It’s always the same story. To substantially enhance your security, you have to give up some freedom or flexibility. If your environment is like most organizations, you have a very strong desire to harden the desktop operating system in an effort to provide a more secure computing environment for your end users. IT administrators typically approach the task of securing the desktop by employing a combination of security policy settings, user permissions, file and registry access control lists (ACLs), and system service restrictions.
One common hurdle in the development of a secure desktop environment is how to mitigate the threats surrounding malicious ActiveX® controls while still providing an appropriate level of application compatibility in your environment. This has been a challenge with desktop operating systems for many years. Fortunately, the new ActiveX control Installer Service (AxIS) in Windows Vista™ addresses concerns specific to the management of ActiveX controls in corporate environments. AxIS provides a simple and manageable way for standard users, who wouldn’t ordinarily be permitted to install ActiveX controls, to install them from approved Web sites. Group Policy control over AxIS allows IT administrators to determine which controls users can install, regardless of which permissions they have.
In this article, we take a look at the administrative challenges surrounding ActiveX controls, how these issues were addressed in previous versions of Windows®, and how AxIS in Windows Vista provides a unique and efficient way to manage the installation of ActiveX controls.
Microsoft, Windows Vista, ActiveX, Installer, Service, Knowledgebase, Article