"Allow active content to run files on My Computer" Group Policy Setting Does Not Work as Expected on Windows Server 2008 or Windows Vista RSAT

Article ID: 2002093 - View products that this article applies to.
Expand all | Collapse all

Symptoms

If you use Windows Server 2008 or the Remote Server Administration Tools (RSAT) for Windows Vista to enable the Group Policy Preference setting Allow active content to run files on My Computer the setting will remain disabled when the policy is applied on the client computers. If you disable the policy setting, you will find that it gets enabled on the client computers after the next Group Policy refresh.

The Allow active content to run files on My Computer is configured in the Group Policy Management Editor by navigating to User Configuration\Preferences\Control Panel Settings\Internet Settings and selecting New, then Internet Explorer 7. On the Advanced tab, scroll down to the Security section to view the Allow active content to run files on My Computer setting.

Cause

To enable Allow active content to run files on My Computer the following registry value must be set to 0:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN

Value Name:  iexplore.exe
Value Type:  REG_DWORD
Value Data:  0

When you configure this setting in Windows Server 2008 or Windows Vista RSAT the value will be written as "iexplore.exe"=dword:00000001 and therefore the setting will be disabled.

The wrong value is written from the Group Policy Preferences XML setting file:

<Reg id="LocalMachineFilesUnlock" type="REG_DWORD" hive="HKEY_CURRENT_USER" key="SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" name="iexplore.exe" value="00000001"/>

The default location of the Group Policy Preferences XML setting file is:

%windir%\SYSVOL\sysvol\domain\Policies\{GUID}\<user / computer>\Preferences\InternetSettings\InternetSettings.xml

Resolution

Modify the setting using Windows Server 2008 R2 or Windows 7 RSAT. The issue only exists when modifying the setting from Windows Server 2008 or Windows Vista RSAT.

As a workaround you can disable the Allow active content to run files on My Computer policy setting and the setting will be enabled when the policy is applied to the client computers.

For more information about Remote Server Administration Tools for Windows 7, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d 

Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 2002093 - Last Review: September 25, 2009 - Revision: 5.0
APPLIES TO
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Vista Business
  • Windows Vista Business 64-bit Edition
  • Windows Vista Business N 64-bit Edition
  • Windows Vista Enterprise
  • Windows Vista Enterprise 64-bit Edition
  • Windows Vista Ultimate 64-bit Edition
  • Windows Vista Ultimate
Keywords: 
KB2002093

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com