Details
This policy setting allows you to manage whether users have the ability to allow or deny
add-ons through Add-On Manager. If you enable this policy setting, users cannot enable or
disable add-ons through Add-On Manager. The only exception occurs if an add-on has been
specifically entered into the ‘Add-On List’ policy setting in such a way as to allow users to
continue to manage the add-on. In this case, the user can still manage the add-on through
the Add-On Manager. If you disable or do not configure this policy setting, the appropriate
controls in the Add-On Manager will be available to the user. Configure this setting in a
manner that is consistent with security and operational requirements of your organization.
*Rationale*
Users often choose to install add-ons that are not permitted by an organization’s security
policy. Such add-ons can pose a significant security and privacy risk to your network.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to
Not Configured.
Computer ConfigurationAdministrative TemplatesWindows ComponentsInternet
ExplorerDo not allow users to enable or disable add-ons
Impact-When the Do not allow users to enable or disable add-ons setting is enabled, users will not
be able to enable or disable their own Internet Explorer add-ons. If your organization uses
add-ons, this configuration may affect their ability to work.
Default Value-Disabled
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.