Information
This policy setting allows you to manage whether .NET Framework components that are
signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed executables
*Rationale*
If you enable this policy setting, Internet Explorer will execute signed managed
components, it may be possible for someone to host malicious content on a website that
takes advantage of these components.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.
Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run .NET
Framework-reliant components signed with AuthenticodeThen set the Run .NET Framework-reliant components signed with Authenticode
option to Disable.
Impact-If you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will prompt the
user to determine whether to execute signed managed components. If you disable this
policy setting, Internet Explorer will not execute signed managed components. If you do
not configure this policy setting, Internet Explorer will not execute signed managed
components.
Default Value-Disabled