar free/busy information"" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace AD attribute - "calendar free/busy information" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace AD attribute - "title, department"" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace AD attribute - "title, department" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace Label - E-mail" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace Label - E-mail HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace AD attribute - "office location"" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace AD attribute - "office location" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace MAPI property - "mobile phone"" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace MAPI property - "mobile phone" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace MAPI property - "home phone"" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace MAPI property - "home phone" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace Label - Mobile" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace Label - Mobile HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace MAPI property - "location information"" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace MAPI property - "location information" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace MAPI property - "calendar free/busy information"" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace MAPI property - "calendar free/busy information" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace MAPI property - "e-mail address"" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace MAPI property - "e-mail address" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace Label - Office" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace Label - Office HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace Label - Title" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace Label - Title HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace AD attribute - "e-mail address"" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace AD attribute - "e-mail address" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace MAPI property - "title,department"" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace MAPI property - "title,department" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Move Location Line" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Move Location Line HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace Label - Home" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace Label - Home HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Replace Label - Calendar" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace Label - Calendar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable commands" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Disable Items in User Interface\Predefined\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\disabledcmdbaritemscheckboxes Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable shortcut keys" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Disable Items in User Interface\Predefined\Disable shortcut keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\disabledshortcutkeyscheckboxes Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hide built in table styles" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Disable Items in User Interface\Predefined\Hide built in table styles HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not open files in unsafe locations in Protected View" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Protected View\Do not open files in unsafe locations in Protected View HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\protectedview Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set document behavior if file validation fails" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Protected View\Set document behavior if file validation fails HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\filevalidation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not open files from the Internet zone in Protected View" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Protected View\Do not open files from the Internet zone in Protected View HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\protectedview Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Protected View for attachments opened from Outlook" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Protected View\Turn off Protected View for attachments opened from Outlook HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\protectedview Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open files on local Intranet UNC in Protected View" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Protected View\Open files on local Intranet UNC in Protected View HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\protectedview Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show Mini Toolbar on selection" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\General\Show Mini Toolbar on selection HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars\powerpoint Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable Live Preview" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\General\Enable Live Preview HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable shortcut keys" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Disable Items in User Interface\Predefined\Disable shortcut keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\disabledshortcutkeyscheckboxes Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable commands" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Disable Items in User Interface\Predefined\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\disabledcmdbaritemscheckboxes Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only containing an attachment" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a review request...\Only containing an attachment HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycle Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Only containing a link" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a review request...\Only containing a link HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycle Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable File Types association dialog box on first launch" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office Picture Manager\Disable File Types association dialog box on first launch HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ois Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow Trusted Locations on the network" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Allow Trusted Locations on the network HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #7" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #7 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location7 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #10" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #10 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location10 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #2" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #17" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #17 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location17 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #16" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #16 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location16 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #9" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #9 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location9 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #6" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #6 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location6 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #15" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #15 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location15 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #20" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #20 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location20 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #13" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #13 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location13 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #11" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #11 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location11 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #14" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #14 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location14 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #1" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #4" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #4 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #3" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #3 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #19" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #19 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location19 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #12" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #12 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location12 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #5" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #5 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location5 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #18" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #18 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location18 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #8" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #8 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location8 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable all trusted locations" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Disable all trusted locations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on an external converter as the default for a file extension" machine PowerPoint setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft PowerPoint 2010 (Machine)\Converters\Turn on an external converter as the default for a file extension HKEY_LOCAL_MACHINE\software\policies\microsoft\office\14.0\powerpoint\presentation converters\defaults Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable InfoPath e-mail forms in Outlook" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable InfoPath e-mail forms in Outlook HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable merging InfoPath e-mail forms" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable merging InfoPath e-mail forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\infopath Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable e-mail forms from the Full Trust security zone" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable e-mail forms from the Full Trust security zone HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable e-mail forms from the Intranet security zone" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable e-mail forms from the Intranet security zone HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable e-mail forms from the Internet security zone" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable e-mail forms from the Internet security zone HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable sending InfoPath 2003 Forms as e-mail forms" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable sending InfoPath 2003 Forms as e-mail forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable sending form template with e-mail forms" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable sending form template with e-mail forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\deployment Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable e-mail forms running in restricted security level" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable e-mail forms running in restricted security level HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable exporting InfoPath e-mail forms to Excel" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable exporting InfoPath e-mail forms to Excel HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\infopath Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable dynamic caching of the form template in InfoPath e-mail forms" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable dynamic caching of the form template in InfoPath e-mail forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\deployment Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable export InfoPath e-mail forms" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable export InfoPath e-mail forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\infopath Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Control behavior when opening InfoPath e-mail forms containing code or script" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Control behavior when opening InfoPath e-mail forms containing code or script HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable VBA for Office applications" machine common setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\Disable VBA for Office applications HKEY_LOCAL_MACHINE\software\policies\microsoft\office\14.0\common Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Graphics filter import" machine common setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\Graphics filter import HKEY_LOCAL_MACHINE\software\policies\microsoft\office\common\security\allowlists\graphicsfilterimport Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Password Caching" machine common setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\Disable Password Caching HKEY_LOCAL_MACHINE\software\policies\microsoft\office\14.0\common\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Package Repair" machine common setting should be configured correctly. enabled/disabled Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\Disable Package Repair HKEY_LOCAL_MACHINE\software\policies\microsoft\office\14.0\common\openxmlformat Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Approve Locations" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Restricted Browsing\Approve Locations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\restrictedbrowse Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Activate Restricted Browsing" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Restricted Browsing\Activate Restricted Browsing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\restrictedbrowse\optin Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Send and Track feature" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Tracking Options\Turn off Send and Track feature HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\flagging Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Options" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Tracking Options\Options HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set User path for the label page size update files" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Shared paths\Set User path for the label page size update files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Shared themes path" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Shared paths\Shared themes path HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set Workgroup path for label page size update files" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Shared paths\Set Workgroup path for label page size update files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Site 1:" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Shared Workspace\Define Shared Workspace URL's\Site 1: HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\sharepointtracking\name0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Search for:" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Shape Search\Search for: HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show Shape Search pane" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Shape Search\Show Shape Search pane HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open results new window" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Shape Search\Open results new window HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Search results" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Shape Search\Search results HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable shortcut keys" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Disable Items in User Interface\Custom\Disable shortcut keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\disabledshortcutkeyslist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable commands" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Disable Items in User Interface\Custom\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\disabledcmdbaritemslist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Delete files from Office Document Cache" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office Document Cache\Delete files from Office Document Cache HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\fileio Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Check-out to local disk" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office Document Cache\Check-out to local disk HKEY_CURRENT_USER\software\policies\microsoft\office\common\offline\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Office document cache location" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office Document Cache\Office document cache location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\fileio Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open documents from Office Document Cache first" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office Document Cache\Open documents from Office Document Cache first HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "SharePoint Workspace Account Configuration Code Required" SharePoint Workspace setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft SharePoint Workspace 2010\SharePoint Workspace Account Configuration Code Required HKEY_CURRENT_USER\software\policies\microsoft\office\groove Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "List of blocked Groove relay servers" SharePoint Workspace setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft SharePoint Workspace 2010\List of blocked Groove relay servers HKEY_CURRENT_USER\software\policies\microsoft\office\groove Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prohibit Groove workspaces and Shared Folders" SharePoint Workspace setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft SharePoint Workspace 2010\Prohibit Groove workspaces and Shared Folders HKEY_CURRENT_USER\software\policies\microsoft\office\groove Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable IPv6" SharePoint Workspace setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft SharePoint Workspace 2010\Enable IPv6 HKEY_CURRENT_USER\software\policies\microsoft\office\groove Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set maximum number of proxy connection failures" SharePoint Workspace setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft SharePoint Workspace 2010\Set maximum number of proxy connection failures HKEY_CURRENT_USER\software\policies\microsoft\office\groove Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prefer IPv4" SharePoint Workspace setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft SharePoint Workspace 2010\Prefer IPv4 HKEY_CURRENT_USER\software\policies\microsoft\office\groove Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Groove Server Manager Valid Link Security" SharePoint Workspace setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft SharePoint Workspace 2010\Groove Server Manager Valid Link Security HKEY_CURRENT_USER\software\policies\microsoft\office\groove Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "VBA Macro Notification Settings" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\VBA Macro Notification Settings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off trusted documents" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Turn off trusted documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted documents Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Data Execution Prevention" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Turn off Data Execution Prevention HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set maximum number of trusted documents" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Set maximum number of trusted documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted documents Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Trusted Documents on the network" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Turn off Trusted Documents on the network HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted documents Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set maximum number of trust records to preserve" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Set maximum number of trust records to preserve HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted documents Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Trust Bar Notification for unsigned application add-ins and block them" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins and block them HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable all application add-ins" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Disable all application add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Require that application add-ins are signed by Trusted Publisher" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Reminders" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Reminder Options\Reminders HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\reminders Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Save checked-out files to" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Save\Offline Editing\Save checked-out files to HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Quick Steps Gallery" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Disable Items in User Interface\Predefined\Disable Quick Steps Gallery HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hide 'Shared Collections'" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Clip Organizer\Hide 'Shared Collections' HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\clip organizer Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hide 'Office Collections'" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Clip Organizer\Hide 'Office Collections' HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\clip organizer Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable menu item: File | Add Clips To Organizer | From Scanner or Camera" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Clip Organizer\Disable menu item: File | Add Clips To Organizer | From Scanner or Camera HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\clip organizer Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent changes to primary collection" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Clip Organizer\Prevent changes to primary collection HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\clip organizer Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Clip Organizer Online URL" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Clip Organizer\Clip Organizer Online URL HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\clip organizer Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable preview of sound and motion on Terminal Server" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Clip Organizer\Enable preview of sound and motion on Terminal Server HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\clip organizer Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Search for clip art based on this language" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Clip Organizer\Search for clip art based on this language HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\clip organizer Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent access to online clip art" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Clip Organizer\Prevent access to online clip art HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\clip organizer Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hide 'My Collections'" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Clip Organizer\Hide 'My Collections' HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\clip organizer Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent users from importing new clips" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Clip Organizer\Prevent users from importing new clips HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\clip organizer Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "EKU filtering" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Signing\EKU filtering HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signatures Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set default image directory" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Signing\Set default image directory HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signatures Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Legacy format signatures" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Signing\Legacy format signatures HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signatures Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Key Usage Filtering" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Signing\Key Usage Filtering HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set download location for Microsoft .NET Framework 2.0 Language Pack" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Downloading Framework Components\Set download location for Microsoft .NET Framework 2.0 Language Pack HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set download location for Microsoft .NET Framework 2.0" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Downloading Framework Components\Set download location for Microsoft .NET Framework 2.0 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set download location for Workflow component" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Downloading Framework Components\Set download location for Workflow component HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hide missing component download hyperlinks" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Downloading Framework Components\Hide missing component download hyperlinks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Customize Active Directory search field for home phone lookup" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Active Directory/person name action integration\Customize Active Directory search field for home phone lookup HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Customize Active Directory search field for primary telephone lookup" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Active Directory/person name action integration\Customize Active Directory search field for primary telephone lookup HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Customize Active Directory search field for e-mail address lookup" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Active Directory/person name action integration\Customize Active Directory search field for e-mail address lookup HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Active Directory lookups for the person name action" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Active Directory/person name action integration\Disable Active Directory lookups for the person name action HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Customize Active Directory search field for office location lookup" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Active Directory/person name action integration\Customize Active Directory search field for office location lookup HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Customize Active Directory search field for mobile phone lookup" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Active Directory/person name action integration\Customize Active Directory search field for mobile phone lookup HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Customize Active Directory search field for manager lookup" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Active Directory/person name action integration\Customize Active Directory search field for manager lookup HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Run rules on RSS items" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\RSS Feeds\Run rules on RSS items HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\rss Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Synchronize Outlook RSS Feeds with Common Feed List" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\RSS Feeds\Synchronize Outlook RSS Feeds with Common Feed List HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\rss Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatically download enclosures" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\RSS Feeds\Automatically download enclosures HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\rss Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off RSS feature" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\RSS Feeds\Turn off RSS feature HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\rss Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Override published sync interval" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\RSS Feeds\Override published sync interval HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\rss Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not roam users' RSS Feeds" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\RSS Feeds\Do not roam users' RSS Feeds HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\rss Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default RSS Feeds" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\RSS Feeds\Default RSS Feeds HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\accounts Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download full text of articles as HTML attachments" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\RSS Feeds\Download full text of articles as HTML attachments HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\rss Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Word 2007 and later documents and templates" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word 2007 and later documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Legacy converters for Word" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Legacy converters for Word HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "RTF files" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\RTF files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Word 2007 and later binary documents and templates" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word 2007 and later binary documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Word 2003 and plain XML documents" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word 2003 and plain XML documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Word 2000 binary documents and templates" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word 2000 binary documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Office Open XML converters for Word" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Office Open XML converters for Word HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set default file block behavior" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Set default file block behavior HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Word 95 binary documents and templates" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word 95 binary documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Word 2 and earlier binary documents and templates" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word 2 and earlier binary documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Word 2003 binary documents and templates" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word 2003 binary documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "OpenDocument Text files" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\OpenDocument Text files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web pages" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Web pages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Word beta converters" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word beta converters HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Word XP binary documents and templates" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word XP binary documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Word 6.0 binary documents and templates" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word 6.0 binary documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Word beta files" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word beta files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Word 97 binary documents and templates" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word 97 binary documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Plain text files" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Plain text files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Print TrueType fonts as graphics" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Print TrueType fonts as graphics HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "When selecting, automatically select entire word" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\When selecting, automatically select entire word HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use smart cut and paste" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Use smart cut and paste HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "End with black slide" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\End with black slide HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Print in background" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Print in background HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show all windows in the Taskbar" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Show all windows in the Taskbar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show popup toolbar" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Show popup toolbar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Print inserted objects at printer resolution" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Print inserted objects at printer resolution HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set default number of documents in the Recent Documents list" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Set default number of documents in the Recent Documents list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\file mru Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show vertical ruler" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Show vertical ruler HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show menu on right mouse click" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Show menu on right mouse click HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow text to be dragged and dropped" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Allow text to be dragged and dropped HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Maximum number of undos" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Maximum number of undos HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set number of places in the Recent Places list" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Set number of places in the Recent Places list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\place mru Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Rely on VML for displaying graphics in browsers" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Browsers\Rely on VML for displaying graphics in browsers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow PNG as an output format" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Browsers\Allow PNG as an output format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default unit of measurement used in OneNote" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Default unit of measurement used in OneNote HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\other Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable embedded files" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Disable embedded files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Add OneNote icon to notification area" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Add OneNote icon to notification area HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\other Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Load a notebook on first boot" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Load a notebook on first boot HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\other Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable OneNote screen clipping notifications" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Disable OneNote screen clipping notifications HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\other Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable OneNote Screen Clippings" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Disable OneNote Screen Clippings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\other Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Number of days before warning that server is inaccessible" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Number of days before warning that server is inaccessible HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\synchronization Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Embedded Files Blocked Extensions" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Embedded Files Blocked Extensions HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\embeddedfileopenoptions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable OCR" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Disable OCR HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\other Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "SharePoint sync interval for notebooks stored on SharePoint" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\SharePoint sync interval for notebooks stored on SharePoint HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\save Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off OneNote auto-linked note taking" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Turn off OneNote auto-linked note taking HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\linkednotes Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set UNC interval to poll for changes on file servers" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Set UNC interval to poll for changes on file servers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\save Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not permit download of content from safe zones" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Automatic Picture Download Settings\Do not permit download of content from safe zones HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include Intranet in Safe Zones for Automatic Picture Download" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Automatic Picture Download Settings\Include Intranet in Safe Zones for Automatic Picture Download HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display pictures and external content in HTML e-mail" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Automatic Picture Download Settings\Display pictures and external content in HTML e-mail HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include Internet in Safe Zones for Automatic Picture Download" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Automatic Picture Download Settings\Include Internet in Safe Zones for Automatic Picture Download HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Automatic Picture Download Settings\Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Block Trusted Zones" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Automatic Picture Download Settings\Block Trusted Zones HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Change the limit for the number of characters in Friendly Name" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\MIME to MAPI Conversion\Change the limit for the number of characters in Friendly Name HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Change the limit for the number of recipients" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\MIME to MAPI Conversion\Change the limit for the number of recipients HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Change the limit for the number of MIME body parts" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\MIME to MAPI Conversion\Change the limit for the number of MIME body parts HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Change the limit for the number of MIME headers" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\MIME to MAPI Conversion\Change the limit for the number of MIME headers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Change the limit for the number of nested embedded messages" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\MIME to MAPI Conversion\Change the limit for the number of nested embedded messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Font" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\General\Font HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show Mini Toolbar on selection" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\General\Show Mini Toolbar on selection HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars\excel Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show all windows in the Taskbar" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\General\Show all windows in the Taskbar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default Sheets" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\General\Default Sheets HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable Live Preview" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\General\Enable Live Preview HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Access to published calendars" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\OFfice.com Sharing Service\Access to published calendars HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\pubcal Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent publishing to Office.com" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\OFfice.com Sharing Service\Prevent publishing to Office.com HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\pubcal Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Publish interval" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\OFfice.com Sharing Service\Publish interval HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\pubcal Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Path to DAV server" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\OFfice.com Sharing Service\Path to DAV server HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\pubcal Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent publishing to a DAV server" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\OFfice.com Sharing Service\Prevent publishing to a DAV server HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\pubcal Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict upload method" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\OFfice.com Sharing Service\Restrict upload method HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\pubcal Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict level of calendar details users can publish" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\OFfice.com Sharing Service\Restrict level of calendar details users can publish HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\pubcal Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off file validation" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Turn off file validation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\filevalidation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Perform file validation on pivot caches" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Perform file validation on pivot caches HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\filevalidation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scan encrypted macros in Excel Open XML workbooks" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Scan encrypted macros in Excel Open XML workbooks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Force file extension to match file type" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Force file extension to match file type HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow file types as attachments to forms" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Allow file types as attachments to forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable fully trusted solutions full access to computer" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Disable fully trusted solutions full access to computer HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Control behavior for Microsoft SharePoint Foundation gradual upgrade" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Control behavior for Microsoft SharePoint Foundation gradual upgrade HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Block specific file types as attachments to forms" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Block specific file types as attachments to forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Beaconing UI for forms opened in InfoPath" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Beaconing UI for forms opened in InfoPath HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display a warning that a form is digitally signed" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Display a warning that a form is digitally signed HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Beaconing UI for forms opened in InfoPath Filler ActiveX" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Beaconing UI for forms opened in InfoPath Filler ActiveX HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable opening of solutions from the Internet security zone" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Disable opening of solutions from the Internet security zone HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable opening forms with managed code from the Internet security zone" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Disable opening forms with managed code from the Internet security zone HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow the use of ActiveX Custom Controls in InfoPath forms" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Allow the use of ActiveX Custom Controls in InfoPath forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent users from allowing unsafe file types to be attached to forms" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Prevent users from allowing unsafe file types to be attached to forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Detect language automatically" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Review Tab\Language | Set Proofing Language...\Detect language automatically HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "List of error messages to customize" Access setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Access 2010\Customizable Error Messages\List of error messages to customize HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\customizablealerts Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off file synchronization via SOAP over HTTP" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Miscellaneous\Server Settings\Turn off file synchronization via SOAP over HTTP HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Auto Keyboard Switching" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Editing\Auto Keyboard Switching HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\language Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Auto Numbering Recognition" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Editing\Auto Numbering Recognition HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\editing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default Font Size" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Editing\Default Font Size HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\editing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off link creation with [[ ]]" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Editing\Turn off link creation with [[ ]] HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\editing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show Paste Options buttons" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Editing\Show Paste Options buttons HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\other Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off auto calculator" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Editing\Turn off auto calculator HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\editing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Auto Bullet Recognition" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Editing\Auto Bullet Recognition HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\editing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Include link to source when pasting from the Internet" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Editing\Include link to source when pasting from the Internet HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\editing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default Font Name" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Editing\Default Font Name HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\editing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Polling Out-of-office Web service" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Out of Office Assistant\Polling Out-of-office Web service HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\oof Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not display the reading pane" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Do not display the reading pane HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Make Outlook the default program for E-mail, Contacts, and Calendar" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Make Outlook the default program for E-mail, Contacts, and Calendar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not download photos from the Active Directory" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Do not download photos from the Active Directory HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\contact Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Print dark categories" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Print dark categories HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\printing Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Empty the Deleted Items folder when Outlook closes" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Empty the Deleted Items folder when Outlook closes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Reading Pane" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Reading Pane HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hide photo link" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Hide photo link HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show Mini Toolbar on selection" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Show Mini Toolbar on selection HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars\outlook Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enter seconds to wait to download changes from server" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Enter seconds to wait to download changes from server HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached mode Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enter seconds to wait to upload changes to server" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Enter seconds to wait to upload changes to server HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached mode Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disallow Download Full Items" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Disallow Download Full Items HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached mode Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download Public Folder Favorites" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Download Public Folder Favorites HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached mode Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disallow Download Headers" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Disallow Download Headers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached mode Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enter maximum seconds to wait to sync changes" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Enter maximum seconds to wait to sync changes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached mode Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Cached Exchange Mode (File | Cached Exchange Mode)" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Cached Exchange Mode (File | Cached Exchange Mode) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached mode Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disallow Download Headers then Full Items" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Disallow Download Headers then Full Items HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached mode Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Download shared non-mail folders" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Download shared non-mail folders HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached mode Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Cached Exchange Mode for new and existing Outlook profiles" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Use Cached Exchange Mode for new and existing Outlook profiles HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached mode Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not sync in Cached Exchange mode when users click Send/Receive or F9" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Do not sync in Cached Exchange mode when users click Send/Receive or F9 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached mode Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disallow On Slow Connections Only Download Headers" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Disallow On Slow Connections Only Download Headers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached mode Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify ScreenTips to appear" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Display\Specify ScreenTips to appear HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent showing New screen on launch" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Display\Prevent showing New screen on launch HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stencil window ScreenTips" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Display\Stencil window ScreenTips HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Actions" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Display\Actions HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Duration" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Display\Duration HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\document Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Always offer 'Metric' and 'US units' for new blank drawings and stencils" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Display\Always offer 'Metric' and 'US units' for new blank drawings and stencils HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Angle" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Display\Angle HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\document Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Text" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Display\Text HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\document Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Save Visio files as" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Save\Save Documents\Save Visio files as HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prompt for document properties on first save" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Save\Save Documents\Prompt for document properties on first save HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Followed hyperlink color" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Edit\Hyperlink appearance in 'Project1'\Followed hyperlink color HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\edit Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hyperlink color" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Edit\Hyperlink appearance in 'Project1'\Hyperlink color HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\edit Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Underline hyperlinks" Project setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Edit\Hyperlink appearance in 'Project1'\Underline hyperlinks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\edit Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Rely on CSS for font formatting" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\General\Rely on CSS for font formatting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure trusted add-ins" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Programmatic Security\Trusted Add-ins\Configure trusted add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security\trustedaddins Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use legacy Change Password authentication dialog boxes" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Use legacy Change Password authentication dialog boxes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\rpc Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Exchange Unicode Mode - Turn off ANSI mode" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Exchange Unicode Mode - Turn off ANSI mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\emsp Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set maximum number of Exchange accounts per profile" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Set maximum number of Exchange accounts per profile HKEY_CURRENT_USER\software\policies\microsoft\exchange Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Authentication with Exchange Server" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Authentication with Exchange Server HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict legacy Exchange account" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Restrict legacy Exchange account HKEY_CURRENT_USER\software\policies\microsoft\exchange Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Exchange Unicode Mode - Ignore OST Format" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Exchange Unicode Mode - Ignore OST Format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\emsp Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not allow users to change permissions on folders" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Do not allow users to change permissions on folders HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\folders Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not display Folder Size button on folder properties dialog box" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Do not display Folder Size button on folder properties dialog box HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Synchronizing data in shared folders" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Synchronizing data in shared folders HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached mode Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify exceptions for DisableCrossAccountCopy" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Specify exceptions for DisableCrossAccountCopy HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Cached Exchange low bandwidth threshold" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange low bandwidth threshold HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\rpc Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatically configure profile based on Active Directory Primary SMTP address" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Automatically configure profile based on Active Directory Primary SMTP address HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\autodiscover Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not allow an OST file to be created" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Do not allow an OST file to be created HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\ost Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable RPC encryption" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Enable RPC encryption HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\rpc Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not validate personal Contact Groups when sending e-mail messages" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Do not validate personal Contact Groups when sending e-mail messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Exchange Unicode Mode - Silent OST format change" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Exchange Unicode Mode - Silent OST format change HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\emsp Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure Outlook Anywhere user interface options" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Configure Outlook Anywhere user interface options HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\rpc Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent copying or moving items between accounts" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Prevent copying or moving items between accounts HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set default file block behavior" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\Set default file block behavior HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "PowerPoint 97-2003 presentations, shows, templates and add-in files" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\PowerPoint 97-2003 presentations, shows, templates and add-in files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Outline files" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\Outline files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "PowerPoint beta converters" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\PowerPoint beta converters HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Microsoft Office Open XML converters for PowerPoint" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\Microsoft Office Open XML converters for PowerPoint HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web Pages" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\Web Pages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "PowerPoint beta files" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\PowerPoint beta files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Graphic Filters" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\Graphic Filters HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Legacy converters for PowerPoint" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\Legacy converters for PowerPoint HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "OpenDocument Presentation files" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\OpenDocument Presentation files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "PowerPoint 2007 and later presentations, shows, templates, themes and add-in files" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\PowerPoint 2007 and later presentations, shows, templates, themes and add-in files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Merge formatting when pasting from PowerPoint" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Smart cut and paste\Merge formatting when pasting from PowerPoint HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Adjust formatting when pasting from Microsoft Excel" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Smart cut and paste\Adjust formatting when pasting from Microsoft Excel HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Adjust table formatting and alignment on paste" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Smart cut and paste\Adjust table formatting and alignment on paste HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Smart style behavior" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Smart cut and paste\Smart style behavior HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Merge pasted lists with surrounding lists" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Smart cut and paste\Merge pasted lists with surrounding lists HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Adjust sentence and word spacing automatically" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Smart cut and paste\Adjust sentence and word spacing automatically HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Adjust paragraph spacing on paste" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Smart cut and paste\Adjust paragraph spacing on paste HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable password protected sections" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Password\Disable password protected sections HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Lock password protected sections after user hasn't worked on them for a time" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Password\Lock password protected sections after user hasn't worked on them for a time HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Lock password protected sections as soon as I navigate away from them" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Password\Lock password protected sections as soon as I navigate away from them HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disallows add-ons access to password protected sections" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Password\Disallows add-ons access to password protected sections HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust access to Visual Basic Project" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trust access to Visual Basic Project HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Scan encrypted macros in Word Open XML documents" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Scan encrypted macros in Word Open XML documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable all application add-ins" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Disable all application add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Require that application add-ins are signed by Trusted Publisher" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set maximum number of trusted documents" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Set maximum number of trusted documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted documents Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Data Execution Prevention" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Turn off Data Execution Prevention HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set maximum number of trust records to preserve" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Set maximum number of trust records to preserve HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted documents Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "VBA Macro Notification Settings" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\VBA Macro Notification Settings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off trusted documents" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Turn off trusted documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted documents Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Trusted Documents on the network" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Turn off Trusted Documents on the network HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted documents Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Trust Bar Notification for unsigned application add-ins and block them" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins and block them HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Resize graphics to fit browser window" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Web Options...\General\Resize graphics to fit browser window HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Slide navigation" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Web Options...\General\Slide navigation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show slide animation while browsing" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Web Options...\General\Show slide animation while browsing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Offline Address Book: Limit manual OAB downloads" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Offline Address Book\Offline Address Book: Limit manual OAB downloads HKEY_CURRENT_USER\software\policies\microsoft\exchange\exchange provider Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Hierarchical Address Book search" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Offline Address Book\Turn off Hierarchical Address Book search HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Return e-mail alias if it exactly matches the provided e-mail address when searching OAB" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Offline Address Book\Return e-mail alias if it exactly matches the provided e-mail address when searching OAB HKEY_CURRENT_USER\software\policies\microsoft\exchange\exchange provider Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Offline Address Book: Limit number of incremental OAB downloads" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Offline Address Book\Offline Address Book: Limit number of incremental OAB downloads HKEY_CURRENT_USER\software\policies\microsoft\exchange\exchange provider Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display option for downloading OAB changes since last Send/Receive" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Offline Address Book\Display option for downloading OAB changes since last Send/Receive HKEY_CURRENT_USER\software\policies\microsoft\exchange\exchange provider Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Offline Address Book: Prompt before Downloading Full OAB" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Offline Address Book\Offline Address Book: Prompt before Downloading Full OAB HKEY_CURRENT_USER\software\policies\microsoft\exchange\exchange provider Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Hierarchical Address Book" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Offline Address Book\Turn off Hierarchical Address Book HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Hierarchical Address Book department selection" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Offline Address Book\Turn off Hierarchical Address Book department selection HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use only OAB v4" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Offline Address Book\Use only OAB v4 HKEY_CURRENT_USER\software\policies\microsoft\exchange\exchange provider Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Mail account options" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Mail Setup\Mail account options HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Dial-up options" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Mail Setup\Dial-up options HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Smiley faces and arrows with special symbols" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Proofing\AutoCorrect Options\Smiley faces and arrows with special symbols HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\autoformat as you type Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Ordinals with superscript" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Proofing\AutoCorrect Options\Ordinals with superscript HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\autoformat as you type Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Fractions with fraction character" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Proofing\AutoCorrect Options\Fractions with fraction character HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\autoformat as you type Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hyphens with dash" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Proofing\AutoCorrect Options\Hyphens with dash HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\autoformat as you type Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Straight quotes with smart quotes" Visio setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Proofing\AutoCorrect Options\Straight quotes with smart quotes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\autoformat as you type Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off auto-switching from horizontal to vertical layout" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Schedule View\Turn off auto-switching from horizontal to vertical layout HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\wunderbar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Legacy Group Calendar migration" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Schedule View\Turn off Legacy Group Calendar migration HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\wunderbar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent My Department Calendar from appearing" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Schedule View\Prevent My Department Calendar from appearing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\wunderbar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off sharing recommendation" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Schedule View\Turn off sharing recommendation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Reporting Line Group Calendar from appearing" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Schedule View\Prevent Reporting Line Group Calendar from appearing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\wunderbar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not allow horizontal calendar view" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Schedule View\Do not allow horizontal calendar view HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off auto-switching from vertical to horizontal layout" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Schedule View\Turn off auto-switching from vertical to horizontal layout HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\wunderbar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prevent Other Department Calendar from appearing" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Schedule View\Prevent Other Department Calendar from appearing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\wunderbar Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Maximum number of once-per-day version history items kept" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Versions and Recyle Bin\Maximum number of once-per-day version history items kept HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\versions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Versions and Notebook Recycle Bin in shared notebooks" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Versions and Recyle Bin\Turn off Versions and Notebook Recycle Bin in shared notebooks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\versions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prune versions over time" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Versions and Recyle Bin\Do not prune versions over time HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\versions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Days back to keep items in recycle bin" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Versions and Recyle Bin\Days back to keep items in recycle bin HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\versions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Days of hourly versions not to prune after Days Back" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Versions and Recyle Bin\Days of hourly versions not to prune after Days Back HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\versions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Days back to keep in version history" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Versions and Recyle Bin\Days back to keep in version history HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\versions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enter text direction for new forms" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Design\Enter text direction for new forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\designer Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Email Forms Beaconing UI" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Miscellaneous\Email Forms Beaconing UI HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow users to turn on and off printing of background colors." InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Miscellaneous\Allow users to turn on and off printing of background colors. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\internet explorer\main Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Microsoft InfoPath Filler Control" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Miscellaneous\Disable Microsoft InfoPath Filler Control HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\editor\activexcontrol Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off InfoPath Designer mode" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Miscellaneous\Turn off InfoPath Designer mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\designer Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enter URL of location where template parts are stored" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\Miscellaneous\Enter URL of location where template parts are stored HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\designer Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Clipart pictures" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\File Locations\Clipart pictures HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Tools" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\File Locations\Tools HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "AutoRecover files" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\File Locations\AutoRecover files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Startup" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\File Locations\Startup HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Default File Location" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\File Locations\Default File Location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Block opening of pre-release versions of file formats new to Word 2010 through the Compatibility Pack for Office 2010 and Word 2010 Open XML/Word 97-2003 Format Converter" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Office 2010 Converters\Block opening of pre-release versions of file formats new to Word 2010 through the Compatibility Pack for Office 2010 and Word 2010 Open XML/Word 97-2003 Format Converter HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Block opening of pre-release versions of file formats new to Excel 2010 through the Compatibility Pack for Office 2010 and Excel 2010 Converter" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Office 2010 Converters\Block opening of pre-release versions of file formats new to Excel 2010 through the Compatibility Pack for Office 2010 and Excel 2010 Converter HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Block opening of pre-release versions of file formats new to PowerPoint 2010 through the Compatibility Pack for Office 2010 and PowerPoint 2010 Converter" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Office 2010 Converters\Block opening of pre-release versions of file formats new to PowerPoint 2010 through the Compatibility Pack for Office 2010 and PowerPoint 2010 Converter HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblock Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Add file extensions to block as Level 1" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Attachment Security\Add file extensions to block as Level 1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display OLE package objects" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Attachment Security\Display OLE package objects HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Add file extensions to block as Level 2" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Attachment Security\Add file extensions to block as Level 2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt about Level 1 attachments when sending an item" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Attachment Security\Do not prompt about Level 1 attachments when sending an item HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Allow users to demote attachments to Level 2" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Attachment Security\Allow users to demote attachments to Level 2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Remove file extensions blocked as Level 2" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Attachment Security\Remove file extensions blocked as Level 2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not prompt about Level 1 attachments when closing an item" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Attachment Security\Do not prompt about Level 1 attachments when closing an item HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Remove file extensions blocked as Level 1" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Attachment Security\Remove file extensions blocked as Level 1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display Level 1 attachments" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Attachment Security\Display Level 1 attachments HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display Developer tab in the Ribbon" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Customize Ribbon\Display Developer tab in the Ribbon HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Match minus, dash, cho" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\East Asian Language Find\Match minus, dash, cho HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\fe Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set EA line breaking" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\East Asian Language Find\Set EA line breaking HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\designer\fe Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Match full/half width forms" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\East Asian Language Find\Match full/half width forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\fe Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Match cho-on used for vowels" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\East Asian Language Find\Match cho-on used for vowels HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\fe Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Check if Office is the default editor for Web pages created in Office" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Files\Check if Office is the default editor for Web pages created in Office HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Organize supporting files in a folder" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Files\Organize supporting files in a folder HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open Office document directly in Office application" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Files\Open Office document directly in Office application HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Open Office documents as read/write while browsing" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Files\Open Office documents as read/write while browsing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Prompt user to setup printer" Publisher setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Publisher 2010\Miscellaneous\Prompt user to setup printer HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Add double quotes in Hebrew alphabet numbering" Publisher setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Publisher 2010\Miscellaneous\Add double quotes in Hebrew alphabet numbering HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Navigation bar appears on the right" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Display\Navigation bar appears on the right HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\other Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show Note Containers" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Display\Show Note Containers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\other Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Page tabs appear on the left" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Display\Page tabs appear on the left HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\other Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Vertical scroll bar appears on left" OneNote setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Display\Vertical scroll bar appears on left HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\other Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Trusted Documents on the network" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Turn off Trusted Documents on the network HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted documents Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "VBA Macro Notification Settings" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\VBA Macro Notification Settings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set maximum number of trust records to preserve" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Set maximum number of trust records to preserve HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted documents Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Trust Bar Notification for unsigned application add-ins and block them" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins and block them HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Require that application add-ins are signed by Trusted Publisher" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust access to Visual Basic Project" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trust access to Visual Basic Project HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Data Execution Prevention" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Turn off Data Execution Prevention HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable all application add-ins" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Disable all application add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set maximum number of trusted documents" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Set maximum number of trusted documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted documents Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off trusted documents" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Turn off trusted documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted documents Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Change or delete link to the proofing tools download site" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Display Language\Change or delete link to the proofing tools download site HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display help in" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Display Language\Display help in HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Change or delete link to language pack download site" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Display Language\Change or delete link to language pack download site HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Display menus and dialog boxes in" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Display Language\Display menus and dialog boxes in HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Configure form regions permissions" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Form Region Settings\Configure form regions permissions HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\addins Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Locked form regions" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Form Region Settings\Locked form regions HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\addins\lockedformregions Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Office.com" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Help\Office.com HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use online translation dictionaries" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Miscellaneous\Use online translation dictionaries HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\research\translation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Tools | Compare and Merge Documents, Legal blackline" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Miscellaneous\Tools | Compare and Merge Documents, Legal blackline HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Alternate revision bar position in printed document" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Miscellaneous\Alternate revision bar position in printed document HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable MRU list in font dropdown" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Miscellaneous\Disable MRU list in font dropdown HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Volume preference" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Miscellaneous\Volume preference HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not use online machine translation" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Miscellaneous\Do not use online machine translation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\research\translation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set comment fields for Outlook Contacts Dictionary" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Set comment fields for Outlook Contacts Dictionary HKEY_CURRENT_USER\software\policies\microsoft\imejp\14.0\wswordcomment\plugins\mapi Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set update interval for Outlook Global Address List Dictionary" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Set update interval for Outlook Global Address List Dictionary HKEY_CURRENT_USER\software\policies\microsoft\imejp\14.0\wswordcomment\plugins\mapi Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Restrict character code range of conversion" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Restrict character code range of conversion HKEY_CURRENT_USER\software\policies\microsoft\ime\imejp\14.0\msime Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set comment fields for Outlook Global Address List Dictionary" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Set comment fields for Outlook Global Address List Dictionary HKEY_CURRENT_USER\software\policies\microsoft\imejp\14.0\wswordcomment\plugins\mapi Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set update interval for Outlook Contacts Dictionary" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Set update interval for Outlook Contacts Dictionary HKEY_CURRENT_USER\software\policies\microsoft\imejp\14.0\wswordcomment\plugins\mapi Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not include Non-Publishing Standard Glyph in the candidate list" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Do not include Non-Publishing Standard Glyph in the candidate list HKEY_CURRENT_USER\software\policies\microsoft\ime\imejp\14.0\msime Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Spanish (Peru)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Peru) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Welsh" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Welsh HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Workflow Cache 13" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 13 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow13 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #20" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #20 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location20 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Telugu" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Telugu HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turkish" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Turkish HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Suppress hyperlink warnings" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Suppress hyperlink warnings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #1" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn Off Office Live Workspace Integration" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Office Live Workspace\Turn Off Office Live Workspace Integration HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\officeliveworkspace Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Tamazight (Arabic, Morocco)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Tamazight (Arabic, Morocco) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Unsafe Location #7" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #7 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location7 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop reporting non-critical errors" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Improved Error Reporting\Stop reporting non-critical errors HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\shipasserts Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Workflow Cache 2" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 2 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Workflow Cache 4" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 4 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Tigrigna (Ethiopia)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Tigrigna (Ethiopia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Tajik" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Tajik HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #19" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #19 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location19 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #11" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #11 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location11 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Suppress Office Signing Providers" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Signing\Suppress Office Signing Providers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signatures Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Unsafe Location #8" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #8 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location8 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Ukrainian" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Ukrainian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Suppress external signature services menu item" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Signing\Suppress external signature services menu item HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signatures Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Wolof" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Wolof HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Unsafe Location #13" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #13 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location13 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Sutu (South Africa)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sutu (South Africa) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Spanish (Spain)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Spain) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Unsafe Location #2" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use Office 2003 New Document dialog box" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Use Office 2003 New Document dialog box HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #5" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #5 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location5 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "URL for location of document templates displayed when applications do not recognize rights-managed documents" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Manage Restricted Permissions\URL for location of document templates displayed when applications do not recognize rights-managed documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\drm Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Unsafe Location #12" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #12 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location12 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #16" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #16 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location16 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Workgroup building blocks path" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Shared paths\Workgroup building blocks path HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Vietnamese" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Vietnamese HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Workflow Cache 1" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 1 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #6" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #6 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location6 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #14" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #14 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location14 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #13" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #13 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location13 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "With a Web discussions link" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a reply...\With a Web discussions link HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycle Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #15" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #15 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location15 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turkmen" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Turkmen HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Unsafe Location #6" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #6 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location6 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Swedish (Sweden)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Swedish (Sweden) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Unsafe Location #20" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #20 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location20 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off presence integration" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Turn off presence integration HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\im Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Workflow Cache 8" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 8 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow8 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Unsafe Location #15" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #15 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location15 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Upper Sorbian" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Upper Sorbian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off click to telephone" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Turn off click to telephone HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\im Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Spanish (Puerto Rico)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Puerto Rico) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Spanish (United States)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (United States) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Update links on save" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Files\Update links on save HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #8" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #8 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location8 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Workflow Cache 5" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 5 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow5 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Local Solution" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Document Information Panel\Trust Local Solution HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\documentinformationpanel\trustsolution Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Unsafe Location #10" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #10 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location10 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "With a link and an attachment" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a review request...\With a link and an attachment HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycle Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Swahili" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Swahili HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Workflow Cache 6" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 6 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow6 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off PDF encryption setting UI" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Turn off PDF encryption setting UI HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\fixedformat Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Information Rights Management user interface" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Manage Restricted Permissions\Turn off Information Rights Management user interface HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\drm Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #9" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #9 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location9 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Tatar" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Tatar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Thai" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Thai HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Target monitor" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Browsers\Target monitor HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Uyghur (PRC)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Uyghur (PRC) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify Permission Policy Path" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Manage Restricted Permissions\Specify Permission Policy Path HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\drm Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "With a Web discussions link and an attachment" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a review request...\With a Web discussions link and an attachment HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycle Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "With just a simple Web discussions link" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a reply...\With just a simple Web discussions link HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycle Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web Folders: Managing pairs of Web pages and folders" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Web Folders: Managing pairs of Web pages and folders HKEY_CURRENT_USER\software\policies\microsoft\windows\currentversion\explorer Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Unsafe Location #18" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #18 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location18 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use long file names whenever possible" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Files\Use long file names whenever possible HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #17" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #17 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location17 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Spanish (Panama)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Panama) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Workflow Cache 12" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 12 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow12 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Workgroup templates path" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Shared paths\Workgroup templates path HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Open Extended Dictionary" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Turn off Open Extended Dictionary HKEY_CURRENT_USER\software\policies\microsoft\ime\shared\14.0\openextendeddict Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "With a simple Web discussions link and an attachment" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a review request...\With a simple Web discussions link and an attachment HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycle Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Workflow Cache 9" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 9 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow9 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off error reporting for files that fail file validation" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Turn off error reporting for files that fail file validation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\filevalidation Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Suggest from main dictionary only" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | Spelling\Suggest from main dictionary only HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing tools\1.0\office Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Tamil" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Tamil HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Internet search integration" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Turn off Internet search integration HKEY_CURRENT_USER\software\policies\microsoft\ime\shared\14.0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Spanish (Venezuela)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Venezuela) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off predictive input" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Turn off predictive input HKEY_CURRENT_USER\software\policies\microsoft\ime\imejp\14.0\msime Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Workflow Cache 14" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 14 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow14 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify timestamp server name" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Specify timestamp server name HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signatures Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off click to IM option" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Turn off click to IM option HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\im Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off SharePoint dictionary" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Turn off SharePoint dictionary HKEY_CURRENT_USER\software\policies\microsoft\ime\shared\14.0\sharepointdict Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Unsafe Location #11" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #11 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location11 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Specify minimum XAdES level for digital signature generation" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Specify minimum XAdES level for digital signature generation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signatures Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Unsafe Location #9" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #9 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location9 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "When choosing 'Send for Review...'" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\When choosing 'Send for Review...' HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #18" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #18 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location18 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Workflow Cache 7" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 7 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow7 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Tsonga" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Tsonga HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Workflow Cache 11" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 11 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow11 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #10" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #10 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location10 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Unsafe Location #1" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location1 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on file synchronization via SOAP over HTTP" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\Turn on file synchronization via SOAP over HTTP HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #4" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #4 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Yoruba" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Yoruba HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Suppress recommended settings dialog" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Suppress recommended settings dialog HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Venda" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Venda HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Syriac" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Syriac HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web Archive encoding" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Web Archives\Web Archive encoding HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use auto-change list" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | Spelling\Use auto-change list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn on misconversion logging for misconversion report" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Turn on misconversion logging for misconversion report HKEY_CURRENT_USER\software\policies\microsoft\ime\shared\14.0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Uzbek (Latin)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Uzbek (Latin) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "User queries path" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Shared paths\User queries path HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Web Query dialog box home page" Excel setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Shared paths\Web Query dialog box home page HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use ClearType" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Use ClearType HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off custom dictionary" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Turn off custom dictionary HKEY_CURRENT_USER\software\policies\microsoft\ime\shared\14.0 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #3" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #3 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off saving input history data for predictive input to file" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Turn off saving input history data for predictive input to file HKEY_CURRENT_USER\software\policies\microsoft\ime\imejp\14.0\msime Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Swedish (Finland)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Swedish (Finland) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "User templates path" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Shared paths\User templates path HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off screen clipping" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Disable Items in User Interface\Turn off screen clipping HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\insert media\screenshot Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Tigrigna (Eritrea)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Tigrigna (Eritrea) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Tibetan (PRC)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Tibetan (PRC) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Spanish (Nicaragua)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Nicaragua) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "With a Web discussions link" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a review request...\With a Web discussions link HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycle Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Urdu" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Urdu HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Stop reporting error messages" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Improved Error Reporting\Stop reporting error messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\alerts Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Tamazight (Latin, Algeria)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Tamazight (Latin, Algeria) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Spanish (Paraguay)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Paraguay) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Yi (PRC)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Yi (PRC) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Use system font instead of the Office default UI font" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Use system font instead of the Office default UI font HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Tooltip for disabled toolbar buttons and menu items" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Disable Items in User Interface\Tooltip for disabled toolbar buttons and menu items HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #2" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location2 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Workflow Cache 15" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 15 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow15 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #12" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #12 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location12 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "With a simple Web discussions link" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a reply...\With a simple Web discussions link HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycle Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Yiddish" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Yiddish HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off user customizations via UI" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Turn off user customizations via UI HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars\outlook Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Unsafe Location #3" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #3 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location3 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off all user customizations" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Turn off all user customizations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars\onenote Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Trust Center: Trusted Location #7" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #7 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location7 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Unsafe Location #16" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #16 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location16 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off Outlook name dictionaries" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Turn off Outlook name dictionaries HKEY_CURRENT_USER\software\policies\microsoft\ime\shared\14.0\mapi Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Turn off saving auto-tuning data to file" setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Turn off saving auto-tuning data to file HKEY_CURRENT_USER\software\policies\microsoft\ime\imejp\14.0\msime Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "With just an attachment" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a reply...\With just an attachment HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycle Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Spanish (Uruguay)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Uruguay) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Unsafe Location #5" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #5 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location5 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Unsafe Location #19" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #19 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location19 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Unsafe Location #14" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #14 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location14 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "With a simple Web discussions link" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a review request...\With a simple Web discussions link HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycle Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Unsafe Location #4" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #4 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location4 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Uzbek (Cyrillic)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Uzbek (Cyrillic) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Unsafe Location #17" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #17 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location17 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Yakut" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Yakut HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Workflow Cache 10" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 10 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow10 Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Do not record listed Outlook items in Journal" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Journal Options\Do not record listed Outlook items in Journal HKEY_CURRENT_USER\software\policies\microsoft\shared tools\outlook\journaling\e-mail message Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Automatically journal these items" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Journal Options\Automatically journal these items HKEY_CURRENT_USER\software\policies\microsoft\shared tools\outlook\journaling\task request Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Journal entry options" Outlook setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Journal Options\Journal entry options HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\journal Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hide missing component download hyperlinks" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft SharePoint Designer 2010\Downloading Framework Components\Hide missing component download hyperlinks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Set download location for Microsoft .NET Framework 3.5 SP1" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft SharePoint Designer 2010\Downloading Framework Components\Set download location for Microsoft .NET Framework 3.5 SP1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Enable AutoRecover" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Advanced\Enable AutoRecover HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "AutoRecover Interval" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Advanced\AutoRecover Interval HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Common Language Runtime errors when filling out forms" InfoPath setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Advanced\Disable Common Language Runtime errors when filling out forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\form debugging Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Online content options" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Service Options...\Online Content\Online content options HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Show the New template gallery when starting Publisher" Publisher setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\General\Show the New template gallery when starting Publisher HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferences Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable Slide Update" PowerPoint setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Miscellaneous\Disable Slide Update HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\slide libraries Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable commands" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Disable Items in User Interface\Predefined\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\disabledcmdbaritemscheckboxes Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable shortcut keys" Word setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Word 2010\Disable Items in User Interface\Predefined\Disable shortcut keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\disabledshortcutkeyscheckboxes Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Disable commands" Publisher setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Publisher 2010\Disable Items in User Interface\Custom\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\disabledcmdbaritemslist Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Afrikaans" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Afrikaans HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Greek" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Greek HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Maori" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Maori HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Amharic" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Amharic HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Alsatian" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Alsatian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Assamese (India)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Assamese (India) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Russian (Moldova)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Russian (Moldova) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Bengali (Bangladesh)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Bengali (Bangladesh) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Romanian (Moldova)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Romanian (Moldova) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Gaelic (United Kingdom)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Gaelic (United Kingdom) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Kazakh" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Kazakh HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Chinese (Hong Kong S.A.R.)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Chinese (Hong Kong S.A.R.) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Spanish (El Salvador)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (El Salvador) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Armenian (Armenia)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Armenian (Armenia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Inuktitut (Latin)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Inuktitut (Latin) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Korean" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Korean HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Serbian (Latin, Serbia and Montenegro (Former))" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Serbian (Latin, Serbia and Montenegro (Former)) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Georgian" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Georgian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Serbian (Latin, Serbia)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Serbian (Latin, Serbia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Quechua (Bolivia)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Quechua (Bolivia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Igbo" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Igbo HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Sami, Southern (Sweden)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sami, Southern (Sweden) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Romanian (Romania)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Romanian (Romania) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Spanish (Guatemala)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Guatemala) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Papiamentu" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Papiamentu HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Fulfulde" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Fulfulde HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hawaiian" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Hawaiian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Arabic (Yemen)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Yemen) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Setswana" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Setswana HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Mongolian (Traditional Mongolian)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Mongolian (Traditional Mongolian) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Sami, Skolt (Finland)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sami, Skolt (Finland) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "English (Belize)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Belize) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Serbian (Latin, Montenegro)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Serbian (Latin, Montenegro) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Arabic (Algeria)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Algeria) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Spanish (Honduras)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Honduras) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Lithuanian" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Lithuanian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Bosnian (Cyrillic, Bosnia and Herzegovina)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Bosnian (Cyrillic, Bosnia and Herzegovina) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Macedonian (FYROM)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Macedonian (FYROM) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Azeri (Latin)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Azeri (Latin) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Konkani" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Konkani HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "French (Haiti)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Haiti) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hungarian" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Hungarian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Sindhi (Devanagari)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sindhi (Devanagari) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Dutch (Netherlands)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Dutch (Netherlands) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Inuktitut (Syllabics)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Inuktitut (Syllabics) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Oriya" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Oriya HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "French (Cameroon)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Cameroon) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Sinhala" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sinhala HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Quechua (Ecuador)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Quechua (Ecuador) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Mongolian (Cyrillic)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Mongolian (Cyrillic) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Croatian (Bosnia and Herzegovina)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Croatian (Bosnia and Herzegovina) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "English (Hong Kong S.A.R.)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Hong Kong S.A.R.) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Danish" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Danish HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "English (Ireland)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Ireland) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "French (Monaco)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Monaco) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Azeri (Cyrillic)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Azeri (Cyrillic) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Chinese (Singapore)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Chinese (Singapore) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Spanish (Dominican Republic)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Dominican Republic) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Spanish (Argentina)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Argentina) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Kannada" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Kannada HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Catalan" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Catalan HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Arabic (Egypt)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Egypt) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Slovak" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Slovak HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Portuguese (Brazil)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Portuguese (Brazil) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Kashmiri (Devanagari)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Kashmiri (Devanagari) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Chinese (PRC)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Chinese (PRC) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Finnish" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Finnish HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Kanuri" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Kanuri HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "French (Canada)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Canada) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Maltese" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Maltese HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Arabic (Saudi Arabia)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Saudi Arabia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Guarani" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Guarani HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Malay (Brunei Darussalam)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Malay (Brunei Darussalam) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "English (Indonesia)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Indonesia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Spanish (Bolivia)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Bolivia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Punjabi" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Punjabi HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Portuguese (Portugal)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Portuguese (Portugal) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "English (Trinidad and Tobago)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Trinidad and Tobago) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Arabic (Tunisia)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Tunisia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Bashkir" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Bashkir HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Arabic (Morocco)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Morocco) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "French (France)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (France) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Sami, Lule (Sweden)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sami, Lule (Sweden) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Sanskrit" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sanskrit HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Sami, Southern (Norway)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sami, Southern (Norway) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Mohawk" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Mohawk HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Dari" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Dari HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Kinyarwanda" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Kinyarwanda HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hausa (Latin)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Hausa (Latin) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "French (West Indies)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (West Indies) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Arabic (Jordan)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Jordan) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Chinese (Macao S.A.R.)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Chinese (Macao S.A.R.) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Estonian" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Estonian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Punjabi (Pakistan)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Punjabi (Pakistan) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Arabic (Syria)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Syria) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "English (Philippines)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Philippines) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "English (U.S.)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (U.S.) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Icelandic" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Icelandic HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Sami, Inari (Finland)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sami, Inari (Finland) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "German (Luxembourg)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\German (Luxembourg) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "English (Canada)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Canada) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Albanian" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Albanian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Lao" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Lao HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Italian (Italy)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Italian (Italy) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "French (Switzerland)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Switzerland) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "French (Reunion)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Reunion) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Greenlandic" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Greenlandic HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Polish" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Polish HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "isiXhosa" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\isiXhosa HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Arabic (Qatar)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Qatar) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Spanish (Costa Rica)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Costa Rica) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Occitan" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Occitan HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Filipino" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Filipino HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Serbian (Cyrillic, Serbia and Montenegro (Former))" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Serbian (Cyrillic, Serbia and Montenegro (Former)) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Indonesian" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Indonesian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Oromo" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Oromo HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Breton" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Breton HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Malay (Malaysia)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Malay (Malaysia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Burmese (Myanmar)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Burmese (Myanmar) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Corsican" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Corsican HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Sami, Lule (Norway)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sami, Lule (Norway) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Croatian (Croatia)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Croatian (Croatia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Slovenian" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Slovenian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Latin" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Latin HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "German (Liechtenstein)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\German (Liechtenstein) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Sesotho sa Leboa" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sesotho sa Leboa HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Khmer" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Khmer HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Spanish (Chile)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Chile) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Gujarati" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Gujarati HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Irish (Ireland)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Irish (Ireland) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Serbian (Cyrillic, Serbia)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Serbian (Cyrillic, Serbia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "English (Jamaica)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Jamaica) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Sami, Northern (Norway)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sami, Northern (Norway) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Japanese" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Japanese HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Sami, Northern (Finland)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sami, Northern (Finland) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "German (Switzerland)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\German (Switzerland) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Faeroese" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Faeroese HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Basque" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Basque HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Arabic (Kuwait)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Kuwait) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Spanish (Mexico)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Mexico) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Russian (Russia)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Russian (Russia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Serbian (Cyrillic, Bosnia and Herzegovina)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Serbian (Cyrillic, Bosnia and Herzegovina) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Marathi" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Marathi HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "English (India)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (India) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "English (Malaysia)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Malaysia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Cherokee" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Cherokee HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Italian (Switzerland)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Italian (Switzerland) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "isiZulu" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\isiZulu HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Nepali (India)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Nepali (India) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Chinese (Taiwan)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Chinese (Taiwan) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "K'iche" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\K'iche HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Arabic (Lebanon)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Lebanon) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "French (Cote d'Ivoire)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Cote d'Ivoire) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Lower Sorbian" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Lower Sorbian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Latvian" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Latvian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Romansh (Switzerland)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Romansh (Switzerland) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Bosnian (Latin, Bosnia and Herzegovina)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Bosnian (Latin, Bosnia and Herzegovina) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "English (Zimbabwe)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Zimbabwe) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "English (New Zealand)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (New Zealand) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "French (Mali)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Mali) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "English (U.K.)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (U.K.) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Spanish (Ecuador)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Ecuador) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Dutch (Belgium)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Dutch (Belgium) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "German (Austria)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\German (Austria) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Bulgarian" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Bulgarian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "French (Luxembourg)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Luxembourg) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "English (Singapore)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Singapore) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Somali" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Somali HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Hebrew (Israel)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Hebrew (Israel) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Kyrgyz" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Kyrgyz HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Arabic (Bahrain)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Bahrain) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Sami, Northern (Sweden)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sami, Northern (Sweden) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Galician" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Galician HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Serbian (Cyrillic, Montenegro)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Serbian (Cyrillic, Montenegro) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "English (Caribbean)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Caribbean) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "French (Morocco)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Morocco) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Sindhi (Arabic)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sindhi (Arabic) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "German (Germany)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\German (Germany) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Luxembourgish (Luxembourg)" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Luxembourgish (Luxembourg) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 The "Mapudungun" common setting should be configured correctly. enabled/disabled User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Mapudungun HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Micros