深入理解:IE中安全选择中控件和插件的Administrator approved设定
2013-06-14 15:31
274 查看
"Administrator approved" ActiveX Controls
In your Internet Security settings, there is an option under "Run ActiveX
controls and plug-ins" which says "Administrator approved". This is the only
ActiveX security setting which does not say simply "Enable", "Disable", or
"Prompt". As you may have guessed, setting this option will make Internet
Explorer run ActiveX controls that have been approved, while not running
ActiveX controls that have not been approved. This sounds like a great idea;
The only question, then, is: How do you approve an ActiveX control? It all
revolves around the following registry keys:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\
Internet Settings\AllowedControls
Or, alternatively...
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\AllowedControls
Notice that these two keys differ only in that one branches out from
HKEY_LOCAL_MACHINE, and the other from HKEY_CURRENT_USER. It's not clear how
Internet Explorer decides which of these keys to check, so you may want to
make the appropriate settings in both (or use a registry-monitoring program
to see which keys it's checking when it goes to a website that uses ActiveX
controls).
In a default installation of Windows, these keys won't even exist; You'll
have to create them. Once you do so, within the key(s), create a DWORD value
for each ActiveX control you intend to approve. The name of the DWORD value
should be the CLSID value of the ActiveX control, enclosed in curly brackets
( {} ). For example, if the ActiveX control's CLSID is 500, the DWORD value
should be named {500}.
Once you have created the DWORD value, set its value to 0 (zero) to approve
that control to run. Setting the value to anything other than zero will
indicate that the control is not approved.
This works great for (for example) Macromedia Flash, which has a CLSID of
D27CDB6E-AE6D-11CF-96B8-444553540000. If you want to allow Flash to run, but
no other ActiveX control, you'd create a DWORD value (under the
AllowedControls key, of course) called {D27CDB6E-AE6D-11CF-96B8-444553540000}
and set it to zero. Then, if your Internet Explorer ActiveX security option
is set to "Administrator approved", Flash will still work, but no other
ActiveX controls will run. This is critically important given what a huge
security risk ActiveX is.本文出自 “莫长空” 博客,转载请与作者联系!
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 深入理解Java:SimpleDateFormat安全的时间格式化
- js时间选择控件(可选择时分秒,兼容IE,FireFox)
- vs2010开发activex(MFC)控件/ie插件(一)
- Maven学习总结(16)——深入理解maven生命周期和插件
- 《深入理解mybatis原理(十)》 Mybatis插件原理简单分析
- 深入理解Java:SimpleDateFormat安全的时间格式化
- 深入理解Symbian控件架构
- 深入理解Symbian控件架构
- 深入理解JQuery插件开发
- 深入理解Java:SimpleDateFormat安全的时间格式化
- 深入理解最强桌面地图控件GMAP.NET --- 初用
- 深入理解css属性的选择对动画性能的影响
- 深入理解jQuery插件开发
- 深入理解Java:SimpleDateFormat安全的时间格式化
- 深入理解最强桌面地图控件GMAP.NET --- 原理篇
- 深入理解Java:SimpleDateFormat安全的时间格式化
- jQuery插件:表单Email常用邮箱选择控件
- 深入理解 ASP.NET 动态控件 (Part 1 - 感性认识)
- 深入理解Java:SimpleDateFormat安全的时间格式化
- 深入理解Java虚拟机JVM高级特性与最佳实践阅读总结—— 第十三章 线程安全与锁优化