Non-admins and ActiveX controls
ActiveX controls are self-registering COM objects that can provide users of Internet Explorer with an interactive experience when they access websites. In some environments where ActiveX controls provide functionality for certain websites, users may need to install the ActiveX controls in order to access functionality on these pages. The problem is, by default standard users don't have permission to install ActiveX controls on their computers. If the best practice for most business environments is for users to be standard users on their PCs and not local admins, then how can you enable standard users to install ActiveX controls on their PCs?
1. Use the ActiveX Installer Service (AXIS) which allows IT to use Group Policy to deploy and manage ActiveX controls packged as .cab files. For more information see
2. Mark the control as a per-user ActiveX. This is done by adding InstallScope=machine to the INF file for the .cab file of the ActiveX control you are deploying. For more info see
Mitch Tulloch is a seven-time recipient of the Microsoft Most Valuable Professional (MVP) award and widely recognized expert on Windows administration, deployment and virtualization. For more tips by Mitch you can follow him on Twitter or friend him on Facebook.