Blocking ActiveX software installation

For general issues related to PWB v2.

Moderators: Tyler, Scott, PWB v2 Moderator

Post Reply
Jaysun
Provider
Provider
Posts: 47
Joined: Sun Jun 08, 2003 6:12 pm
Location: Eugene, OR
Contact:

Blocking ActiveX software installation

Post by Jaysun »

I am able to block patrons from installing software from a Web page by using WinSelect to disable the buttons in IE's Security Warning dialog. This works great for all but a few installers.

There is some installers, such as Yahoo! Messenger and the Google Toolbar, that get initiated by an ActiveX control and I cannot get IE to display a Security Warning dialog before the installer runs.

In order to prevent installation of this software via ActiveX I have disabled the downloading of ActiveX controls in IE's Security Settings. This works very well, except for patrons get a lot of "Your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly." messages while browsing the Web.

Is there any way I can leave ActiveX controls enabled, but not allow them to install software. Or, at least is there some way to force IE (and PWB) to display a Security Warning dialog before installing software via an ActiveX control?

Thanks,

Jason
Jason Weinstein
Application Support Technicain
Eugene Public Library
Eugene, OR

spragers
Benefactor
Benefactor
Posts: 153
Joined: Fri Dec 27, 2002 9:11 am
Contact:

Post by spragers »

If there is, I'd like to hear about it :)

For now, we use DriveShield to erase any changes that are made to the hard drive. We also use Fortres, which blocks some programs from writing to the hard drive, and although I have all ActiveX content allowed (I got tired of having patrons complain about those warning messages ALL the time - i.e. in Hotmail, EVERY page has one or more warnings that pop up), but I have some of the more well-known sites (AOL, Yahoo messenger) blocked through PWB.

Hope that helps!

Jaysun
Provider
Provider
Posts: 47
Joined: Sun Jun 08, 2003 6:12 pm
Location: Eugene, OR
Contact:

Post by Jaysun »

I think I have been able to reduce the number of ActiveX errors and still block software installation via ActiveX. On the Security tab of Internet Options click Custom Level. Use the following settings for the options under "ActiveX controls and plug-ins":

Download signed ActiveX controls - Disable
Download unsigned ActiveX controls - Disable
Initalize and script ActiveX controls not marked as safe - Disable
Run ActiveX controls and plug-ins - Enable
Script ActiveX controls marked as safe for scripting - Disable

Previously we had "Run ActiveX controls and plug-ins" set to Disable and patrons received many more ActiveX errors. Now that error only seems to come up if the Web site is actually trying to install software.

Jason
Jason Weinstein
Application Support Technicain
Eugene Public Library
Eugene, OR

Emrick

Active X controls

Post by Emrick »

Try setting the Downloaded Program Files folder to Read only. That folder is where all the active X files are stored. Even some Active X controls marked as safe may not be what you want installed on the machines.


Doing the above will also prevent a lot more the active X error messages that you would normally see.

Hope that helps.

Emrick

Jaysun
Provider
Provider
Posts: 47
Joined: Sun Jun 08, 2003 6:12 pm
Location: Eugene, OR
Contact:

Post by Jaysun »

WOW! Thanks Emrick!

I didn't even think of trying Read Only on the Downloded Program Files folder since this is Windows 98 and I am so used to (stupid) Windows 98 ignoring the Read Only attribute on folders.

This works great. All ActiveX Security Settings can be set to Enable and software cannot be installed via ActiveX and no annoying error messages while browsing!

Thanks!
Jason Weinstein
Application Support Technicain
Eugene Public Library
Eugene, OR

Guest

Active X Download Folder

Post by Guest »

Can you tell me the location of the Active X Download folder on Windows 2000?

Thanks,

Steve

Guest

Post by Guest »

C:\WINNT\Downloaded Program Files

peppy70

Post by peppy70 »

:twisted: I stay a step ahead to block possible programs. I use the url block to not allow access to aim, msn messenger, and yahoo messenger download pages. I also have a clean up script that deletes everything in the startup menu when PWB closes.

I use a product called Stormwindows that is great (especially the winxp version) I "disallow run" all the installer and junk programs that get installed i.e. datemanager.exe, precisiontime.exe, gator...etc.

Also, I have a problem with Wildtangent game driver....so I installed the program on all the PC's then disable the hardware settings so that the games won't play.

and I use msconfig to disable some programs at startup.

Guest

Active X and Downloaded Program Files

Post by Guest »

When I go to my Win 2000 version of the above folder I can't set NTFS permissions on it. Do you use the Read only from the Attributes tab? Or am I missing something?

Steve

Guest

Post by Guest »

Steve,

No, that's not an option in Windows 2000. You have to use this registry hack:

http://www.winguides.com/registry/display.php/1192/

to change the location of the folder to something like C:\activex . Once you do that, you can apply permissions, etc.

Post Reply