Solved

How to deal with GPO in order to accept and install ActiveX without prompt  ?

Posted on 2015-02-05
6
114 Views
Last Modified: 2015-02-05
Hello,
We are looking for a solution - with GPO - that would accept and install activex from a list of choosen URL.

questions :  

1. is there a way to know if a GPO config needs to restart the machine, loggoff and loggin or that would be applied without any intervention not even an gpupdate as we already have notice in our tests.

2. what would be the changes to pass to GPO's ?
as an example : we would like to have activeX from microsoft installed on machines without prompt for accepting it.


thank you in advance for your help.

toshi
0
Comment
Question by:toshi_
  • 4
  • 2
6 Comments
 
LVL 4

Expert Comment

by:Praveen Kumar Bonala
ID: 40590960
1. Navigate to Administrative Tools > Group Policy Management

2.Expand Forest: Domain > Domain > Domain name >Right-Click Default Domain Policy > Edit. Group Policy Management Editor will open.

3. Decide if you want your group policy to be a Computer or User policy. The policy exists on both.

Go to either User or Computer and navigate to Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\ (Then select the zone the webpage loads from: Local Machine, Trusted-Sites, Internet)

4. Find and enable the following:

a. Download Signed ActiveX Controls Enable (Don’t select Prompt)
b. Download UnSigned ActiveX Controls Enable
0
 

Author Comment

by:toshi_
ID: 40591014
Hello Praveen
thank you for your reply.

i came across a post that did the same proposal.

I'm not confortable with the b. part of your proposal as i wuoldn't like to let the Unsigned  activex install without control. i'll be more confortable with adding domain to a list that would accept the activex.

Something that would let us add new web domains when necessary.

Do you know about a solution with sort of Whitelist ?

thank you in advance for further help.
0
 
LVL 4

Expert Comment

by:Praveen Kumar Bonala
ID: 40591053
You mean you want to add new web sites to trusted sites list.? correct me if I am wrong.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Accepted Solution

by:
Praveen Kumar Bonala earned 500 total points
ID: 40591058
0
 

Author Comment

by:toshi_
ID: 40591093
hello praveen.

yes, i'd like to add web sites (domains) to a level of security that wont ask when an activex need to be install.

If - as your example link - i add let say www.google.com to 1 which is intranet, the active x from google.com will be installed without prompting any question ?  is taht right ?

thx
toshi
0
 
LVL 4

Expert Comment

by:Praveen Kumar Bonala
ID: 40591144
Yes,
in my first answer only we have enabled to install the activex with out prompting for the trusted sites.
and in second ans. we have added sites to trusted sites.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ADFS Setup 4 40
Enforcing the Duplex printing and B&W for all employee ? 9 39
AD account Auto logoff 1 35
PowerShell: ForEach-Object Export to CSV 4 22
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question