Details
This policy setting allows you to manage permissions for Java applets. If you enable this
policy setting, you can choose options from the drop-down box. Select Custom to control
permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables applets to run in their sandbox (an area in memory
outside of which the program cannot make calls), plus capabilities like scratch space (a safe
and secure storage area on the client computer) and user-controlled file I/O. High
Safety enables applets to run in their sandbox. Disable Java to prevent any applets from
running. If you disable this policy setting, Java applets cannot run. If you do not configure
this policy setting, the permission is set to High Safety. The recommended state for this
setting is- Enabled-Disable Java.
*Rationale*
Java applications could contain malicious code, sites located in this security zone are more
likely to be hosted by malicious people.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.
Computer ConfigurationAdministrative TemplatesWindows ComponentsInternet
ExplorerInternet Control PanelSecurity PageInternet ZoneJava permissionsThen set the Java permissions option to Disable Java.
Default Value-High Safety
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.