ActiveX Installer Service Installs ActiveX controls from approved installation sites ActiveX Installer Service Establish ActiveX installation policy for sites in Trusted zones This policy setting controls the installation of ActiveX controls for sites in Trusted zone. If you enable this policy setting, ActiveX controls are installed according to the settings defined by this policy setting. If you disable or do not configure this policy setting, ActiveX controls prompt the user before installation. If the trusted site uses the HTTPS protocol, this policy setting can also control how ActiveX Installer Service responds to certificate errors. By default all HTTPS connections must supply a server certificate that passes all validation criteria. If you are aware that a trusted site has a certificate error but you want to trust it anyway you can select the certificate errors that you want to ignore. Note: This policy setting applies to all sites in Trusted zones. Don't install Prompt the user Silently install Approved Installation Sites for ActiveX Controls This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved Activex Install sites specified by host URL. If you enable this setting, the administrator can create a list of approved ActiveX Install sites specified by host URL. If you disable or do not configure this policy setting, ActiveX controls prompt the user for administrative credentials before installation. Note: Wild card characters cannot be used when specifying the host URLs. Installation Policy for ActiveX control signed by trusted publisher Installation Policy for signed ActiveX control Installation Policy for unsigned ActiveX control Permit connection to trusted sites with the following server certificate errors. Unknown certifcation authority (CA) Invalid certificate name (CN) Expired certificate validation date Wrong certificate usage Host URLs Contains policy for the host URL. For example HostName: http://activex.microsoft.com Value: 2,1,0,0 The value for each Host URL is four settings in CSV format. Which represents "TPSSignedControl,SignedControl,UnsignedControl,ServerCertificatePolicy The three left most values in the policy control the installation of ActiveX controls based on their signature. They can be one of the following. 0: ActiveX control will not be installed 1: Prompt the user to install ActiveX control 2: ActiveX control will be silently installed Controls signed by certificates in trusted publisher store will be silently installed Silent installation for unsigned controls is not supported The right most value in the policy is a bitmasked flag The flags are used for ignoring https certificate errors. The default value is 0. Which means that the https connections must pass all security checks Use the combination of the following values to ignore invalid certificate errors 0x00000100 Ignore Unknown CA 0x00001000 Ignore invalid CN 0x00002000 Ignore invalid certificate date 0x00000200 Ignore wrong certificate usage