Breaking News
Loading...
» » Java was blocked because it is out of date and needs to be updated
Tuesday, 29 September 2015

Info Post

Internet Explorer begins blocking out-of-date ActiveX controls

Supported Configurations

  1. The out-of-date ActiveX control blocking feature works with:
  2. Internet Explorer 8 through Internet Explorer 11 on Windows 7 SP1 and up
  3. Internet Explorer 8 through Internet Explorer 11 on Windows Server 2008 R2 SP1 and up
  4. All Security Zones—such as the Internet Zone—but not the Local Intranet Zone and the Trusted Sites Zone
Internet Explorer 9 through Internet Explorer 11

To support these scenarios, Internet Explorer includes four new Group Policy settings that you can use to manage out-of-date ActiveX control blocking.

Logging can tell you what ActiveX controls will be allowed or flagged for warning or blocking, and for what reason. Creating an inventory of ActiveX controls can also show which ActiveX controls are compatible with Enhanced Protected Mode, an Internet Explorer 11 security feature which provides additional protection against browser exploits—but not all ActiveX controls are compatible with EPM, so this feature can help assess your organization’s readiness for blocking out-of-date ActiveX controls and enabling EPM. This Group Policy is “Turn on ActiveX control logging in Internet Explorer,” and can be used separately or in conjunction with the other three policies.

Enforced blocking prevents users from overriding the warning for out-of-control ActiveX controls. Users will not see the “Run this time” button. This Group Policy is “Remove Run this time button for outdated ActiveX controls in Internet Explorer.”

Selected domains can be managed for which Internet Explorer will not block or warn about outdated ActiveX controls. This policy is “Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains” and includes a list of top level domains, host names, or files.

This feature can be turned off by using the policy “Turn off blocking of outdated ActiveX controls for Internet Explorer.” This might be used temporarily in combination with logging, to assess ActiveX controls before re-enabling the feature. This can also be enabled, like all four policies, with a registry key—in this case, a REG_DWORD 
“HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\VersionCheckEnabled"
with value of zero
Posted by at 17:54
Labels:
Share:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)