+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / IE Security setting for ActiveX controls and plugs in

IE Security setting for ActiveX controls and plugs in

8 posts, 0 answered
  1. Kristina
    Kristina avatar
    17 posts
    Registered:
    17 Mar 2009
    07 May 2009
    Link to this post
    Hi,

    We have just installed Sitefinity V3.6 on Windows Server 2008 running IE7.

    With the default security setting for IE7, Everytime I select a menu option in Sitefinity, it prompted me to download ActiveX. The only way to get rid of this prompting is to set a custom security setting to enable all options under Security Settings->Custom settings->ActiveX controls and Plugs in, making it very unsecure.

    Is this mean that if I have developed a website using Sitefinity then all the users have to set the security in their browser to enable ActiveX downloads before my website will work properly???

    Please advise.

    Thanks in advance.

    Regards,

    Kristina Thong
  2. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    09 May 2009
    Link to this post
    Hello Kristina,

    Could you please be a bit more specific to which items you are selecting? I have tried to reproduce the problem today using the same configuration, but did not encounter any problems. Here are my ActiveX settings for IE7:

    * Allow previously unused ActiveX controls to run without prompt:

    ENABLED
    * Allow Scriptlets

    ENABLED
    * Automatic Prompting for ActiveX controls
    ENABLED
    * Binary and Script Behaviors
    ENABLED
    * Display video and Animation on webpage that does not use external media player
    DISABLED
    * Download Signed ActiveX controls
    PROMPT
    * Download Signed ActiveX controls
    DISABLED
    * Initialize and Script ActiveX controls not marked as safe for scripting
    DISABLED
    * Run ActiveX controls and plug-ins
    ENABLED
    * Script ActiveX controls marked safe for scripting
    ENABLED

    To be more precise, I am running IE in Medium-Low (default) settings, in Protected Mode.

    You might try to add the Sitefinity instance in the trusted sites lists. This way, you will have higher permissions just for this URL rather than all web sites.

    Kind regards,
    Georgi
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  3. Kristina
    Kristina avatar
    17 posts
    Registered:
    17 Mar 2009
    10 May 2009
    Link to this post
    Hi,

    The default IE security setting in Windows Server 2008 is Medium-Low for Local Intranet and High for Internet. Sitefinity V3.6 is installed on our server locally in Dafult Website in IIS. The ActiveX setting is:
     Allow previously unused ActiveX controls to run without prompt:
    ENABLED
    * Allow Scriptlets

    ENABLED
    * Automatic Prompting for ActiveX controls
    ENABLED
    * Binary and Script Behaviors
    ENABLED
    * Display video and Animation on webpage that does not use external media player
    DISABLED
    * Download Signed ActiveX controls
    PROMPT
    * Download Signed ActiveX controls
    DISABLED
    * Initialize and Script ActiveX controls not marked as safe for scripting
    DISABLED
    * Run ActiveX controls and plug-ins
    ENABLED
    * Script ActiveX controls marked safe for scripting
    ENABLED

    When I run Sitefinity and choose to edit my project. I get the warning in the IE information bar (yellow) saying:
    "Your security settings do not allow websites to use ActiveX controls installed on your computer. This page may not siapled correctly. Click here for more options."

    My same question is before:
    Is this mean that if I have developed a website using Sitefinity then all users have to set the IE security to enable ActiveX downloads before my website will work probably??

    Thanks and Regards,

    Kristina Thong
  4. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    12 May 2009
    Link to this post
    Hi Kristina,

    No, it doesn't mean that your users will not be able to use Sitefinity. I am not sure what is wrong, but I am testing with the same settings, browser and operating system, and I could not reproduce the issue.
    If possible, please try to access the same project from another computer - a remote one for example. Let me know if the issue stands in this case as well.

    All the best,
    Georgi
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  5. Kristina
    Kristina avatar
    17 posts
    Registered:
    17 Mar 2009
    19 May 2009
    Link to this post

    Hi,

    I am still having the ActiveX downloads problem but here are the results of my investigations so far:

    1  I created a website from your university example website, without adding any custom pages onto the website and the same error still appears on every page.     
     2.
     installed IE8 on the server. IE8 gave a similar error “an add-on for this website failed to run. Check the security settings in Internet Options for potential conflicts”.

    3.       I installed the website as a real website ie: with an IP address, not a virtual website. The website browse ok on the same server with the same browser with no ActiveX or add-on error. This seem to indicate there is some problems with the settings of the virtual website?? And the problem is not with the browser

    4.       I tried to access the website from another PC with IE6, no error. A PC with IE7, no error.

     

    The result in 3 above seem to indicate that the same website that is created in Default website by Sitefinity is the problem.

     

    Can you help?

    Thanks and Regards,
    Kristina Thong

  6. Dido
    Dido avatar
    149 posts
    Registered:
    24 Sep 2012
    25 May 2009
    Link to this post
    Hello Kristina,

    Is your ActiveX control digitally signed? You might find this discussion helpful, especially the last response.

    Generally, ActiveX security is client-side based and cannot be changed from the server. The latter would be a great security risk. However, if an ActiveX control is digitally signed, I believe it will not require the end-user to approve it every time.

    It seems weird to me that a remote site would be more "trustworthy" than a local one for IE; it is logical to be the opposite.

    Sincerely yours,
    Dido
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  7. Kristina
    Kristina avatar
    17 posts
    Registered:
    17 Mar 2009
    26 May 2009
    Link to this post
    Hi,

    The site is created from your univeristy example site, no custom code added so what ActiveX control are you referring to that is digitally signed??

    Thanks for your help,

    Regards,

    Kristina Thong
  8. Dido
    Dido avatar
    149 posts
    Registered:
    24 Sep 2012
    26 May 2009
    Link to this post
    Hello Kristina,

    In Sitefinity, we do not use ActiveX at all. Therefore, you must have added some ActiveX control. It should be digitally signed.
    The only other possibility would the ActiveX flash plugin for IE. Whichever the case, ActiveX is not controlled in any way by Sitefinity. It is entirely client-side security. However, there is a know issue with 64-bit IE, which cannot install flash. Which does not depend on Sitefinity at all.

    Best wishes,
    Dido
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
Register for webinar
8 posts, 0 answered