IE ActiveX control installation with inActive Dir?
Discussion
I'm trying to persuade our Active Directory to publish some ActiveX controls to authenticated users on our Domain. These controls are written by ourselves and are usually installed via Internet Component Download (a CAB file on the Web Server and some IE wizardry).
The controls are part of our web app. Now of course the ICD method of installation is all very well until you come across a highly controlled environment and then the controls can't install due to lack of permissions.
So IE is supposed to be able to *transparently* visit the Active Directory for any controls mentioned in OBJECT tags on its web pages and Install from there if it doesn't have permissions to do it the "old-fashioned" way.
But it does not bloody work!
I've done the registry setting thing for IE and the end user can go to Control Panel/Add Remove Programs and install the control manually but will IE do it automatically? No it bloody won't.
Anyone actually made this work? Information leading to an arrest will ensure the poster gets bought a beer.
The controls are part of our web app. Now of course the ICD method of installation is all very well until you come across a highly controlled environment and then the controls can't install due to lack of permissions.
So IE is supposed to be able to *transparently* visit the Active Directory for any controls mentioned in OBJECT tags on its web pages and Install from there if it doesn't have permissions to do it the "old-fashioned" way.
But it does not bloody work!
I've done the registry setting thing for IE and the end user can go to Control Panel/Add Remove Programs and install the control manually but will IE do it automatically? No it bloody won't.
Anyone actually made this work? Information leading to an arrest will ensure the poster gets bought a beer.
Don, this sounds like IE6?
I seem to recall they tightened up IE6 security to prevent this sort of thing - I was trying to write a similar sort of thing a while back, and gave up basically - the customer site had SMS set up so just got the packaging monkeys to script the damn thing.
Sorry I can't be of any further help. What error do you get? Or you don't get anything at all?
GT
I seem to recall they tightened up IE6 security to prevent this sort of thing - I was trying to write a similar sort of thing a while back, and gave up basically - the customer site had SMS set up so just got the packaging monkeys to script the damn thing.
Sorry I can't be of any further help. What error do you get? Or you don't get anything at all?
GT
GregE240 said:
Don, this sounds like IE6?
I seem to recall they tightened up IE6 security to prevent this sort of thing - I was trying to write a similar sort of thing a while back, and gave up basically - the customer site had SMS set up so just got the packaging monkeys to script the damn thing.
Sorry I can't be of any further help. What error do you get? Or you don't get anything at all?
GT
Thanks for the reply, Greg. Yep - I am using IE6. And the error message is the usual "Object does not support this property or method" one that one gets when a control fails to load.
We've been making CAB'd installs work great for years. This Active Directory malarchy works fine too - its just the IE "transparent installation" that doesn't seem to...
Its driving me potty!
Thanks again...anyone else have an idea?
Plotloss said:
Tried the script debugger so you can see exactly when its bombing out?
Its not a silly syntax error in the script is it?
Nope. The pages all work fine with the control installed - the Script is good. Its the fact that the control isn't there causes the error.
And the control gets there just fine via the "Signed CAB" method. It gets there fine if I go to the Control Panel and install the package using Add/Remove programs. Internet Explorer seems unwilling to trigger the installation, though. Very strange. The Microsoft web-site has a couple of articles on how to make it work which I have followed to the letter.
It just D.F.W.
You say that you can install it through Add/Remove, but does the user have the same admin rights etc.?
Have you tried changing the settings in the group policy under computer/administrative templates/windows installer? In particular the "...elevated privileges...." and the "...IE security prompt..." ones etc, can be used to allow background installs, but be aware of the security risks.
Have you tried changing the settings in the group policy under computer/administrative templates/windows installer? In particular the "...elevated privileges...." and the "...IE security prompt..." ones etc, can be used to allow background installs, but be aware of the security risks.
andyf007 said:
You say that you can install it through Add/Remove, but does the user have the same admin rights etc.?
Have you tried changing the settings in the group policy under computer/administrative templates/windows installer? In particular the "...elevated privileges...." and the "...IE security prompt..." ones etc, can be used to allow background installs, but be aware of the security risks.
I'll look into that now. Thanks!
Andy!
WHAT A STAR! It was the Disable IE Security Prompt for Windows Installer Scripts policy. I needed to Enable it. Then it just worked!
Now I need to figure out how to ensure all computers on the domain have the
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentversionInternet Settings, UseCoInstall
registry value set to 0x1
How do you propagate registry settings using Active Directory (sorry I am such an Administration numpty) and all help very gratefully (and humbly) recieved...
WHAT A STAR! It was the Disable IE Security Prompt for Windows Installer Scripts policy. I needed to Enable it. Then it just worked!
Now I need to figure out how to ensure all computers on the domain have the
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentversionInternet Settings, UseCoInstall
registry value set to 0x1
How do you propagate registry settings using Active Directory (sorry I am such an Administration numpty) and all help very gratefully (and humbly) recieved...
Don said:
Andy!
WHAT A STAR! It was the Disable IE Security Prompt for Windows Installer Scripts policy. I needed to Enable it. Then it just worked!
Now I need to figure out how to ensure all computers on the domain have the
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentversionInternet Settings, UseCoInstall
registry value set to 0x1
How do you propagate registry settings using Active Directory (sorry I am such an Administration numpty) and all help very gratefully (and humbly) recieved...
You could save it as a .REG file and use Group Policy to distribute it?
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff