Hello (reposting again since I got NO answers)

I'm testing the ActiveX Installer Service (AxIS) and I'm not getting this to
work correctly. I'm currently testing this on a Windows Vista Ultimate
computer member of an Windows Server 2003 SP2 Active Directory domain.

This is what I did:
1. Installed the ActiveX Installer Service on the Vista computer.

2. Configured to ActiveX Installer service to automatic startup and started
the service.

3. Configured a GPO for this computer, configured the "Approved Installation
Sites for ActiveX Controls" setting under \Computer Configuration\Windows
Components\ActiveX Installer Service. I added the following sites:
http://download.macromedia.com
http://fpdownload.macromedia.com
http://fpdownload2.macromedia.com

I used the value 2,2,2,0.

4. I logon with a Domain User account, open IE and navigates to a web page
where I know I will be asked for Shockwave Player.


What happens is that I get a prompt to press OK to run an ActiveX control.
Then I get the "The website wants to install the following..." on the IE
information bar. If proceed I get prompted again and then I get the UAC
prompt for credentials. (The UAC settings are default, they are not changed).

When I logon with an admin account and check the Application Log I see an
event 4097 AxInstallService with the details:
Attempt to install control
http://download.macromedia.com/pub/s...swdir8d204.cab
failed. The host URL http://download.macromedia.com is not in policy.

Of course this is incorrect as I know the URL is configured in the GPO
applied to the computer, RSOP aslo confirms that.


What is going on? Thanks!

/Ragnar

If you get an elevation prompt, something is not working. The whole idea of
AX Installer Service is that you don't get that.

You did enable the ActiveX Installer Service first right? That service is
not running by default.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20


"Ragnar" wrote:

> Hello (reposting again since I got NO answers)
>
> I'm testing the ActiveX Installer Service (AxIS) and I'm not getting this to
> work correctly. I'm currently testing this on a Windows Vista Ultimate
> computer member of an Windows Server 2003 SP2 Active Directory domain.
>
> This is what I did:
> 1. Installed the ActiveX Installer Service on the Vista computer.
>
> 2. Configured to ActiveX Installer service to automatic startup and started
> the service.
>
> 3. Configured a GPO for this computer, configured the "Approved Installation
> Sites for ActiveX Controls" setting under \Computer Configuration\Windows
> Components\ActiveX Installer Service. I added the following sites:
> http://download.macromedia.com
> http://fpdownload.macromedia.com
> http://fpdownload2.macromedia.com
>
> I used the value 2,2,2,0.
>
> 4. I logon with a Domain User account, open IE and navigates to a web page
> where I know I will be asked for Shockwave Player.
>
>
> What happens is that I get a prompt to press OK to run an ActiveX control.
> Then I get the "The website wants to install the following..." on the IE
> information bar. If proceed I get prompted again and then I get the UAC
> prompt for credentials. (The UAC settings are default, they are not changed).
>
> When I logon with an admin account and check the Application Log I see an
> event 4097 AxInstallService with the details:
> Attempt to install control
> http://download.macromedia.com/pub/s...swdir8d204.cab
> failed. The host URL http://download.macromedia.com is not in policy.
>
> Of course this is incorrect as I know the URL is configured in the GPO
> applied to the computer, RSOP aslo confirms that.
>
>
> What is going on? Thanks!
>
> /Ragnar

If you read my post I wrote that I have installed the ActiveX Installer
service and I also list what GPO settings I have configured.

/Ragnar

"Jesper" wrote:

> If you get an elevation prompt, something is not working. The whole idea of
> AX Installer Service is that you don't get that.
>
> You did enable the ActiveX Installer Service first right? That service is
> not running by default.
> ---
> Your question may already be answered in Windows Vista Security:
> http://www.amazon.com/gp/product/047...otectyourwi-20
>
>
> "Ragnar" wrote:
>
> > Hello (reposting again since I got NO answers)
> >
> > I'm testing the ActiveX Installer Service (AxIS) and I'm not getting this to
> > work correctly. I'm currently testing this on a Windows Vista Ultimate
> > computer member of an Windows Server 2003 SP2 Active Directory domain.
> >
> > This is what I did:
> > 1. Installed the ActiveX Installer Service on the Vista computer.
> >
> > 2. Configured to ActiveX Installer service to automatic startup and started
> > the service.
> >
> > 3. Configured a GPO for this computer, configured the "Approved Installation
> > Sites for ActiveX Controls" setting under \Computer Configuration\Windows
> > Components\ActiveX Installer Service. I added the following sites:
> > http://download.macromedia.com
> > http://fpdownload.macromedia.com
> > http://fpdownload2.macromedia.com
> >
> > I used the value 2,2,2,0.
> >
> > 4. I logon with a Domain User account, open IE and navigates to a web page
> > where I know I will be asked for Shockwave Player.
> >
> >
> > What happens is that I get a prompt to press OK to run an ActiveX control.
> > Then I get the "The website wants to install the following..." on the IE
> > information bar. If proceed I get prompted again and then I get the UAC
> > prompt for credentials. (The UAC settings are default, they are not changed).
> >
> > When I logon with an admin account and check the Application Log I see an
> > event 4097 AxInstallService with the details:
> > Attempt to install control
> > http://download.macromedia.com/pub/s...swdir8d204.cab
> > failed. The host URL http://download.macromedia.com is not in policy.
> >
> > Of course this is incorrect as I know the URL is configured in the GPO
> > applied to the computer, RSOP aslo confirms that.
> >
> >
> > What is going on? Thanks!
> >
> > /Ragnar

I did read your post. Installing the service does not _enable_ the service.
You need to do that too.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20


"Ragnar" wrote:

> If you read my post I wrote that I have installed the ActiveX Installer
> service and I also list what GPO settings I have configured.
>
> /Ragnar
>
> "Jesper" wrote:
>
> > If you get an elevation prompt, something is not working. The whole idea of
> > AX Installer Service is that you don't get that.
> >
> > You did enable the ActiveX Installer Service first right? That service is
> > not running by default.
> > ---
> > Your question may already be answered in Windows Vista Security:
> > http://www.amazon.com/gp/product/047...otectyourwi-20
> >
> >
> > "Ragnar" wrote:
> >
> > > Hello (reposting again since I got NO answers)
> > >
> > > I'm testing the ActiveX Installer Service (AxIS) and I'm not getting this to
> > > work correctly. I'm currently testing this on a Windows Vista Ultimate
> > > computer member of an Windows Server 2003 SP2 Active Directory domain.
> > >
> > > This is what I did:
> > > 1. Installed the ActiveX Installer Service on the Vista computer.
> > >
> > > 2. Configured to ActiveX Installer service to automatic startup and started
> > > the service.
> > >
> > > 3. Configured a GPO for this computer, configured the "Approved Installation
> > > Sites for ActiveX Controls" setting under \Computer Configuration\Windows
> > > Components\ActiveX Installer Service. I added the following sites:
> > > http://download.macromedia.com
> > > http://fpdownload.macromedia.com
> > > http://fpdownload2.macromedia.com
> > >
> > > I used the value 2,2,2,0.
> > >
> > > 4. I logon with a Domain User account, open IE and navigates to a web page
> > > where I know I will be asked for Shockwave Player.
> > >
> > >
> > > What happens is that I get a prompt to press OK to run an ActiveX control.
> > > Then I get the "The website wants to install the following..." on the IE
> > > information bar. If proceed I get prompted again and then I get the UAC
> > > prompt for credentials. (The UAC settings are default, they are not changed).
> > >
> > > When I logon with an admin account and check the Application Log I see an
> > > event 4097 AxInstallService with the details:
> > > Attempt to install control
> > > http://download.macromedia.com/pub/s...swdir8d204.cab
> > > failed. The host URL http://download.macromedia.com is not in policy.
> > >
> > > Of course this is incorrect as I know the URL is configured in the GPO
> > > applied to the computer, RSOP aslo confirms that.
> > >
> > >
> > > What is going on? Thanks!
> > >
> > > /Ragnar

Never mind, I did miss that. I saw that you configured the GPO, but missed
that you started it. Sorry.

Try using 2,2,2,0 as the settings and see if that works. There may be
something in the 2,0,0,0 settings that causes it to fail.

---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20


"Ragnar" wrote:

> If you read my post I wrote that I have installed the ActiveX Installer
> service and I also list what GPO settings I have configured.
>
> /Ragnar
>
> "Jesper" wrote:
>
> > If you get an elevation prompt, something is not working. The whole idea of
> > AX Installer Service is that you don't get that.
> >
> > You did enable the ActiveX Installer Service first right? That service is
> > not running by default.
> > ---
> > Your question may already be answered in Windows Vista Security:
> > http://www.amazon.com/gp/product/047...otectyourwi-20
> >
> >
> > "Ragnar" wrote:
> >
> > > Hello (reposting again since I got NO answers)
> > >
> > > I'm testing the ActiveX Installer Service (AxIS) and I'm not getting this to
> > > work correctly. I'm currently testing this on a Windows Vista Ultimate
> > > computer member of an Windows Server 2003 SP2 Active Directory domain.
> > >
> > > This is what I did:
> > > 1. Installed the ActiveX Installer Service on the Vista computer.
> > >
> > > 2. Configured to ActiveX Installer service to automatic startup and started
> > > the service.
> > >
> > > 3. Configured a GPO for this computer, configured the "Approved Installation
> > > Sites for ActiveX Controls" setting under \Computer Configuration\Windows
> > > Components\ActiveX Installer Service. I added the following sites:
> > > http://download.macromedia.com
> > > http://fpdownload.macromedia.com
> > > http://fpdownload2.macromedia.com
> > >
> > > I used the value 2,2,2,0.
> > >
> > > 4. I logon with a Domain User account, open IE and navigates to a web page
> > > where I know I will be asked for Shockwave Player.
> > >
> > >
> > > What happens is that I get a prompt to press OK to run an ActiveX control.
> > > Then I get the "The website wants to install the following..." on the IE
> > > information bar. If proceed I get prompted again and then I get the UAC
> > > prompt for credentials. (The UAC settings are default, they are not changed).
> > >
> > > When I logon with an admin account and check the Application Log I see an
> > > event 4097 AxInstallService with the details:
> > > Attempt to install control
> > > http://download.macromedia.com/pub/s...swdir8d204.cab
> > > failed. The host URL http://download.macromedia.com is not in policy.
> > >
> > > Of course this is incorrect as I know the URL is configured in the GPO
> > > applied to the computer, RSOP aslo confirms that.
> > >
> > >
> > > What is going on? Thanks!
> > >
> > > /Ragnar

I have installed the service, I have configured the service to auto and
started it and I have configured the GPO settings.

Are you refering to any other required steps? The link you provided is a
book on amazon. Do you recommend this book?

/Ragnar

"Jesper" wrote:

> I did read your post. Installing the service does not _enable_ the service.
> You need to do that too.
> ---
> Your question may already be answered in Windows Vista Security:
> http://www.amazon.com/gp/product/047...otectyourwi-20
>
>
> "Ragnar" wrote:
>
> > If you read my post I wrote that I have installed the ActiveX Installer
> > service and I also list what GPO settings I have configured.
> >
> > /Ragnar
> >
> > "Jesper" wrote:
> >
> > > If you get an elevation prompt, something is not working. The whole idea of
> > > AX Installer Service is that you don't get that.
> > >
> > > You did enable the ActiveX Installer Service first right? That service is
> > > not running by default.
> > > ---
> > > Your question may already be answered in Windows Vista Security:
> > > http://www.amazon.com/gp/product/047...otectyourwi-20
> > >
> > >
> > > "Ragnar" wrote:
> > >
> > > > Hello (reposting again since I got NO answers)
> > > >
> > > > I'm testing the ActiveX Installer Service (AxIS) and I'm not getting this to
> > > > work correctly. I'm currently testing this on a Windows Vista Ultimate
> > > > computer member of an Windows Server 2003 SP2 Active Directory domain.
> > > >
> > > > This is what I did:
> > > > 1. Installed the ActiveX Installer Service on the Vista computer.
> > > >
> > > > 2. Configured to ActiveX Installer service to automatic startup and started
> > > > the service.
> > > >
> > > > 3. Configured a GPO for this computer, configured the "Approved Installation
> > > > Sites for ActiveX Controls" setting under \Computer Configuration\Windows
> > > > Components\ActiveX Installer Service. I added the following sites:
> > > > http://download.macromedia.com
> > > > http://fpdownload.macromedia.com
> > > > http://fpdownload2.macromedia.com
> > > >
> > > > I used the value 2,2,2,0.
> > > >
> > > > 4. I logon with a Domain User account, open IE and navigates to a web page
> > > > where I know I will be asked for Shockwave Player.
> > > >
> > > >
> > > > What happens is that I get a prompt to press OK to run an ActiveX control.
> > > > Then I get the "The website wants to install the following..." on the IE
> > > > information bar. If proceed I get prompted again and then I get the UAC
> > > > prompt for credentials. (The UAC settings are default, they are not changed).
> > > >
> > > > When I logon with an admin account and check the Application Log I see an
> > > > event 4097 AxInstallService with the details:
> > > > Attempt to install control
> > > > http://download.macromedia.com/pub/s...swdir8d204.cab
> > > > failed. The host URL http://download.macromedia.com is not in policy.
> > > >
> > > > Of course this is incorrect as I know the URL is configured in the GPO
> > > > applied to the computer, RSOP aslo confirms that.
> > > >
> > > >
> > > > What is going on? Thanks!
> > > >
> > > > /Ragnar

On Wed, 26 Sep 2007 03:32:03 -0700, Ragnar wrote:

> Do you recommend this book?

You might want to check the author of the book, that should answer your
question.
I certainly recommend the book.
--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
A CONS is an object which cares. -- Bernie Greenberg

I was using the 2,2,2,0 configuration not 2,0,0,0 so I have already tried
this setting.

However I have tried using the 2,2,1,0 setting and it worked super! I didn't
get a prompt as this setting would imply, and i still don't understand why
this is not working as documented.

Thank you for your time!

/Ragnar

"Jesper" wrote:

> Never mind, I did miss that. I saw that you configured the GPO, but missed
> that you started it. Sorry.
>
> Try using 2,2,2,0 as the settings and see if that works. There may be
> something in the 2,0,0,0 settings that causes it to fail.
>
> ---
> Your question may already be answered in Windows Vista Security:
> http://www.amazon.com/gp/product/047...otectyourwi-20
>
>
> "Ragnar" wrote:
>
> > If you read my post I wrote that I have installed the ActiveX Installer
> > service and I also list what GPO settings I have configured.
> >
> > /Ragnar
> >
> > "Jesper" wrote:
> >
> > > If you get an elevation prompt, something is not working. The whole idea of
> > > AX Installer Service is that you don't get that.
> > >
> > > You did enable the ActiveX Installer Service first right? That service is
> > > not running by default.
> > > ---
> > > Your question may already be answered in Windows Vista Security:
> > > http://www.amazon.com/gp/product/047...otectyourwi-20
> > >
> > >
> > > "Ragnar" wrote:
> > >
> > > > Hello (reposting again since I got NO answers)
> > > >
> > > > I'm testing the ActiveX Installer Service (AxIS) and I'm not getting this to
> > > > work correctly. I'm currently testing this on a Windows Vista Ultimate
> > > > computer member of an Windows Server 2003 SP2 Active Directory domain.
> > > >
> > > > This is what I did:
> > > > 1. Installed the ActiveX Installer Service on the Vista computer.
> > > >
> > > > 2. Configured to ActiveX Installer service to automatic startup and started
> > > > the service.
> > > >
> > > > 3. Configured a GPO for this computer, configured the "Approved Installation
> > > > Sites for ActiveX Controls" setting under \Computer Configuration\Windows
> > > > Components\ActiveX Installer Service. I added the following sites:
> > > > http://download.macromedia.com
> > > > http://fpdownload.macromedia.com
> > > > http://fpdownload2.macromedia.com
> > > >
> > > > I used the value 2,2,2,0.
> > > >
> > > > 4. I logon with a Domain User account, open IE and navigates to a web page
> > > > where I know I will be asked for Shockwave Player.
> > > >
> > > >
> > > > What happens is that I get a prompt to press OK to run an ActiveX control.
> > > > Then I get the "The website wants to install the following..." on the IE
> > > > information bar. If proceed I get prompted again and then I get the UAC
> > > > prompt for credentials. (The UAC settings are default, they are not changed).
> > > >
> > > > When I logon with an admin account and check the Application Log I see an
> > > > event 4097 AxInstallService with the details:
> > > > Attempt to install control
> > > > http://download.macromedia.com/pub/s...swdir8d204.cab
> > > > failed. The host URL http://download.macromedia.com is not in policy.
> > > >
> > > > Of course this is incorrect as I know the URL is configured in the GPO
> > > > applied to the computer, RSOP aslo confirms that.
> > > >
> > > >
> > > > What is going on? Thanks!
> > > >
> > > > /Ragnar

OK, we are getting somewhere now. 2,2,1,0 means:
* Installation behavior for controls signed with a cert chaining to a root
cert in the trusted publishers store - succeed
* Installation behavior for controls signed with an untrusted cert - prompt
* Installation behavior for unsigned controls - prompt
* How to handle HTTPS validation - fail if it does not validate AND the site
uses HTTPS.

The fourth one doesn't matter since Adobe does not use HTTPS. So, the
difference is in the third one. You said 2,2,2,0 did not work? That is
probably because 2 is not a valid value for the third setting. Unsigned
controls can't be installed silently, so the only values allowed there are 0
and 1, where 1 means prompt, and 0 means fail.

So, based on this, I would say that your problem is likely that the code
that validates the third position in the policy looks specifically for 0 or
1, and fails the install on everything else. I verified that the Shockwave
control you tried is signed properly, so that seems the most likely case.

One interesting part struck me about this: as I was looking at some of the
docs around the ActiveX Installer Service, including the TN Mag article
(http://www.microsoft.com/technet/tec.../2007/07/AxIS/), it states
the fact I mentioned above that the third value can only take on 0 or 1. That
is different from the docs I saw during the development cycle, so the Vista
book does not state that. It seems like that's something that was added
later, and, to be honest, I never tested *,*,2,*. Guess I'll have to add that
to the errata.

Oh, and yeah, I do recommend the book. :-)


---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20


"Ragnar" wrote:

> I was using the 2,2,2,0 configuration not 2,0,0,0 so I have already tried
> this setting.
>
> However I have tried using the 2,2,1,0 setting and it worked super! I didn't
> get a prompt as this setting would imply, and i still don't understand why
> this is not working as documented.
>
> Thank you for your time!
>
> /Ragnar
>
> "Jesper" wrote:
>
> > Never mind, I did miss that. I saw that you configured the GPO, but missed
> > that you started it. Sorry.
> >
> > Try using 2,2,2,0 as the settings and see if that works. There may be
> > something in the 2,0,0,0 settings that causes it to fail.
> >
> > ---
> > Your question may already be answered in Windows Vista Security:
> > http://www.amazon.com/gp/product/047...otectyourwi-20
> >
> >
> > "Ragnar" wrote:
> >
> > > If you read my post I wrote that I have installed the ActiveX Installer
> > > service and I also list what GPO settings I have configured.
> > >
> > > /Ragnar
> > >
> > > "Jesper" wrote:
> > >
> > > > If you get an elevation prompt, something is not working. The whole idea of
> > > > AX Installer Service is that you don't get that.
> > > >
> > > > You did enable the ActiveX Installer Service first right? That service is
> > > > not running by default.
> > > > ---
> > > > Your question may already be answered in Windows Vista Security:
> > > > http://www.amazon.com/gp/product/047...otectyourwi-20
> > > >
> > > >
> > > > "Ragnar" wrote:
> > > >
> > > > > Hello (reposting again since I got NO answers)
> > > > >
> > > > > I'm testing the ActiveX Installer Service (AxIS) and I'm not getting this to
> > > > > work correctly. I'm currently testing this on a Windows Vista Ultimate
> > > > > computer member of an Windows Server 2003 SP2 Active Directory domain.
> > > > >
> > > > > This is what I did:
> > > > > 1. Installed the ActiveX Installer Service on the Vista computer.
> > > > >
> > > > > 2. Configured to ActiveX Installer service to automatic startup and started
> > > > > the service.
> > > > >
> > > > > 3. Configured a GPO for this computer, configured the "Approved Installation
> > > > > Sites for ActiveX Controls" setting under \Computer Configuration\Windows
> > > > > Components\ActiveX Installer Service. I added the following sites:
> > > > > http://download.macromedia.com
> > > > > http://fpdownload.macromedia.com
> > > > > http://fpdownload2.macromedia.com
> > > > >
> > > > > I used the value 2,2,2,0.
> > > > >
> > > > > 4. I logon with a Domain User account, open IE and navigates to a web page
> > > > > where I know I will be asked for Shockwave Player.
> > > > >
> > > > >
> > > > > What happens is that I get a prompt to press OK to run an ActiveX control.
> > > > > Then I get the "The website wants to install the following..." on the IE
> > > > > information bar. If proceed I get prompted again and then I get the UAC
> > > > > prompt for credentials. (The UAC settings are default, they are not changed).
> > > > >
> > > > > When I logon with an admin account and check the Application Log I see an
> > > > > event 4097 AxInstallService with the details:
> > > > > Attempt to install control
> > > > > http://download.macromedia.com/pub/s...swdir8d204.cab
> > > > > failed. The host URL http://download.macromedia.com is not in policy.
> > > > >
> > > > > Of course this is incorrect as I know the URL is configured in the GPO
> > > > > applied to the computer, RSOP aslo confirms that.
> > > > >
> > > > >
> > > > > What is going on? Thanks!
> > > > >
> > > > > /Ragnar

This is good stuff. Happy to get this working, not much documentation
available on this subject.

Do you happen to know how to install the ActiveX Installer Service
unattended? I can't see that i can do this using Windows System Image Manager
(to create unattended file), and I cannot find the right feautre name when
using OCSetup.

/Ragnar


"Jesper" wrote:

> OK, we are getting somewhere now. 2,2,1,0 means:
> * Installation behavior for controls signed with a cert chaining to a root
> cert in the trusted publishers store - succeed
> * Installation behavior for controls signed with an untrusted cert - prompt
> * Installation behavior for unsigned controls - prompt
> * How to handle HTTPS validation - fail if it does not validate AND the site
> uses HTTPS.
>
> The fourth one doesn't matter since Adobe does not use HTTPS. So, the
> difference is in the third one. You said 2,2,2,0 did not work? That is
> probably because 2 is not a valid value for the third setting. Unsigned
> controls can't be installed silently, so the only values allowed there are 0
> and 1, where 1 means prompt, and 0 means fail.
>
> So, based on this, I would say that your problem is likely that the code
> that validates the third position in the policy looks specifically for 0 or
> 1, and fails the install on everything else. I verified that the Shockwave
> control you tried is signed properly, so that seems the most likely case.
>
> One interesting part struck me about this: as I was looking at some of the
> docs around the ActiveX Installer Service, including the TN Mag article
> (http://www.microsoft.com/technet/tec.../2007/07/AxIS/), it states
> the fact I mentioned above that the third value can only take on 0 or 1. That
> is different from the docs I saw during the development cycle, so the Vista
> book does not state that. It seems like that's something that was added
> later, and, to be honest, I never tested *,*,2,*. Guess I'll have to add that
> to the errata.
>
> Oh, and yeah, I do recommend the book. :-)
>
>
> ---
> Your question may already be answered in Windows Vista Security:
> http://www.amazon.com/gp/product/047...otectyourwi-20
>
>
> "Ragnar" wrote:
>
> > I was using the 2,2,2,0 configuration not 2,0,0,0 so I have already tried
> > this setting.
> >
> > However I have tried using the 2,2,1,0 setting and it worked super! I didn't
> > get a prompt as this setting would imply, and i still don't understand why
> > this is not working as documented.
> >
> > Thank you for your time!
> >
> > /Ragnar
> >
> > "Jesper" wrote:
> >
> > > Never mind, I did miss that. I saw that you configured the GPO, but missed
> > > that you started it. Sorry.
> > >
> > > Try using 2,2,2,0 as the settings and see if that works. There may be
> > > something in the 2,0,0,0 settings that causes it to fail.
> > >
> > > ---
> > > Your question may already be answered in Windows Vista Security:
> > > http://www.amazon.com/gp/product/047...otectyourwi-20
> > >
> > >
> > > "Ragnar" wrote:
> > >
> > > > If you read my post I wrote that I have installed the ActiveX Installer
> > > > service and I also list what GPO settings I have configured.
> > > >
> > > > /Ragnar
> > > >
> > > > "Jesper" wrote:
> > > >
> > > > > If you get an elevation prompt, something is not working. The whole idea of
> > > > > AX Installer Service is that you don't get that.
> > > > >
> > > > > You did enable the ActiveX Installer Service first right? That service is
> > > > > not running by default.
> > > > > ---
> > > > > Your question may already be answered in Windows Vista Security:
> > > > > http://www.amazon.com/gp/product/047...otectyourwi-20
> > > > >
> > > > >
> > > > > "Ragnar" wrote:
> > > > >
> > > > > > Hello (reposting again since I got NO answers)
> > > > > >
> > > > > > I'm testing the ActiveX Installer Service (AxIS) and I'm not getting this to
> > > > > > work correctly. I'm currently testing this on a Windows Vista Ultimate
> > > > > > computer member of an Windows Server 2003 SP2 Active Directory domain.
> > > > > >
> > > > > > This is what I did:
> > > > > > 1. Installed the ActiveX Installer Service on the Vista computer.
> > > > > >
> > > > > > 2. Configured to ActiveX Installer service to automatic startup and started
> > > > > > the service.
> > > > > >
> > > > > > 3. Configured a GPO for this computer, configured the "Approved Installation
> > > > > > Sites for ActiveX Controls" setting under \Computer Configuration\Windows
> > > > > > Components\ActiveX Installer Service. I added the following sites:
> > > > > > http://download.macromedia.com
> > > > > > http://fpdownload.macromedia.com
> > > > > > http://fpdownload2.macromedia.com
> > > > > >
> > > > > > I used the value 2,2,2,0.
> > > > > >
> > > > > > 4. I logon with a Domain User account, open IE and navigates to a web page
> > > > > > where I know I will be asked for Shockwave Player.
> > > > > >
> > > > > >
> > > > > > What happens is that I get a prompt to press OK to run an ActiveX control.
> > > > > > Then I get the "The website wants to install the following..." on the IE
> > > > > > information bar. If proceed I get prompted again and then I get the UAC
> > > > > > prompt for credentials. (The UAC settings are default, they are not changed).
> > > > > >
> > > > > > When I logon with an admin account and check the Application Log I see an
> > > > > > event 4097 AxInstallService with the details:
> > > > > > Attempt to install control
> > > > > > http://download.macromedia.com/pub/s...swdir8d204.cab
> > > > > > failed. The host URL http://download.macromedia.com is not in policy.
> > > > > >
> > > > > > Of course this is incorrect as I know the URL is configured in the GPO
> > > > > > applied to the computer, RSOP aslo confirms that.
> > > > > >
> > > > > >
> > > > > > What is going on? Thanks!
> > > > > >
> > > > > > /Ragnar