Details
This policy setting controls the ActiveX Filtering feature for websites running ActiveX
controls. The user can choose to turn off ActiveX Filtering for specific websites so that its
ActiveX controls can run properly. If you enable this policy setting, ActiveX Filtering will be
enabled by default for the user. The user cannot turn off ActiveX Filtering although they
may add per-site exceptions. If you disable this policy setting or do not configure it, ActiveX
Filtering will not be enabled by default for the user. The user can turn ActiveX Filtering on
or off. The recommended state for this setting is- Enabled.
*Rationale*
ActiveX Filtering allows you to make an informed decision about every ActiveX control you
run by giving you the ability to block ActiveX controls for all sites, and then turn them on
for only the sites that you trust. This can help improve your protection against risky and
unreliable ActiveX controls.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.
Computer ConfigurationAdministrative TemplatesWindows ComponentsInternet
ExplorerTurn on ActiveX Filtering
Impact-
If you enable this policy setting, ActiveX Filtering will be enabled by default for the user.
The user cannot turn off ActiveX Filtering although they may add per-site exceptions. If you
disable this policy setting or do not configure it, ActiveX Filtering will not be enabled by
default for the user. The user can turn ActiveX Filtering on or off.
Default Value-Disabled
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.