Edit C:\Windows\PolicyDefinitions\en-US\ActiveXInstallService.adml

<?xml version="1.0" encoding="utf-8"?>

<policyDefinitionResources xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions">
  <displayName>ActiveX Installer Service</displayName>
  <description>Installs ActiveX controls from approved installation sites</description>
  <resources>
    <stringTable>
      <string id="AxInstSv">ActiveX Installer Service</string>
      <string id="AxISURLZonePolicies">Establish ActiveX installation policy for sites in Trusted zones</string>        
      <string id="AxISURLZonePolicies_explain">This policy setting controls the installation of ActiveX controls for sites in Trusted zone.

If you enable this policy setting, ActiveX controls are installed according to the settings defined by this policy setting. 
      
If you disable or do not configure this policy setting, ActiveX controls prompt the user before installation.

If the trusted site uses the HTTPS protocol, this policy setting can also control how ActiveX Installer Service responds to certificate errors. By default all HTTPS connections must supply a server certificate that passes all validation criteria. If you are aware that a trusted site has a certificate error but you want to trust it anyway you can select the certificate errors that you want to ignore. 
    
Note: This policy setting applies to all sites in Trusted zones.
</string>
      <string id="TrustedZoneDisabled">Don't install</string>
      <string id="TrustedZonePrompt">Prompt the user</string>
      <string id="TrustedZoneSilentInstall">Silently install</string>
      <string id="ApprovedActiveXInstallSites">Approved Installation Sites for ActiveX Controls</string>
      <string id="ApprovedActiveXInstallSites_explain">This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved Activex Install sites specified by host URL.

If you enable this setting, the administrator can create a list of approved ActiveX Install sites specified by host URL. 
      
If you disable or do not configure this policy setting, ActiveX controls prompt the user for administrative credentials before installation.

Note: Wild card characters cannot be used when specifying the host URLs.
</string>
    </stringTable>
    <presentationTable>
      <presentation id="AxISURLZonePolicies">
        <dropdownList refId="InstallTrustedOCX" noSort="true" defaultItem="2">Installation Policy for ActiveX control signed by trusted publisher</dropdownList>
        <dropdownList refId="InstallSignedOCX" noSort="true" defaultItem="1">Installation Policy for signed ActiveX control</dropdownList>
        <dropdownList refId="InstallUnSignedOCX" noSort="true" defaultItem="0">Installation Policy for unsigned ActiveX control</dropdownList>
        <text>Permit connection to trusted sites with the following server certificate errors.</text>
        <checkBox refId="IgnoreUnknownCA" defaultChecked="false">Unknown certifcation authority (CA)</checkBox>
        <checkBox refId="IgnoreInvalidCN" defaultChecked="false">Invalid certificate name (CN)</checkBox>
        <checkBox refId="IgnoreInvalidCertDate" defaultChecked="false">Expired certificate validation date</checkBox>
        <checkBox refId="IgnoreWrongCertUsage" defaultChecked="false">Wrong certificate usage</checkBox>
      </presentation>

<presentation id="ApprovedActiveXInstallSites">
        <listBox refId="ApprovedActiveXInstallSiteslist">Host URLs</listBox>
        <text>Contains policy for the host URL.</text>
        <text>For example </text>
        <text>HostName: http://activex.microsoft.com</text>
        <text>Value: 2,1,0,0</text>
        <text>The value for each Host URL is four settings in CSV format.</text>
        <text>Which represents "TPSSignedControl,SignedControl,UnsignedControl,ServerCertificatePolicy</text>
        <text>The three left most values in the policy control the installation of ActiveX controls based on their signature.</text>
        <text>They can be one of the following.</text>
        <text>0: ActiveX control will not be installed</text>
        <text>1: Prompt the user to install ActiveX control</text>
        <text>2: ActiveX control will be silently installed</text>
        <text>Controls signed by certificates in trusted publisher store will be silently installed </text>
        <text>Silent installation for unsigned controls is not supported</text>
        <text></text>
        <text>The right most value in the policy is a bitmasked flag</text>
        <text>The flags are used for ignoring https certificate errors.</text>
        <text>The default value is 0.</text>
        <text>Which means that the https connections must pass all security checks</text>
        <text></text>
        <text>Use the combination of the following values</text>
        <text>to ignore invalid certificate errors</text>
        <text>0x00000100  Ignore Unknown CA</text>
        <text>0x00001000  Ignore invalid CN</text>
        <text>0x00002000  Ignore invalid certificate date</text>
        <text>0x00000200  Ignore wrong certificate usage</text>
        <text></text>
        
      </presentation>
    </presentationTable>
  </resources>
</policyDefinitionResources>

Ms-Dos/Windows Unix Write backup

jsp File Browser version 1.2 by www.vonloesch.de