How can we prohibit clients to  install ActiveX in general, but not for certain Internet sites controled by Windows 2003 AD group policies

Posted on 2007-10-03
Medium Priority
Last Modified: 2013-12-08
Generally we want to prohibit the installation of ActiveX application for all clients, but for certain (Intranet & Internet) sites we want to allow it.
How can we set these rules in our general Windows 2003 AD group policy ?

Thanks for your help,
Question by:it-maintenance
  • 2
  • 2
LVL 30

Accepted Solution

LauraEHunterMVP earned 375 total points
ID: 20006247
Assuming your clients are running XP Service Pack 2, this can be controlled by specifying the GUID of the ActiveX controls that you want to allow/disallow.

Mark Minasi's October 2004 newsletter steps you through the process - you need to register on his site to view his newsletter archives but it's worth it (he doesn't sell his email rosters to SPAMmers, no really, I promise you, he doesn't) - http://www.minasi.com/nwstoc.htm

Author Comment

ID: 20014558
Hi Laura

Thanks for your solution. I have found some news and solutions, but it's not exactly they way, we wanna go.
Yes, our clients have XP Service Pack 2.

Is there a solution, where we can accept ActiveX installations (add-ons) for Internet sites and control the whole with group policies ? In VISTA I have seen, that they support this feature.
LVL 30

Expert Comment

ID: 20014612
I'm afraid I don't understand your question.  The link listed above describes the available mechanism to control ActiveX installation in Windows XP.  Vista is a more advanced operating system that has many GPO options available that are not supported by Windows XP - the setting you're describing is likely one of them.

Author Comment

ID: 20014871
The problem with the group policy setting (Computer Configuration>Administrator templates>Windows components>Internet Explorer>Security Features>Add-on Management) we block as well browser extensions, Browser helper objects, ActiveX....
We can enable (Add-on list) some IE add-on types (with CLSID), but these are to many.

Just we want to block ActiveX, but even enable it for some specific sites. Probably I haven't found the correct solution.
Thanks for your help and answer !

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question