ActiveX Qs for corporate network admins

A company is rewriting a piece of business software as a web application for clients lacking the server capabilities to host the current version. The web version would use an ActiveX control. They have informally talked to me about the project and are asking about typical Internet Explorer security policies on corporate networks. If the Internet security setting is High or customised to block them, ActiveX controls will pose problems. Medium is OK as the control is signed.

Would any of you corporate net admins care to say what level you set IE security to on users’ computers? Do you let users modify these settings?
Thanks

Never mind settings on Internet Explorer, ActiveX controls (and Java) are flat-out blocked by our firewall.

We have it set on “High” and we enforce that through Group Policy, so general users cannot change that setting.

Bear in mind too that if the users are not running as “admin” they won’t be able to install Active-X controls. This is rarely an issue, though, as, unfortunately, most users habitually run as “admin”.

In school, admin permissions were a pain at the computer labs. Only one set of computers could run the programs we wrote. :smack:

Thanks for that. So, with most of you tending to block ActiveX controls by default, do you have any procedure to let users run them if necessarily, or is it just tough luck?

Thanks for that. So, with most of you tending to block ActiveX controls by default, do you have any procedure to let users run them if necessary, or is it just tough luck?

We too block users from installing ActiveX stuff, but if it’s deemed important by the execs, I’ll install it for them.

This is generally limited to a few bank/payroll websites that our accounting department uses (or anything the execs want).

How would you go about allowing a particular control to be run?

One idea we were thinking of was to ask admins to add the relevant server to Internet Explorer’s list of trusted sites. Is that the sort of thing that would be convenient to do for multiple computers on the network?

Puggyfish, are you talking about running this application over the internet or on a company intranet (behind a firewall)? The answer to this may well influence the IT bigwigs in their decision.

Primarily this question is about an internet version. The existing version is an intranet version as such, although it may be rewritten to share more components with the internet version and may need to consider similar problems.

As you say, this difference affects security issues, but the problems are expected to be smaller with the intranet version. Hence, this thread is looking to tackle the difficult version first.

So, has anyone got any standard procedures for allowing ActiveX controls to be run from the Internet on their corporate network?

Not in my case, because the control is blocked at the firewall. If it had to be managed on a per-computer basis, it would be a nightmare.

Umm… You do have a firewall, don’t you?

Invest in a decent firewall and proxy server that will take care of this for you.