Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | SOFTWARE\Policies\Microsoft\Windows\AxInstaller |
Value Name | ApprovedList |
Value Type | REG_DWORD |
Enabled Value | 1 |
Disabled Value | 0 |
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | SOFTWARE\Policies\Microsoft\Windows\AxInstaller\ApprovedActiveXInstallSites |
Value Name | {number} |
Value Type | REG_SZ |
Default Value |
Contains policy for the host URL.
For example
HostName: http://activex.microsoft.com
Value: 2,1,0,0
The value for each Host URL is four settings in CSV format.
Which represents "TPSSignedControl,SignedControl,UnsignedControl,ServerCertificatePolicy
The three left most values in the policy control the installation of ActiveX controls based on their signature.
They can be one of the following.
0: ActiveX control will not be installed
1: Prompt the user to install ActiveX control
2: ActiveX control will be silently installed
Controls signed by certificates in trusted publisher store will be silently installed
Silent installation for unsigned controls is not supported
The right most value in the policy is a bitmasked flag
The flags are used for ignoring https certificate errors.
The default value is 0.
Which means that the https connections must pass all security checks
Use the combination of the following values
to ignore invalid certificate errors
0x00000100 Ignore Unknown CA
0x00001000 Ignore invalid CN
0x00002000 Ignore invalid certificate date
0x00000200 Ignore wrong certificate usage