none
enable ActiveX for one particular site through GPO RRS feed

  • Question

  • Hi,

    I need to provide seamless experience for accessing
    WebSite that requires ActiveX.
    Did some search.... and created GPO. But it
    not works.

    1. Allowed ActiveX for the required site on test
    computer.

    2. In Add-Ons of Browser found the name of needed
    Add-on.

    3. In C:\Windows\Downloaded Program Files found files with the
    Add-on name:
    dll and inf. In inf file
    found:
    [CryptoHelperATL.dll]
    file-win32-x86=thiscab
    clsid={8BD32365-35F1-XXXX-XXXX-XXXXXXXXX}

    FileVersion=5,0,0,0
    RegisterServer=yes
    ; end of INF file

    4.
    created GPO:

    USER: Administrative Templates\Windows Components\Internet
    Explorer/Security Features\Add-On Manager
    In Add-on List Setting entered
    clsid for the Value Name (8BD32365-35F1-XXXX-XXXX-XXXXXXXXX} and 1 for the
    Value.

    5. Policy was applied to newly logged in User, but when accessed
    the site the prompt for Allowing ActiveX popped up.

    What I am missing?

    Thanks.


    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

    Tuesday, February 24, 2015 9:44 PM

Answers

  • after reading couple of long blogs from 2010 to 2014 on suggestions and impacts of enabling ActiveX/using Trusted Zone I finally found the solution that works just fine and is granular without any impact on other user IE settings and security issues.

    One ActiveX allowed for trusted domain.

    https://msdn.microsoft.com/en-us/lib...or=-2147217396

    I didn't use a script. But used the concept and created GPO with the registry setting.


    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

    Thursday, February 26, 2015 4:29 PM

All replies