Premkumar Yogeswaran's Blog

Active Directory | PowerShell | DNS | DHCP | Exchange Server | VM Ware

Configuring trusted website and activex settings for IE using Group Policy

Posted by Premkumar Yogeswaran on March 1, 2013


Adding a trusted website for IE7 or Vista and later versions is different from the adding trusted website for XP and windows 2000, if you are having Vista and later versions in you your environment then you have to follow the below procedure to add the trusted sites and configure the active x settings.

We need to edit the respective policy to configure trusted site and active x settings for IE7 or Vista and later versions

Note: This change needs to be done from Vista system.

Following two changes needs to be done depends on the requirement

• Trusted Sites Configuration
• ActiveXInstallation Approval

To configure intranet website, need to change the “ActiveX Installation Approval”

To configure internet website, both the changed needs to be done. (Trusted Sites Configuration & ActiveX Installation Approval)

How to configure a trusted website

This configuration will only address security zone settings. The Trusted Security Zone configuration will be close to the settings defined as part of the Intranet Zone Security Settings.

This policy will not address any ActiveX Installation approval. A specific policy exists under Vista to manage specific approvals for ActiveX controls, I will discuss this later on this article

Configured trusted sites:

1. Open GPMC and edit the respective policy

2. Navigate to “User Configuration->Policies->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page” and open “Site to Zone Assignment List” entry (enable it if this is the first time) and click on the Show Button:

3. Then Add the concerned WEB Sites

a. Enter the name of the item to be added: http://www.myTrustedZone.com
b. Enter the value of the item to be added: 2 (Trusted Site)

4. Repeat the same steps above for any additional site.

Details about the value

Note: The value field can take the following values:
• (Value = 1) Intranet zone,
• (Value = 2) Trusted Sites zone,
• (Value = 3) Internet zone
(Value = 4) Restricted Sites zone

How to configure activex security settings

Enabling IE ActiveX installation settings for a specific URL is required for the following security zones:

• Internet Zone
• Intranet
• Trusted Zones

Configure activex security settings:

1. Open GPMC and edit the respective policy

2. Navigate to “User Configuration->Policies->Administrative Templates->Windows Components->ActiveX Installer Service” and open “Approved Installation Sites for ActiveX Controls” entry (enable it if this is the first time) and click on the Show Button:

3. Then Add the concerned WEB Sites

a. Enter the name of the item to be added: http://www.ActiveXSite.com
b. Enter the value of the item to be added: 2,2,1,0

4. Repeat the same steps above for any additional site.

Details about the value

TPSSignedControl
SignedControl
UnsignedControl
ServerCertificatePolicy

The values specify four properties: TPSSignedControl, SignedControl, UnsignedControl, and ServerCertificatePolicy. The first two properties (TPSSignedControl and SignedControl) can have one of three values: 0, 1, or 2. A value of 0 prevents the control from being installed, a value of 1 causes the user to be prompted for permission to install, and a value of 2 causes the control to be silently installed on the user’s behalf. Unsigned controls cannot be installed silently and therefore the UnsignedControl value can only be 0 or 1. Note that if no policy is specified, the default values of 2, 1, and 0 are used.

Note: Wild cards are not supported for ActiveXapproval list on IE7, don’t use the Wild cards (*.) while adding site to ActiveXapproval list add the full site address
This is only for ActiveXapproval list for trusted site list you can use the Wild cards

Using this procedure you can add trusted site, add trusted sites,add trusted sites group policy, add trusted site for all users, adding trusted sites through group policy, add activex control, adding activex controls, adding activex to ie, adding trusted site, adding trusted sites, add activex site, add activex sites, add activex control to web page

Advertisements

3 Responses to “Configuring trusted website and activex settings for IE using Group Policy”

  1. cicexpo said

    Way cool! Some very valid points! I appreciate you writing this write-up plus the rest of the website
    is extremely good.

  2. Amazing! This blog looks exactly like my old one! It’s on a totally different subject
    but it has pretty much the same page layout and design.
    Wonderful choice of colors!

  3. Hey there would you mind letting me know which
    web host you’re working with? I’ve loaded your blog in 3 completely different browsers and I must say this blog loads a lot faster then most.
    Can you suggest a good internet hosting provider at a honest price?
    Cheers, I appreciate it!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: