Information
This policy setting allows you to manage whether users may download signed ActiveX
controls from a page in the zone. The recommended state for this setting is-
Enabled-Disable.
*Rationale*
Signed code is better than unsigned code in that it may be easier to determine its author,
but it is still potentially harmful, especially when coming from an untrusted zone.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.
Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Download signed
ActiveX controlsThen set the Download signed ActiveX controls option to Disable.
Impact-If you enable this policy, users can download signed controls without user intervention. If
you select Prompt in the drop-down box, users are queried whether to download controls
signed by untrusted publishers. Code signed by trusted publishers is silently downloaded.
If you Disable the policy setting, signed controls cannot be downloaded.
Default Value-
Disabled