USGCB IE8 profile remediation implications

The USGCB Internet Explorer (IE) security recommendations cover security settings that disallow a user from making changes to IE configuration.

ESRS can remediate these configuration settings. However ESRS does not manage IE configuration, and to our knowledge there is no product functionality available on the SMP that does allow management of IE configuration. Examples include Security Zones and ActiveX component configurations.

This functionality is available in Active Directory Group Policy.

As such USGCB IE8 remediations may make IE locked down such that access to content such as the SMP or Arellia console unaccessible without Group Policy management.

If this occurs it is reversable via deleting the following registry keys:

  • HKLM\Software\Policies\Microsoft\Internet Explorer
  • HKLM\Software\Policies\Microsoft\Windows\Current Version\Internet Settings