I have written an ATL control to be embedded in the web page. The control will perform some file operation on the client's machine. Since IE's default security setting will not run a control that is not signed, I obtained a digital signiture from VeriSign and signed my control. Now when the user goes to the webpage, a message box will come up saying that the control is signed by my company and asks the user whether he wants to run the control. This is great. But when the user clicks "Yes" to run the control, another message box comes up and saying the current browser security setting does not allow a control that is unsafe to run. What does it mean? I thought by signing the control and user acceptance, any control should be able to run under the default security settings? Did I miss anything?