I thought only Power Users, Domain Admins and Administrators could install ActiveX apps. Lock down your file system and registry, but I have found that the file system is critical for this stuff. For example, Authenticated Users should only have Read access to the Program Files folder, etc. If a user has write access, then they have the ability to install spyware. Cheers, Jeremy. "Jim Kenzig Kenzig.com" <jkenzig@xxxxxxxx To m> thin@xxxxxxxxxxxxx Sent by: cc thin-bounce@freel ists.org Subject [THIN] Re: GPO spyware and unwanted Programs from IE 27/01/2005 01:03 AM Please respond to thin ActiveX? Joanne Determann <joanne.determann@xxxxxxxxx> wrote: I have 3 Citrix internet Kiosks. And it looks like my GPO is not doing the job prohibiting programs being installed through IE and blocking search engine hijackers etcâ I found a Online Poker game installed on the MF server. Any clue where my hole is? Thanks,Joanne