Restrict ActiveX Applets in Internet Explorer (All Windows)
Category: Home > Software > Internet Explorer > Security
This tweak allows you to stop specific ActiveX controls from running in Internet Explorer. When the "kill bit" is set the specified ActiveX control will never be called or shown by Internet Explorer.
The CLSID for an ActiveX control is a globally unique identifier (GUID) for that control. You can prevent an ActiveX control from running in Internet Explorer by setting the "kill bit" so that the control is never called by Internet Explorer. The "kill bit" is a specific value for the Compatibility Flags DWORD value for the ActiveX control in the registry. Note that this is different than revoking the "safe for scripting" option in an ActiveX control. When the "safe for scripting" option is revoked, Internet Explorer still calls for the control and then prompts you with a warning message that the ActiveX control may be unsafe. Depending on the choice you make, the control may be run. However, after the "kill bit" is set for an ActiveX control, that control is not called by Internet Explorer at all. To set the "kill bit" so that an ActiveX control is never called by Internet Explorer:
- Determine the CLSID for the ActiveX control that you want to disable. If you are not sure of the CLSID for the control, contact the manufacturer. If the control is installed, you may be able to determine its CLSID if you know its friendly name. To do this, examine the Default string value for the ProgID key for each of the CLSID keys in HKEY_CLASSES_ROOT\CLSID. You may need to remove as many ActiveX controls as possible, except for the one that you want to disable, in order to make it easier to identify the appropriate CLSID. For additional information about how to remove ActiveX controls, click the article number below to view the article in the Microsoft Knowledge Base:
- Use Registry Editor to view the data value of the Compatibility Flags DWORD value of the ActiveX object CLSID in the following registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\CLSID of the ActiveX control]
where CLSID of the ActiveX Control is the class identifier of the appropriate ActiveX control.
- Change the value of the Compatibility Flags DWORD value to 0x400 (in hex) or 1024 (in decimal).
- Restart Internet Explorer.
Note: It is not recommended to re-enable an ActiveX control unless you are sure of the purpose. If you do so, you may create security vulnerabilities. The kill bit is normally set for a reason that may be critical, and because of this, extreme care must be used when you unkill an ActiveX control.
 |  |  |  |  |
|  | (Default) | REG_SZ | (value not set) | |
|  | Compatibility Flags | REG_DWORD | 0x00000400 (1024) | |
 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatib... |  |
 |
| Settings: |
System Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\
ActiveX Compatibility\{CLSID of the ActiveX control}]
Name: Compatibility Flags
Type: REG_DWORD (DWORD Value)
Value: (0 = allow, 1024 (400hex) = disable)
|
Disclaimer: Modifying the registry can cause serious problems that may require you to reinstall your operating system. We cannot guarantee that problems resulting from modifications to the registry can be solved. Use the information provided at your own risk.
Last Modified: September 30, 2002
|
