I am not sure if this is a bug or not, but wanted to share in case it is. Does anyone else see the same thing?
The policy below is listed in both the SCM IE9 Baseline and in the IE9 Computer Security Compliance Excel report.
Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off ActiveX opt-in prompt
Default Value = Not Configured
Recommended Value = Disabled
Severity = Important
I performed the following steps:
- Exported the IE9 SCM GPO using GPO backup function in the SCM UI
- Created a blank GPO on the DC
- Imported the IE9 SCM GPO from the backup
When viewing the settings for the newly created IE9 GPO in GPMC, the policy is not listed at all. Editing the newly created IE9 GPO shows the policy as "Not Configured", which matches the Default value, but is contradictory to what SCM says the Baseline
should be.