Details
Enhanced Protected Mode provides additional protection against malicious websites by
using 64-bit processes on 64-bit versions of Windows. For computers running Windows 8
and above, Enhanced Protected Mode also limits the locations Internet Explorer can read
from in the registry and the file system.
If you enable this policy setting, Enhanced Protected Mode will be turned on. Any zone that
has Protected Mode enabled will use Enhanced Protected Mode. Users will not be able to
disable Enhanced Protected Mode.
If you disable this policy setting, Enhanced Protected Mode will be turned off. Any zone that
has Protected Mode enabled will use the version of Protected Mode introduced in Internet
Explorer 7 for Windows Vista.
If you do not configure this policy, users will be able to turn on or turn off Enhanced
Protected Mode on the Advanced tab of the Internet Options dialog. The recommended
state for this setting is- Enabled.
*Rationale*
Enhanced Protected Mode provides additional protection against malicious websites by
using 64-bit processes on 64-bit versions of Windows. For computers running Windows 8
and above, Enhanced Protected Mode also limits the locations Internet Explorer can read
from in the registry and the file system.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.
Computer ConfigurationAdministrative TemplatesWindows ComponentsInternet
ExplorerInternet Control PanelAdvanced PageTurn on Enhanced Protected Mode
Impact-If you enable this policy setting, Enhanced Protected Mode will be turned on. Any zone that
has Protected Mode enabled will use Enhanced Protected Mode. Users will not be able to
disable Enhanced Protected Mode.
If you disable this policy setting, Enhanced Protected Mode will be turned off. Any zone that
has Protected Mode enabled will use the version of Protected Mode introduced in Internet
Explorer 7 for Windows Vista.
If you do not configure this policy, users will be able to turn on or turn off Enhanced
Protected Mode on the Advanced tab of the Internet Options dialog.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.