ie 6 and 7 active X problem

hi guys,

im kinda stumped by this so i thought i should throw it out to the wider hive mind…

i need to know what options within IE will allow activeX to automaticly be installed and run. without any kind of user interaction…

im stumped…

any thoughts?

my only guess (not being an IE user at all :wink: ) would be to find the appropriate section of the registry where I assume the settings are stored.

Once you have that, you can manually set 1 machine up how you like, export it’s relevant registry entries, then push that reg key set out via AD or some other means.

Like I say though, it’s guesswork and relies on digging through the reg.

im not an Ie user normaly either. oh the joys of my companys software having IE as a requirement

I’m not entirely sure you will be able to - it’s a massive security risk to allow activeX to install without user intervention. Depending on your activeX, you could push out an MSI file to install it though :chin:


Is it possible you could turn around and say “It can’t be done” or “It can’t be done without seriously compromising the security of the affected computers and thus the core network” ? Naturally to be followed up with “It would be easier, cheaper, and SAFER to develope the application to not require active-X or use some safer implementation or the relevant security controls”.

depends in what context the question is being asked …

i.e. Self user use of I.E. (Meaning yourself)
or in a business aspect / software deployment aspect.

If it just casual day to day usage of I.e. and you what to suppress such messages from a particular site you trust… I think its a case of adding the site to the trusted zone under its security settings and modifying the list of how it should respond to an install of an active x control for the trusted zone.

I know you can kind of achieve the same thing via group policy editor …user config/windowssettings/internetexplorer maintenance/security

Then there is codesigning /digital signatures of stuff and tbh goes over my head from that point.

I was in a sort of believe that not-net application can install Activex components.

But TBH I hate all that Active-X is and I.e. in the whole is just a big banner saying Hack me… if your company is asking for a relaxation of security I’d tell to re-think.

In group policy there is an option under windows components/internet explorer called ‘manage add ons’ this allows you to specify the guid of the activex control you want to allow users to restrict seamlessly install.

Then just allow activex controls to install in the zone you want, if internet you’d be safer putting the site in the trusted sites zone (site to zone assignment list) and allow this zone to install.



i was sooo stupid and going about it all wrong…

the solution was simple…

add the sites that need to install the activeX to the trusted site list…

thanks folks :slight_smile: