I've done this with ActiveX and Java plugins for some years, for my terminal server / Citrix users. Bearing in mind I use mandatory profiles, and quite locked down servers - so all local drives hidden, and protected by DACLs such that users cannot write to any of the local server drives, and users are only normal users, therefore have no permissions to be able to update central parts of the registry... What I did was:- 1. Edited the values in HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveXCache *and* HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache\0 to contain "H:\WINDOWS\Downloaded Program Files" 2. Whilst logged in as admin, subst'd h: to point to the admin's (local) profile directory. And under there, created a directory "WINDOWS\Downloaded Program Files" (this will make more sense later...) 3. Ran the IE app that uses the ActiveX control. This will download the ActiveX control files to the directory above, created the class keys in HKCR. 4. Saved these ActiveX control files to %systemroot%\system32 (again, this will make more sense later). So by this point, the ActiveX control has been registered and is installed on the machine. 5. Create a login script that pre-installs the digital certificate that the ActiveX control is signed with, into the users' HKCU. 6. Have the login script copy the ActiveX control files from %systemroot%\system32 to the users h:\WINDOWS\Downloaded Program Files directory (otherwise, I think (it's been a while) the system probably thought this was required again (the download of the control) and would probably think it had to do the whole HKCR rigmarole again). The Java applet is signed with the same certificate, so step 5 covers this. The Java classes get dragged to somewhere under %systemroot%\java (if my memory serves me) and once there there, it's a done deal. I seem to remember having to correct some of the paths in HKCR\CLSID\<control ID> under InprocServer32 for the controls used. Bearing in mind much of the above is coloured by having fairly tightly locked servers (in terms of filesystem, registry and mandatory profiles), and also, will be heavily affected by the specifics of the individual controls used by my line of business application. As no doubt you will have gathered, regmon and filemon were pretty essential in me working all that out. As it stands the ActiveX and Java use by the app is seamless for these users - because it's all pre-empted. It also means I have control - they cannot download other ActiveX or Java because of security settings, and their level of access and permissions. If the ActiveX control (or Java) gets modified, and / or signed with a new(er) / different digital certificate, then I *may* need to do the admin running of the app stage again - or simply amend the login script details with the adding of the digital cert to each users (transient - mandatory profiles) HKCU). <phew...> That's how I do it, anyways. Neil > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Monahan, Thomas > Sent: 28 April 2004 13:06 > To: 'thin@xxxxxxxxxxxxx' > Subject: [THIN] Re: Rolling out/Packaging IE Plugins > > I was talking more in the general terms, but at the moment I > have an activeX control that needs to be rolled out to > multiple servers. > > Any ideas? > > > -----Original Message----- > > From: Braebaum, Neil [SMTP:Neil.Braebaum@xxxxxxxxxxxxxxxxx] > > Sent: 28 April 2004 09:39 > > To: thin@xxxxxxxxxxxxx > > Subject: [THIN] Re: Rolling out/Packaging IE Plugins > > > > What sort of plugin? > > > > Neil > > > > > -----Original Message----- > > > From: thin-bounce@xxxxxxxxxxxxx > > > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Monahan, Thomas > > > Sent: 27 April 2004 17:55 > > > To: thin@xxxxxxxxxxxxx > > > Subject: [THIN] Rolling out/Packaging IE Plugins > > > > > > Hi, > > > > > > How do you all roll out IE plugins onto your servers? I just > > > tried to package one there but its failing to install. I was > > > wondering how you guys to it? *********************************************** This e-mail and its attachments are confidential and are intended for the above named recipient only. If this has come to you in error, please notify the sender immediately and delete this e-mail from your system. You must take no action based on this, nor must you copy or disclose it or any part of its contents to any person or organisation. Statements and opinions contained in this email may not necessarily represent those of Littlewoods. Please note that e-mail communications may be monitored. The registered office of Littlewoods Limited and its subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB. Registered number of Littlewoods Limited is 262152. ************************************************ ******************************************************** This week's sponsor - Emergent Online Emergent delivers end-to-end solutions for private and public sector clients. From centralized application management, business continuity, outsourcing, to application development, security, and messaging solutions. http://www.go-eol.com/index.asp ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm