Hello!

I am working on a development project that enables different
advertising & marketing agencies affiliated to our firm to store their
webpages with flash files on our centralized storage server.

The agencies' webpages are stored as a whole (with the flash files and
all the content and images on that page) onto the storage server. This
enables a historical reference and for review by other departments
even after that webpage has been updated with a new one. We are
working on automating the storage of these flash webpages onto the
storage server periodically (using I.E. browser and code) without the
agencies' web admin involvement.

On the server side, we do not want to run the <object> tag as we are
only interested in storing the file onto the storage server. However,
all other html code received by the server must be executed. We
extract the Flash URL from  OBJECT tag, then  contact the orignal site
and get the flash and store under agency's user account. To enable
this scenario (of not running the flash file on the server) we
DISABLED all five options under 'ActiveX controls and Plug-ins' in the
I.E. browser (under 'Administrator' level).

Tools--Internet Options--Security--Internet--Custom Level--ActiveX
controls and Plug-ins

While this has successfully prevented a flash file from opening on the
server, the code we've written still tries to execute the 'Active X'
controls. Our code on the server side has been written using 'MSHTML
Object Library' (in-built in I.E. 6.0) and an instance is still trying
to execute the Active X controls.

We believed that disabling the active-x controls and plug-ins would
automatically stop the instance of the MSHTML Object Library from
trying to execute the same. Shouldn't the administrator level
disabling of these controls prevent them from being run for all other
users as well?

Your input and advice in solving this problem is sought.

Thanks.
TVR

---

Clarification of Question by tvr-ga on 03 Jul 2003 17:07 PDT

Hello exalkonium-ga:

Thanks a lot for your suggestion/answer. We appreciate it. While we
are still testing the changes made (based on your guidelines), it
seems to work.

I sincerely recommend that you become a Google researcher. Your answer
to our question should serve as a 'reference' and an indication of
your capability.

Best Regards,
TVR

Restrict ActiveX Applets in Internet Explorer

The CLSID for an ActiveX control is a globally unique identifier
(GUID) for that control. You can prevent an ActiveX control from
running in Internet Explorer by setting the "kill bit" so that the
control is never called by Internet Explorer. The "kill bit" is a
specific value for the Compatibility Flags DWORD value for the ActiveX
control in the registry. Note that this is different than revoking the
"safe for scripting" option in an ActiveX control. When the "safe for
scripting" option is revoked, Internet Explorer still calls for the
control and then prompts you with a warning message that the ActiveX
control may be unsafe. Depending on the choice you make, the control
may be run. However, after the "kill bit" is set for an ActiveX
control, that control is not called by Internet Explorer at all. To
set the "kill bit" so that an ActiveX control is never called by
Internet Explorer:
Determine the CLSID for the ActiveX control that you want to disable.
If you are not sure of the CLSID for the control, contact the
manufacturer. If the control is installed, you may be able to
determine its CLSID if you know its friendly name. To do this, examine
the Default string value for the ProgID key for each of the CLSID keys
in HKEY_CLASSES_ROOT\CLSID. You may need to remove as many ActiveX
controls as possible, except for the one that you want to disable, in
order to make it easier to identify the appropriate CLSID. For
additional information about how to remove ActiveX controls, click the
article number below to view the article in the Microsoft Knowledge
Base:
Use Registry Editor to view the data value of the Compatibility Flags
DWORD value of the ActiveX object CLSID in the following registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\CLSID of the ActiveX control]

where CLSID of the ActiveX Control is the class identifier of the
appropriate ActiveX control.

Change the value of the Compatibility Flags DWORD value to 0x400 (in
hex) or 1024 (in decimal).
Restart Internet Explorer. 

Please let me know if this was helpful, and if this qualifies as an
answer.

I'm sorry, I just learned that as a just registered user, I cannot be
paid for my answers. I do apoligize, and I hope that my free answer
has done you some good. I'm sure someone will take advantage of that.