Active X controls, Domain workstations, Any ideas?

[Guest]

Need some guidance on this if you don't mind...

Running a windows 2003 Domain environment. The users on the workstations
have all been Local Admins on their workstations for a while, and now I want
to revoke that and make them regular users. The goal is no installation of
unauthorized software, including unintended installs of malware.

Problem - ActiveX on websites is simply not working. I can't figure out
which GPOs to set to allow ActiveX to install/run for specific content/sites.

Question - Is there a way to use Group Policies to allow ActiveX content to
run on Trusted Sites? I see tons of settings in GP, but none seem to work.
Am I micsing something?

Thanks!

 

[Mark L. Ferguson]

Group Policy Settings Reference (Windows XP SP2 .ADM Files):
http://www.microsoft.com/downloads/...2f-da15-438d-8e48-45915cd2bc14&DisplayLang=en

Managing Windows XP Service Pack 2 Features Using Group Policy:
http://www.microsoft.com/downloads/...5f-fdbd-4c50-bdaa-96ff9f00e007&DisplayLang=en

Implementing Registry-Based Group Policy:
http://www.microsoft.com/WINDOWS2000/techinfo/howitworks/management/rbppaper.asp

My guess would be some registry setting in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

I would use one system to setup the trusted zone settings, and then export the reg file.
Something above might show you a more policy oriented way to do that.. IE with SP2 has a "Manage Add-ons" item on the Tools menu.