DoD Office 2019-M365 Apps STIG User v2r12 | |
Data collected on: 3/7/2024 4:41:00 PM |
Domain | security.local |
Owner | SECURITY\Domain Admins |
Created | 3/5/2024 9:31:36 AM |
Modified | 3/5/2024 9:31:56 AM |
User Revisions | 1 (AD), 1 (SYSVOL) |
Computer Revisions | 1 (AD), 1 (SYSVOL) |
Unique ID | {4B12CA18-EE5E-4C72-A390-5B2C45C09400} |
GPO Status | Computer settings disabled |
Location | Enforced | Link Status | Path |
---|---|---|---|
None |
Name |
---|
NT AUTHORITY\Authenticated Users |
Name | Allowed Permissions | Inherited |
---|---|---|
NT AUTHORITY\Authenticated Users | Read (from Security Filtering) | No |
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS | Read | No |
NT AUTHORITY\SYSTEM | Edit settings, delete, modify security | No |
SECURITY\Domain Admins | Edit settings, delete, modify security | No |
SECURITY\Enterprise Admins | Edit settings, delete, modify security | No |
Policy | Setting | Comment | ||||||||
---|---|---|---|---|---|---|---|---|---|---|
Block macros from running in Office files from the internet | Enabled | |||||||||
Disable Trust Bar Notification for unsigned application add-ins and block them | Enabled | |||||||||
VBA Macro Notification Settings | Enabled | |||||||||
|
Policy | Setting | Comment |
---|---|---|
Allow Trusted Locations on the network | Disabled |
Policy | Setting | Comment |
---|---|---|
Do not show data extraction options when opening corrupt workbooks | Enabled |
Policy | Setting | Comment |
---|---|---|
Ask to update automatic links | Enabled |
Policy | Setting | Comment |
---|---|---|
Load pictures from Web pages not created in Excel | Disabled |
Policy | Setting | Comment |
---|---|---|
Disable AutoRepublish | Enabled | |
Do not show AutoRepublish warning alert | Disabled |
Policy | Setting | Comment | ||
---|---|---|---|---|
Force file extension to match file type | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Scan encrypted macros in Excel Open XML workbooks | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Turn off file validation | Disabled | |||
WEBSERVICE Function Notification Settings | Enabled | |||
|
Policy | Setting | Comment | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Block macros from running in Office files from the internet | Enabled | |||||||||||
Disable Trust Bar Notification for unsigned application add-ins and block them | Enabled | |||||||||||
Macro Notification Settings | Enabled | |||||||||||
|
Policy | Setting | Comment |
---|---|---|
Always prevent untrusted Microsoft Query files from opening | Enabled | |
Don’t allow Dynamic Data Exchange (DDE) server launch in Excel | Enabled | |
Don’t allow Dynamic Data Exchange (DDE) server lookup in Excel | Enabled |
Policy | Setting | Comment | ||
---|---|---|---|---|
dBase III / IV files | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Dif and Sylk files | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Excel 2 macrosheets and add-in files | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Excel 2 worksheets | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Excel 3 macrosheets and add-in files | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Excel 3 worksheets | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Excel 4 macrosheets and add-in files | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Excel 4 workbooks | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Excel 4 worksheets | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Excel 95 workbooks | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Excel 95-97 workbooks and templates | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Set default file block behavior | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Web pages and Excel 2003 XML spreadsheets | Enabled | |||
|
Policy | Setting | Comment | ||||
---|---|---|---|---|---|---|
Always open untrusted database files in Protected View | Enabled | |||||
Do not open files from the internet zone in Protected View | Disabled | |||||
Do not open files in unsafe locations in Protected View | Disabled | |||||
Set document behavior if file validation fails | Enabled | |||||
| ||||||
Policy | Setting | Comment | ||||
Turn off Protected View for attachments opened from Outlook | Disabled |
Policy | Setting | Comment |
---|---|---|
Allow Trusted Locations on the network | Disabled |
Policy | Setting | Comment | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Disable UI extending from documents and templates | Enabled | |||||||||||||||||||
|
Policy | Setting | Comment | ||
---|---|---|---|---|
ActiveX Control Initialization | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Automation Security | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Disable all Trust Bar notifications for security issues | Disabled | |||
Encryption type for password protected Office 97-2003 files | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Encryption type for password protected Office Open XML files | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Load Controls in Forms3 | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Macro Runtime Scan Scope | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Protect document metadata for rights managed Office Open XML Files | Enabled |
Policy | Setting | Comment |
---|---|---|
Allow mix of policy and user locations | Disabled |
Policy | Setting | Comment |
---|---|---|
Disable the Office client from polling the SharePoint Server for published links | Enabled |
Policy | Setting | Comment |
---|---|---|
Disable Smart Document's use of manifests | Enabled |
Policy | Setting | Comment | ||
---|---|---|---|---|
Authentication with Exchange Server | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Enable RPC encryption | Enabled |
Policy | Setting | Comment |
---|---|---|
Do not allow Outlook object model scripts to run for public folders | Enabled | |
Do not allow Outlook object model scripts to run for shared folders | Enabled | |
Use Unicode format when dragging e-mail message to file system | Disabled |
Policy | Setting | Comment | ||||
---|---|---|---|---|---|---|
Allow Active X One Off Forms | Enabled | |||||
| ||||||
Policy | Setting | Comment | ||||
Prevent users from customizing attachment security settings | Enabled |
Policy | Setting | Comment |
---|---|---|
Include Internet in Safe Zones for Automatic Picture Download | Disabled |
Policy | Setting | Comment | ||
---|---|---|---|---|
Do not display 'Publish to GAL' button | Enabled | |||
Minimum encryption settings | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Signature Warning | Enabled | |||
|
Policy | Setting | Comment | ||
---|---|---|---|---|
Retrieving CRLs (Certificate Revocation Lists) | Enabled | |||
|
Policy | Setting | Comment | ||
---|---|---|---|---|
Outlook Security Mode | Enabled | |||
|
Policy | Setting | Comment |
---|---|---|
Allow users to demote attachments to Level 2 | Disabled | |
Display Level 1 attachments | Disabled | |
Remove file extensions blocked as Level 1 | Disabled | |
Remove file extensions blocked as Level 2 | Disabled |
Policy | Setting | Comment | ||
---|---|---|---|---|
Allow scripts in one-off Outlook forms | Disabled | |||
Set Outlook object model custom actions execution prompt | Enabled | |||
|
Policy | Setting | Comment | ||
---|---|---|---|---|
Configure Outlook object model prompt when accessing an address book | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Configure Outlook object model prompt When accessing the Formula property of a UserProperty object | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Configure Outlook object model prompt when executing Save As | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Configure Outlook object model prompt when reading address information | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Configure Outlook object model prompt when responding to meeting and task requests | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Configure Outlook object model prompt when sending mail | Enabled | |||
|
Policy | Setting | Comment | ||
---|---|---|---|---|
Allow hyperlinks in suspected phishing e-mail messages | Disabled | |||
Security setting for macros | Enabled | |||
|
Policy | Setting | Comment | ||
---|---|---|---|---|
Run Programs | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Scan encrypted macros in PowerPoint Open XML presentations | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Turn off file validation | Disabled |
Policy | Setting | Comment | ||||||||
---|---|---|---|---|---|---|---|---|---|---|
Block macros from running in Office files from the internet | Enabled | |||||||||
Disable Trust Bar Notification for unsigned application add-ins and block them | Enabled | |||||||||
VBA Macro Notification Settings | Enabled | |||||||||
|
Policy | Setting | Comment | ||
---|---|---|---|---|
PowerPoint 97-2003 presentations, shows, templates and add-in files | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Set default file block behavior | Enabled | |||
|
Policy | Setting | Comment | ||||
---|---|---|---|---|---|---|
Do not open files from the internet zone in Protected View | Disabled | |||||
Do not open files in unsafe locations in Protected View | Disabled | |||||
Set document behavior if file validation fails | Enabled | |||||
| ||||||
Policy | Setting | Comment | ||||
Turn off Protected View for attachments opened from Outlook | Disabled |
Policy | Setting | Comment |
---|---|---|
Allow Trusted Locations on the network | Disabled |
Policy | Setting | Comment | ||
---|---|---|---|---|
Allow Trusted Locations on the network | Disabled | |||
Disable Trust Bar Notification for unsigned application add-ins and block them | Enabled | |||
VBA Macro Notification Settings | Enabled | |||
|
Policy | Setting | Comment | ||
---|---|---|---|---|
Publisher Automation Security Level | Enabled | |||
|
Policy | Setting | Comment | ||||||||
---|---|---|---|---|---|---|---|---|---|---|
Disable Trust Bar Notification for unsigned application add-ins and block them | Enabled | |||||||||
VBA Macro Notification Settings | Enabled | |||||||||
|
Policy | Setting | Comment | ||||||||
---|---|---|---|---|---|---|---|---|---|---|
Allow Trusted Locations on the network | Disabled | |||||||||
Block macros from running in Office files from the internet | Enabled | |||||||||
Disable Trust Bar Notification for unsigned application add-ins and block them | Enabled | |||||||||
VBA Macro Notification Settings | Enabled | |||||||||
|
Policy | Setting | Comment | ||
---|---|---|---|---|
Visio 2000-2002 Binary Drawings, Templates and Stencils | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Visio 2003-2010 Binary Drawings, Templates and Stencils | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Visio 5.0 or earlier Binary Drawings, Templates and Stencils | Enabled | |||
|
Policy | Setting | Comment |
---|---|---|
Turn off file validation | Disabled |
Policy | Setting | Comment | ||||||||
---|---|---|---|---|---|---|---|---|---|---|
Block macros from running in Office files from the internet | Enabled | |||||||||
Disable Trust Bar Notification for unsigned application add-ins and block them | Enabled | |||||||||
Scan encrypted macros in Word Open XML documents | Enabled | |||||||||
| ||||||||||
Policy | Setting | Comment | ||||||||
VBA Macro Notification Settings | Enabled | |||||||||
|
Policy | Setting | Comment | ||
---|---|---|---|---|
Set default file block behavior | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Word 2 and earlier binary documents and templates | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Word 2000 binary documents and templates | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Word 2003 binary documents and templates | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Word 2007 and later binary documents and templates | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Word 6.0 binary documents and templates | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Word 95 binary documents and templates | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Word 97 binary documents and templates | Enabled | |||
| ||||
Policy | Setting | Comment | ||
Word XP binary documents and templates | Enabled | |||
|
Policy | Setting | Comment | ||||
---|---|---|---|---|---|---|
Do not open files from the internet zone in Protected View | Disabled | |||||
Do not open files in unsafe locations in Protected View | Disabled | |||||
Set document behavior if file validation fails | Enabled | |||||
| ||||||
Policy | Setting | Comment | ||||
Turn off Protected View for attachments opened from Outlook | Disabled |
Policy | Setting | Comment |
---|---|---|
Allow Trusted Locations on the network | Disabled |