Non-admins and ActiveX controls

ActiveX controls are self-registering COM objects that can provide users of Internet Explorer with an interactive experience when they access websites.  In some environments where ActiveX controls provide functionality for certain websites, users may need to install the ActiveX controls in order to access functionality on these pages.  The problem is, by default standard users don’t have permission to install ActiveX controls on their computers. If the best practice for most business environments is for users to be standard users on their PCs and not local admins, then how can you enable standard users to install ActiveX controls on their PCs?

1. Use the ActiveX Installer Service (AXIS) which allows IT to use Group Policy to deploy and manage ActiveX controls packged as .cab files.  For more information see

http://technet.microsoft.com/en-us/library/ee732027(WS.10).aspx

 2. Mark the control as a per-user ActiveX.  This is done by adding InstallScope=machine to the INF file for the .cab file of the ActiveX control you are deploying. For more info see

http://msdn.microsoft.com/en-us/library/dd433049(VS.85).aspx

Mitch Tulloch is a seven-time recipient of the Microsoft Most Valuable Professional (MVP) award and widely recognized expert on Windows administration, deployment and virtualization. For more tips by Mitch you can follow him on Twitter or friend him on Facebook.

1 thought on “Non-admins and ActiveX controls”

  1. Mitch,

    Interesting notes on ActiveX – I have an issue that needs a more “creative” solution though.

    The VPN software we use for work (F5) sometimes needs to update an ActiveX control, usually after the hard drive is shealed of “junk” files. Problem is it needs Admin rights and we can’t do anything remotely for pretty obvious reasons.

    Normally I would login as admin and run the software, update the ActiveX, then allow the user back in, but logging the user out terminates the VPN connection, nd users are getting fed up with haveing to be hard wired to the network for me to corect this.

    Any thoughts or solutions (preference is using Powershell) would be most welcome.

    Jon

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top