深入理解:IE中安全选择中控件和插件的Administrator approved设定
2013-06-14 15:31
274 查看
"Administrator approved" ActiveX Controls In your Internet Security settings, there is an option under "Run ActiveX controls and plug-ins" which says "Administrator approved". This is the only ActiveX security setting which does not say simply "Enable", "Disable", or "Prompt". As you may have guessed, setting this option will make Internet Explorer run ActiveX controls that have been approved, while not running ActiveX controls that have not been approved. This sounds like a great idea; The only question, then, is: How do you approve an ActiveX control? It all revolves around the following registry keys: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\ Internet Settings\AllowedControls Or, alternatively... HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls Notice that these two keys differ only in that one branches out from HKEY_LOCAL_MACHINE, and the other from HKEY_CURRENT_USER. It's not clear how Internet Explorer decides which of these keys to check, so you may want to make the appropriate settings in both (or use a registry-monitoring program to see which keys it's checking when it goes to a website that uses ActiveX controls). In a default installation of Windows, these keys won't even exist; You'll have to create them. Once you do so, within the key(s), create a DWORD value for each ActiveX control you intend to approve. The name of the DWORD value should be the CLSID value of the ActiveX control, enclosed in curly brackets ( {} ). For example, if the ActiveX control's CLSID is 500, the DWORD value should be named {500}. Once you have created the DWORD value, set its value to 0 (zero) to approve that control to run. Setting the value to anything other than zero will indicate that the control is not approved. This works great for (for example) Macromedia Flash, which has a CLSID of D27CDB6E-AE6D-11CF-96B8-444553540000. If you want to allow Flash to run, but no other ActiveX control, you'd create a DWORD value (under the AllowedControls key, of course) called {D27CDB6E-AE6D-11CF-96B8-444553540000} and set it to zero. Then, if your Internet Explorer ActiveX security option is set to "Administrator approved", Flash will still work, but no other ActiveX controls will run. This is critically important given what a huge security risk ActiveX is.
本文出自 “莫长空” 博客,转载请与作者联系!
相关文章推荐
- 深入理解Java:SimpleDateFormat安全的时间格式化
- js时间选择控件(可选择时分秒,兼容IE,FireFox)
- vs2010开发activex(MFC)控件/ie插件(一)
- Maven学习总结(16)——深入理解maven生命周期和插件
- 《深入理解mybatis原理(十)》 Mybatis插件原理简单分析
- 深入理解Java:SimpleDateFormat安全的时间格式化
- 深入理解Symbian控件架构
- 深入理解Symbian控件架构
- 深入理解JQuery插件开发
- 深入理解Java:SimpleDateFormat安全的时间格式化
- 深入理解最强桌面地图控件GMAP.NET --- 初用
- 深入理解css属性的选择对动画性能的影响
- 深入理解jQuery插件开发
- 深入理解Java:SimpleDateFormat安全的时间格式化
- 深入理解最强桌面地图控件GMAP.NET --- 原理篇
- 深入理解Java:SimpleDateFormat安全的时间格式化
- jQuery插件:表单Email常用邮箱选择控件
- 深入理解 ASP.NET 动态控件 (Part 1 - 感性认识)
- 深入理解Java:SimpleDateFormat安全的时间格式化
- 深入理解Java虚拟机JVM高级特性与最佳实践阅读总结—— 第十三章 线程安全与锁优化