Standard Windows 7 Users Unable to Install ActiveX
Problem:
In Windows Vista and Windows 7, standard users are unable to install ActiveX plug-ins. For Windows XP users, Arellia offers the following solution: Controlling ActiveX objects.
Solution:
The following steps will enable ActiveX to be run and installed by standard users in Windows 7.
- Run gpedit.msc as an administrator and navigate to Computer Configuration > Administrative Templates > Windows Components > ActiveX Installer Service
- Right-click Approved Installation Sites for ActiveX Controls and select Edit
- Change Approved Installation Sites for ActiveX Controls to Enabled
- Click the Show... button next to Host URLs
- Add a value name of the website containing the ActiveX installer. (Check the page source code to make sure to add the correct website of where the installer is located)
- For example:
- http://pcpitstop.com/ for this webpage http://pcpitstop.com/testax.asp
- http://www.edrawsoft.com/ for this webpage http://www.ocxt.com/wordviewer.htm
- Next to the value name in the value field, add values in this format: 2,2,1,0
- The following tables show the order that the values need to be used in the value field.
Installing ActiveX controls that have trusted publishers
This setting describes the behavior of the service when installing an ActiveX control that is signed by a certificate in the Trusted Publishers store for the computer or enterprise. Table 1 shows possible values for this setting.
Table 1: Values for installing ActiveX controls that have trusted signatures
Value | Description |
---|---|
0 | Prevents users from installing ActiveX controls that have trusted signatures. |
1 | Prompts the user before installing ActiveX controls that have trusted signatures. |
2 | Installs ActiveX controls that have trusted signatures without notifying the user. This is the default value. |
Installing signed ActiveX controls
This setting determines the behavior of the service when installing an ActiveX control that is signed by a certificate that is not in the Trusted Publishers store for the computer or enterprise.
Table 2: Values for installing signed ActiveX controls
Value | Description |
---|---|
0 | Prevents the user from installing signed ActiveX controls. |
1 | Prompts the user before installing signed ActiveX controls. This is the default value. |
2 | Installs signed ActiveX controls without notifying the user. |
Installing unsigned ActiveX controls
This setting determines the behavior of the service when installing an unsigned ActiveX control. Table 3 shows possible values for this setting.
Table 3: Values for installing unsigned ActiveX controls
Value | Description |
---|---|
0 | Prevents the user from installing unsigned ActiveX controls. This is the default value. |
1 | Installs unsigned ActiveX controls without notifying the user. |
HTTPS error exceptions
This value controls how the ActiveX Installer Service handles any errors that are detected in an HTTPS connection. By default, the ActiveX Installer Service prevents the installation of an ActiveX control if any errors are detected.
Table 4: Values for HTTPS error exceptions
Value | Description |
---|---|
0 | Specifies that the connection must pass all verification checks. |
0x00000100 | Specifies that the ActiveX Installer Service should ignore errors caused by unknown certification authorities (CAs). |
0x00001000 | Specifies that the ActiveX Installer Service should ignore errors caused by an invalid common name (CN). A CN is a naming attribute from which an object distinguished name (DN) is formed. |
0x00002000 | Specifies that the ActiveX Installer Service should ignore errors caused by a certificate's date. |
0x00000200 | Specifies that the ActiveX Installer Service should ignore errors caused by improper certificate use. |
For more information see http://technet.microsoft.com/en-us/library/dd631688(v=ws.10).aspx