Policy
Establish ActiveX installation policy for sites in Trusted zones
This policy setting controls the installation of ActiveX controls for sites in Trusted zone. If you enable this policy setting, ActiveX controls are installed according to the settings defined by this policy setting. If you disable or do not configure this policy setting, ActiveX controls prompt the user before installation. If the trusted site uses the HTTPS protocol, this policy setting can also control how ActiveX Installer Service responds to certificate errors. By default all HTTPS connections must supply a server certificate that passes all validation criteria. If you are aware that a trusted site has a certificate error but you want to trust it anyway you can select the certificate errors that you want to ignore. Note: This policy setting applies to all sites in Trusted zones.
20ba517be440 AxISURLZonePolicies Registry
Copy registry mappings
HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies\InstallTrustedOCXHKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies\InstallSignedOCXHKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies\InstallUnSignedOCXHKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies\IgnoreUnknownCAHKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies\IgnoreInvalidCNHKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies\IgnoreInvalidCertDateHKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies\IgnoreWrongCertUsagePolicy notes
This policy setting controls the installation of ActiveX controls for sites in Trusted zone. If you enable this policy setting, ActiveX controls are installed according to the settings defined by this policy setting. If you disable or do not configure this policy setting, ActiveX controls prompt the user before installation. If the trusted site uses the HTTPS protocol, this policy setting can also control how ActiveX Installer Service responds to certificate errors. By default all HTTPS connections must supply a server certificate that passes all validation criteria. If you are aware that a trusted site has a certificate error but you want to trust it anyway you can select the certificate errors that you want to ignore. Note: This policy setting applies to all sites in Trusted zones.