Details

This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.

If you enable this policy setting the user is prompted before ActiveX controls can run from websites in this zone. The user can choose to allow the control to run from the current site or from all sites.

If you disable this policy setting the user does not see the per-site ActiveX prompt and ActiveX controls can run from all sites in this zone.

Solution

Policy Path: Windows ComponentsInternet ExplorerInternet Control PanelSecurity PageRestricted Sites Zone
Policy Setting Name: Allow only approved domains to use ActiveX controls without prompt

Supportive Information

The following resource is also helpful.

• https://blogs.technet.microsoft.com/secguide/2018/04/30/security-baseline-for-windows-10-april-2018-update-v1803-final/

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

• 800-53|SC-18(4)

Source

• Tenable.com/audits