I've not known ActiveX to not require adding stuff to HKCR as well as some system folders, so as long as users aren't running with elevated rights and the server's local drives aren't unprotected then ActiveX shouldn't be a problem. Having to make it work, especially with mandatory profiles can be more of a challenge! ;-) Neil > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jeremy Saunders > Sent: 26 January 2005 17:14 > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: GPO spyware and unwanted Programs from IE > > I thought only Power Users, Domain Admins and Administrators > could install ActiveX apps. > > Lock down your file system and registry, but I have found > that the file system is critical for this stuff. For example, > Authenticated Users should only have Read access to the > Program Files folder, etc. If a user has write access, then > they have the ability to install spyware. > > "Jim Kenzig > > Kenzig.com" > > <jkenzig@xxxxxxxx > To > m> thin@xxxxxxxxxxxxx > > Sent by: > cc > thin-bounce@freel > > ists.org > Subject > [THIN] Re: GPO spyware > and unwanted > Programs from IE > > 27/01/2005 01:03 > > AM > > Please respond to > > thin > > ActiveX? > > Joanne Determann <joanne.determann@xxxxxxxxx> wrote: > I have 3 Citrix internet Kiosks. And it looks like my GPO > is not doing the job prohibiting programs being installed > through IE and blocking search engine hijackers etc... I found > a Online Poker game installed on the MF server. > > Any clue where my hole is? ***************************************************************************** This e-mail and its attachments are confidential and are intended for the above named recipient only. If this has come to you in error, please notify the sender immediately and delete this e-mail from your system. You must take no action based on this, nor must you copy or disclose it or any part of its contents to any person or organisation. Statements and opinions contained in this email may not necessarily represent those of Littlewoods. Please note that e-mail communications may be monitored. The registered office of Littlewoods Limited and it's subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB. Registered number of Littlewoods Limited is 262152. ***************************************************************************** This message has been scanned for viruses by BlackSpider MailControl - www.blackspider.com ******************************************************** This Weeks Sponsor: ThinPrint, GmbH Now available: .print Remote Desktop Printing Engine for Microsoft Terminal Services http://www.thinprint.com/dotprint/index.php?sh2&lc=1 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community - Excellent SBC Search Capabilities! http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm