심도 있는 이해: IE에서 안전하게 선택할 수 있는 컨트롤과 플러그인의 Administrator approved 설정

"Administrator approved" ActiveX Controls

In your Internet Security settings, there is an option under "Run ActiveX
controls and plug-ins" which says "Administrator approved". This is the only
ActiveX security setting which does not say simply "Enable", "Disable", or
"Prompt". As you may have guessed, setting this option will make Internet
Explorer run ActiveX controls that have been approved, while not running
ActiveX controls that have not been approved. This sounds like a great idea;
The only question, then, is: How do you approve an ActiveX control? It all
revolves around the following registry keys:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\
  Internet Settings\AllowedControls

Or, alternatively...

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
  Settings\AllowedControls

Notice that these two keys differ only in that one branches out from
HKEY_LOCAL_MACHINE, and the other from HKEY_CURRENT_USER. It's not clear how
Internet Explorer decides which of these keys to check, so you may want to
make the appropriate settings in both (or use a registry-monitoring program
to see which keys it's checking when it goes to a website that uses ActiveX
controls).

In a default installation of Windows, these keys won't even exist; You'll
have to create them. Once you do so, within the key(s), create a DWORD value
for each ActiveX control you intend to approve. The name of the DWORD value
should be the CLSID value of the ActiveX control, enclosed in curly brackets
( {} ). For example, if the ActiveX control's CLSID is 500, the DWORD value
should be named {500}.

Once you have created the DWORD value, set its value to 0 (zero) to approve
that control to run. Setting the value to anything other than zero will
indicate that the control is not approved.

This works great for (for example) Macromedia Flash, which has a CLSID of
D27CDB6E-AE6D-11CF-96B8-444553540000. If you want to allow Flash to run, but
no other ActiveX control, you'd create a DWORD value (under the
AllowedControls key, of course) called {D27CDB6E-AE6D-11CF-96B8-444553540000}
and set it to zero. Then, if your Internet Explorer ActiveX security option
is set to "Administrator approved", Flash will still work, but no other
ActiveX controls will run. This is critically important given what a huge
security risk ActiveX is.