Details
This setting controls whether Windows Media Player is allowed to download additional codecs for decoding media files it does not already understand.
The recommended state for this setting is: Enabled.
Rationale:
This has some potential for risk if a malicious data file is opened in Media Player that requires an additional codec to be installed. If a special codec is required for a necessary job function, then that codec should first be tested to ensure it is legitimate, and it should be supplied by the IT department in the organization.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled:
User ConfigurationPoliciesAdministrative TemplatesWindows ComponentsWindows Media PlayerPlaybackPrevent Codec Download
Note: This Group Policy path is provided by the Group Policy template WindowsMediaPlayer.admx/adml that is included with all versions of the Microsoft Windows Administrative Templates.
Impact:
Windows Media Player is prevented from automatically downloading codecs to your computer. In addition, the Download codecs automatically check box on the Player tab in the Player is not available.
Default Value:
Users can change the setting for the Download codecs automatically check box.
References:
CCE-37445-4
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.