T
Tom Baxter
Hi everyone,
I have an XP Pro SP2 machine that will be shared by several family members
and I have a few questions about Group Policies. Active Directory is not
involved here.
In the Group Policy Editor (gpedit.msc) I want to turn off IE's prompt to
download ActiveX Controls. The setting for this is at:
User Configuration
Administrative Templates
Windows Components
Internet Explorer
Security Features
Restrict ActiveX Install
Internet Explorer Process = Enabled
After setting this policy I log off and then log back on but I am still able
to download an ActiveX component (Acrobate Reader, for example). It seems the
GP setting is not taking affect. Any ideas why?
A follow up question is this: My understanding is that, contrary to the
name, "User Configuration" policies apply to *all* users, not individual
users. So, setting the poilicy for one user account affects *all* accounts on
the machine. If this is true, why does the Group Policy editor have separate
sections for "User Configuration" and "System Configuration"?
Perhaps it *is* possible to specify separate policies for different
accounts. This is ultimately what I want to do. I have an idea on how to do
this (by copying .pol files and invoking gpupdate.exe) but the fact that
ActiveX installations cannot be turned off is stopping me dead in my tracks.
Thanks much.
I have an XP Pro SP2 machine that will be shared by several family members
and I have a few questions about Group Policies. Active Directory is not
involved here.
In the Group Policy Editor (gpedit.msc) I want to turn off IE's prompt to
download ActiveX Controls. The setting for this is at:
User Configuration
Administrative Templates
Windows Components
Internet Explorer
Security Features
Restrict ActiveX Install
Internet Explorer Process = Enabled
After setting this policy I log off and then log back on but I am still able
to download an ActiveX component (Acrobate Reader, for example). It seems the
GP setting is not taking affect. Any ideas why?
A follow up question is this: My understanding is that, contrary to the
name, "User Configuration" policies apply to *all* users, not individual
users. So, setting the poilicy for one user account affects *all* accounts on
the machine. If this is true, why does the Group Policy editor have separate
sections for "User Configuration" and "System Configuration"?
Perhaps it *is* possible to specify separate policies for different
accounts. This is ultimately what I want to do. I have an idea on how to do
this (by copying .pol files and invoking gpupdate.exe) but the fact that
ActiveX installations cannot be turned off is stopping me dead in my tracks.
Thanks much.