Author: admin

This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation. If you enable this policy setting and enter a Value of 1 automatic prompting of ActiveX control installation is blocked. If you enter a Value of 0 automatic prompting of ActiveX control installation is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting the security feature is allowed.

This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer processes. If you enable this policy setting prompting for ActiveX control installations will be blocked for Internet Explorer processes. If you disable this policy setting prompting for ActiveX control installations will not be blocked for Internet Explorer processes. If you do not configure this policy setting the user’s preference will be used to determine whether to block ActiveX control installations for Internet Explorer processes.

This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation. If you enable this policy setting the Web Browser Control will block automatic prompting of ActiveX control installation for all processes. If you disable or do not configure this policy setting the Web Browser Control will not block automatic prompting of ActiveX control installation for all processes.

Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet Intranet Local Machine zone and so on). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context. This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed. If you enable this policy setting and enter a Value of 1 elevation to more privileged zones can be prevented. If you enter a Value of 0 elevation to any zone is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting the security feature is allowed.

Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet Intranet Local Machine zone etc. ). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context. If you enable this policy setting any zone can be protected from zone elevation by Internet Explorer processes. If you disable this policy setting no zone receives such protection for Internet Explorer processes. If you do not configure this policy setting any zone can be protected from zone elevation by Internet Explorer processes.