StigData/Processed/Windows-All-Excel2013-1.7.xml
<DISASTIG id="Microsoft_Excel_2013" version="1.7" created="9/13/2018"> <RegistryRule dscresourcemodule="xPSDesiredStateConfiguration"> <Rule id="V-17173" severity="medium" conversionstatus="pass" title="DTOO104 - Disable user name and password" dscresource="xRegistry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2013 (Machine) -> Security Settings -> IE Security "Disable user name and password" is set to "Enabled" and a check in the 'excel.exe' check box is set to present. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE Criteria: If the value excel.exe is REG_DWORD = 1, this is not a finding.</RawString> <ValueData>1</ValueData> <ValueName>excel.exe</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17174" severity="medium" conversionstatus="pass" title="DTOO111 - Enable IE Bind to Object " dscresource="xRegistry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2013 (Machine) -> Security Settings -> IE Security "Bind to Object" is set to "Enabled" and a check in the 'excel.exe' check box is set to present. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT Criteria: If the value excel.exe is REG_DWORD = 1, this is not a finding.</RawString> <ValueData>1</ValueData> <ValueName>excel.exe</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17175" severity="medium" conversionstatus="pass" title="DTOO117 - Saved from URL" dscresource="xRegistry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2013 (Machine) -> Security Settings -> IE Security "Saved from URL" is set to "Enabled" and a check in the 'excel.exe' check box is set to present. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK Criteria: If the value excel.exe is REG_DWORD = 1, this is not a finding.</RawString> <ValueData>1</ValueData> <ValueName>excel.exe</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17183" severity="medium" conversionstatus="pass" title="DTOO123-Block Navigation to URL from Office " dscresource="xRegistry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2013 (Machine) -> Security Settings -> IE Security "Navigate URL" is set to "Enabled" and a check in the 'excel.exe' check box is set to present. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL Criteria: If the value excel.exe is REG_DWORD = 1, this is not a finding</RawString> <ValueData>1</ValueData> <ValueName>excel.exe</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17184" severity="medium" conversionstatus="pass" title="DTOO129 - Block Pop-Ups" dscresource="xRegistry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2013 (Machine) -> Security Settings -> IE Security "Block popups" is set to "Enabled" and 'excel.exe' is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT Criteria: If the value excel.exe is REG_DWORD = 1, this is not a finding.</RawString> <ValueData>1</ValueData> <ValueName>excel.exe</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17187" severity="medium" conversionstatus="pass" title="DTOO131 - Trust Bar Notifications" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center "Disable Trust Bar Notification for unsigned application add-ins and block them" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security Criteria: If the value NoTBPromptUnsignedAddin is REG_DWORD = 1, this is not a finding.</RawString> <ValueData>1</ValueData> <ValueName>NoTBPromptUnsignedAddin</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17322" severity="medium" conversionstatus="pass" title="DTOO210 - Block opening of pre-release versions " dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\software\policies\Microsoft\office\15.0\excel\security\fileblock</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Office 2013 Converters -> "Block opening of pre-release versions of file formats new to Excel 2013 through the Compatibility Pack for Office 2013 and Excel 2013 Converter" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\Microsoft\office\15.0\excel\security\fileblock Criteria: If the value excel12betafilesfromconverters is REG_DWORD = 1, this is not a finding.</RawString> <ValueData>1</ValueData> <ValueName>excel12betafilesfromconverters</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17471" severity="medium" conversionstatus="pass" title="DTOO133-Disable all trusted locations " dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security\trusted locations</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> Trusted Locations "Disable all trusted locations" is set to Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\trusted locations Criteria: If the value AllLocationsDisabled is REG_DWORD = 1, this is not a finding.</RawString> <ValueData>1</ValueData> <ValueName>AllLocationsDisabled</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17473" severity="medium" conversionstatus="pass" title="DTOO142 - Force Scan Encr. Macros in open XML" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security "Scan encrypted macros in Excel Open XML workbooks" is set to "Enabled: Scan encrypted macros (default)". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security Criteria: If the value ExcelBypassEncryptedMacroScan is REG_DWORD = 0, this is not a finding.</RawString> <ValueData>0</ValueData> <ValueName>ExcelBypassEncryptedMacroScan</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17520" severity="medium" conversionstatus="pass" title="DTOO134 - Trusted locations on computer" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security\trusted locations</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> Trusted Locations "Allow Trusted Locations on the network" is set to Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\trusted locations Criteria: If the value AllowNetworkLocations is REG_DWORD = 0, this is not a finding.</RawString> <ValueData>0</ValueData> <ValueName>AllowNetworkLocations</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17521" severity="medium" conversionstatus="pass" title="DTOO139 - Save files default format" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\options</Key> <OrganizationValueRequired>True</OrganizationValueRequired> <OrganizationValueTestString>{0} -match '0x00000033|51'</OrganizationValueTestString> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Save "default file format" is set to "Enabled (Excel Workbook *.xlsx)". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\options Criteria: If the value DefaultFormat is REG_DWORD = 0x00000033(hex) or 51 (Decimal), this is not a finding.</RawString> <ValueData /> <ValueName>DefaultFormat</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17522" severity="medium" conversionstatus="pass" title="DTOO146-Disable Trust access to VB Project Macros" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center "Trust access to Visual Basic Project" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security Criteria: If the value AccessVBOM is REG_DWORD = 0, this is not a finding.</RawString> <ValueData>0</ValueData> <ValueName>AccessVBOM</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17545" severity="medium" conversionstatus="pass" title="DTOO304 - VBA Macro Warning settings" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center "VBA Macro Notification Settings" is set to "Enabled: Disable all with notification". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security Criteria: If the value VBAWarnings is REG_DWORD = 2, this is not a finding.</RawString> <ValueData>2</ValueData> <ValueName>VBAWarnings</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17621" severity="medium" conversionstatus="pass" title="DTOO143 - Force File Extension to match type" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security "Force file extension to match file type" is set to "Enabled (Allow different, but warn)". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security Criteria: If the value ExtensionHardening is REG_DWORD = 1, this is not a finding.</RawString> <ValueData>1</ValueData> <ValueName>ExtensionHardening</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17650" severity="medium" conversionstatus="pass" title="DTOO138 - Internet and Network Path hyperlinks " dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\options</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Proofing -> Autocorrect Options "Internet and network paths as hyperlinks" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\options If the value AutoHyperlink is REG_DWORD = 0, this is not a finding.</RawString> <ValueData>0</ValueData> <ValueName>AutoHyperlink</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17652" severity="medium" conversionstatus="pass" title="DTOO140 - Disable AutoRepublish " dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\options</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Save "Disable AutoRepublish" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\options Criteria: If the value DisableAutoRepublish is REG_DWORD = 1, this is not a finding.</RawString> <ValueData>1</ValueData> <ValueName>DisableAutoRepublish</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17732" severity="medium" conversionstatus="pass" title="DTOO150 - Automatic Link Updates" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\software\policies\Microsoft\office\15.0\excel\options\binaryoptions</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel options -> Advanced -> "Ask to update automatic links" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\Microsoft\office\15.0\excel\options\binaryoptions Criteria: If the value fupdateext_78_1 is REG_DWORD = 0, this is not a finding.</RawString> <ValueData>0</ValueData> <ValueName>fupdateext_78_1</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17744" severity="medium" conversionstatus="pass" title="DTOO141 - AutoRepublish Warning Alert " dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\options</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Save "Do not show AutoRepublish warning alert" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\options Criteria: If the value DisableAutoRepublishWarning is REG_DWORD = 0, this is not a finding.</RawString> <ValueData>0</ValueData> <ValueName>DisableAutoRepublishWarning</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17751" severity="medium" conversionstatus="pass" title="DTOO152 - Load pics from Web not in Excel" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\internet</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Advanced -> Web Options -> General "Load pictures from Web pages not created in Excel" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\internet Criteria: If the value "DoNotLoadPictures" is REG_DWORD = 1, this is not a finding.</RawString> <ValueData>1</ValueData> <ValueName>DoNotLoadPictures</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17804" severity="medium" conversionstatus="pass" title="DTOO145 - Store macro in workbook " dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\options\binaryoptions</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center "Store macro in Personal Macro Workbook by default" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\options\binaryoptions Criteria: If the value fGlobalSheet_37_1 is REG_DWORD = 1, this is not a finding.</RawString> <ValueData>1</ValueData> <ValueName>fGlobalSheet_37_1</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26584" severity="medium" conversionstatus="pass" title="DTOO126 - Add-on Management" dscresource="xRegistry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2013 (Machine) -> Security Settings -> IE Security "Add-on Management" is set to Enabled" and 'excel.exe' is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT Criteria: If the value excel.exe is REG_DWORD = 1, this is not a finding.</RawString> <ValueData>1</ValueData> <ValueName>excel.exe</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26585" severity="medium" conversionstatus="pass" title="DTOO209 - Zone Elevation Protection" dscresource="xRegistry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2013 (Machine) -> Security Settings -> IE Security "Protection From Zone Elevation" is set to Enabled" and 'excel.exe' is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION Criteria: If the value excel.exe is REG_DWORD = 1, this is not a finding.</RawString> <ValueData>1</ValueData> <ValueName>excel.exe</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26586" severity="medium" conversionstatus="pass" title="DTOO211 - Restrict ActiveX Install" dscresource="xRegistry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2013 (Machine) -> Security Settings -> IE Security "Restrict ActiveX Install" is set to Enabled" and 'excel.exe' is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL Criteria: If the value excel.exe is REG_DWORD = 1, this is not a finding.</RawString> <ValueData>1</ValueData> <ValueName>excel.exe</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26587" severity="medium" conversionstatus="pass" title="DTOO132 - Restrict File Download" dscresource="xRegistry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2013 (Machine) -> Security Settings -> IE Security "Restrict File Download" is set to "Enabled" and 'excel.exe' is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD Criteria: If the value excel.exe is REG_DWORD = 1, this is not a finding.</RawString> <ValueData>1</ValueData> <ValueName>excel.exe</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26588" severity="medium" conversionstatus="pass" title="DTOO124 - Scripted Window Security" dscresource="xRegistry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for Computer Configuration -> Administrative Templates -> Microsoft Office 2013 (Machine) -> Security Settings -> IE Security "Scripted Window Security Restrictions" is set to "Enabled" and 'excel.exe' is checked. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS Criteria: If the value excel.exe is REG_DWORD = 1, this is not a finding.</RawString> <ValueData>1</ValueData> <ValueName>excel.exe</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26589" severity="medium" conversionstatus="pass" title="DTOO127 - Add-ins are signed by Trusted Publisher" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center "Require that application add-ins are signed by Trusted Publisher" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security Criteria: If the value RequireAddinSig is REG_DWORD = 1, this is not a finding.</RawString> <ValueData>1</ValueData> <ValueName>RequireAddinSig</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26592" severity="medium" conversionstatus="pass" title="DTOO119 - Turn off file validation" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security\filevalidation</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security "Turn off file validation" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\filevalidation Criteria: If the value EnableOnLoad is REG_DWORD = 1, this is not a finding.</RawString> <ValueData>1</ValueData> <ValueName>EnableOnLoad</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26595" severity="medium" conversionstatus="pass" title="DTOO122 - dBase III / IV files" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> File Block Settings "dBase III / IV files" is set to "Enabled: Open/Save blocked, use open policy". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock Criteria: If the value DBaseFiles is REG_DWORD = 2, this is not a finding.</RawString> <ValueData>2</ValueData> <ValueName>DBaseFiles</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26596" severity="medium" conversionstatus="pass" title="DTOO112 - Dif and Sylk files" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> File Block Settings "Dif and Sylk files" is set to "Enabled: Open/Save blocked, use open policy". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock Criteria: If the value DifandSylkFiles is REG_DWORD = 2, this is not a finding.</RawString> <ValueData>2</ValueData> <ValueName>DifandSylkFiles</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26597" severity="medium" conversionstatus="pass" title="DTOO113 - Macrosheets and add-in files" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> File Block Settings "Excel 2 macrosheets and add-in files" is set to "Enabled: Open/Save blocked, use open policy". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock Criteria: If the value XL2Macros is REG_DWORD = 2, this is not a finding.</RawString> <ValueData>2</ValueData> <ValueName>XL2Macros</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26598" severity="medium" conversionstatus="pass" title="DTOO114 - Excel 2 worksheets" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> File Block Settings "Excel 2 worksheets" is set to "Enabled: Open/Save blocked, use open policy". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock Criteria: If the value XL2Worksheets is REG_DWORD = 2, this is not a finding.</RawString> <ValueData>2</ValueData> <ValueName>XL2Worksheets</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26599" severity="medium" conversionstatus="pass" title="DTOO115 - Excel 3 macrosheets and add-in files" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> File Block Settings "Excel 3 macrosheets and add-in files" is set to "Enabled: Open/Save blocked, use open policy". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock Criteria: If the value XL3Macros is REG_DWORD = 2, this is not a finding.</RawString> <ValueData>2</ValueData> <ValueName>XL3Macros</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26601" severity="medium" conversionstatus="pass" title="DTOO116 - Excel 3 worksheets" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> File Block Settings "Excel 3 worksheets" is set to "Enabled: Open/Save blocked, use open policy". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock Criteria: If the value XL3Worksheets is REG_DWORD = 2, this is not a finding.</RawString> <ValueData>2</ValueData> <ValueName>XL3Worksheets</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26607" severity="medium" conversionstatus="pass" title="DTOO105 - Excel 4 macrosheets and add-in files" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> File Block Settings "Excel 4 macrosheets and add-in files" is set to "Enabled: Open/Save blocked, use open policy". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock Criteria: If the value XL4Macros is REG_DWORD = 2, this is not a finding.</RawString> <ValueData>2</ValueData> <ValueName>XL4Macros</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26608" severity="medium" conversionstatus="pass" title="DTOO106 - Excel 4 workbooks" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> File Block Settings "Excel 4 workbooks" is set to "Enabled: Open/Save blocked, use open policy". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock Criteria: If the value XL4Workbooks is REG_DWORD = 2, this is not a finding.</RawString> <ValueData>2</ValueData> <ValueName>XL4Workbooks</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26609" severity="medium" conversionstatus="pass" title="DTOO107 - Excel 4 worksheets" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> File Block Settings "Excel 4 worksheets" is set to "Enabled: Open/Save blocked, use open policy". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock Criteria: If the value XL4Worksheets is REG_DWORD = 2, this is not a finding.</RawString> <ValueData>2</ValueData> <ValueName>XL4Worksheets</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26610" severity="medium" conversionstatus="pass" title="DTOO108 - Excel 95 workbooks" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> File Block Settings "Excel 95 workbooks" is set to "Enabled: Allow editing and open in Protected View". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock Criteria: If the value XL95Workbooks is REG_DWORD = 5, this is not a finding.</RawString> <ValueData>5</ValueData> <ValueName>XL95Workbooks</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26611" severity="medium" conversionstatus="pass" title="DTOO109 - Excel 95-97 workbooks and templates" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\office\15.0\excel\security\fileblock</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> File Block Settings "Excel 95-97 workbooks and templates" is set to "Enabled: Allow editing and open in Protected View". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\office\15.0\excel\security\fileblock Criteria: If the value XL9597WorkbooksandTemplates is REG_DWORD = 5, this is not a finding.</RawString> <ValueData>5</ValueData> <ValueName>XL9597WorkbooksandTemplates</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26612" severity="medium" conversionstatus="pass" title="DTOO110 - Set default file block behavior" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> File Block Settings "Set default file block behavior" is set to "Enabled: Blocked files are not opened". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock Criteria: If the value OpenInProtectedView is REG_DWORD = 0, this is not a finding.</RawString> <ValueData>0</ValueData> <ValueName>OpenInProtectedView</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26613" severity="low" conversionstatus="pass" title="DTOO120 -Web pages and Excel 2003 XML spreadsheets" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> File Block Settings "Web pages and Excel 2003 XML spreadsheets" is set to "Enabled: Open/Save blocked, use open policy". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\fileblock Criteria: If the value HtmlandXmlssFiles is REG_DWORD = 2, this is not a finding.</RawString> <ValueData>2</ValueData> <ValueName>HtmlandXmlssFiles</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26614" severity="medium" conversionstatus="pass" title="DTOO121 - Files from the Internet zone " dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security\protectedview</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> Protected View "Do not open files from the Internet zone in Protected View" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\protectedview Criteria: If the value DisableInternetFilesInPV is REG_DWORD = 0, this is not a finding.</RawString> <ValueData>0</ValueData> <ValueName>DisableInternetFilesInPV</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26615" severity="medium" conversionstatus="pass" title="DTOO288 - Files in unsafe locations " dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security\protectedview</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> Protected View "Do not open files in unsafe locations in Protected View" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\protectedview Criteria: If the value DisableUnsafeLocationsInPV is REG_DWORD = 0, this is not a finding.</RawString> <ValueData>0</ValueData> <ValueName>DisableUnsafeLocationsInPV</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26616.a" severity="medium" conversionstatus="pass" title="DTOO292 - Set document behavior " dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security\filevalidation</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\filevalidation\OpenInProtectedView is set to REG_DWORD = 1</RawString> <ValueData>1</ValueData> <ValueName>OpenInProtectedView</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26616.b" severity="medium" conversionstatus="pass" title="DTOO292 - Set document behavior " dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security\filevalidation</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>HKCU\Software\Policies\Microsoft\Office\15.0\excel\security\filevalidation\DisableEditFromPV is set to REG_DWORD = 1, this is not a finding.</RawString> <ValueData>1</ValueData> <ValueName>DisableEditFromPV</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-26617" severity="medium" conversionstatus="pass" title="DTOO293 - Turn off Protected View for attachments" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\Excel\security\protectedview</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>The policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> Trust Center -> Protected View Turn off Protected View for attachments opened from Outlook" must be set to Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\Excel\security\protectedview Criteria: If the value DisableAttachmentsInPV is REG_DWORD = 0, this is not a finding.</RawString> <ValueData>0</ValueData> <ValueName>DisableAttachmentsInPV</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-41344" severity="medium" conversionstatus="pass" title="DTOO418 - Disable WEBSERVICE functions" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\software\policies\Microsoft\office\15.0\excel\security</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Excel Options -> Security -> " WEBSERVICE Function Notification Settings" is set to "Enabled: Disable all with notifications". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\Microsoft\office\15.0\excel\security Criteria: If the value webservicefunctionwarnings is REG_DWORD = 1, this is not a finding.</RawString> <ValueData>1</ValueData> <ValueName>webservicefunctionwarnings</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-41346" severity="medium" conversionstatus="pass" title="DTOO419 - Disallow corrupt workbook options" dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\software\policies\microsoft\office\15.0\excel\options</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2013 -> Data Recovery -> "Do not show data extraction options when opening corrupt workbooks" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\software\policies\microsoft\office\15.0\excel\options Criteria: If the value extractdatadisableui is REG_DWORD = 1, this is not a finding.</RawString> <ValueData>1</ValueData> <ValueName>extractdatadisableui</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-72831" severity="medium" conversionstatus="pass" title="DTOO600 - Macros must be blocked from running in Office 2013 files from the Internet. " dscresource="cAdministrativeTemplate"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\excel\security</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <RawString>Verify the policy value for User Configuration >> Administrative Templates >> Microsoft Excel 2013 >> Excel Options >> Security >> Trust Center "Block macros from running in Office files from the Internet" is set to "Enabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\excel\security Criteria: If the value blockcontentexecutionfrominternet is REG_DWORD = 1, this is not a finding. </RawString> <ValueData>1</ValueData> <ValueName>blockcontentexecutionfrominternet</ValueName> <ValueType>Dword</ValueType> </Rule> </RegistryRule> </DISASTIG> |