I have a set of users that I want to be able to install ActiveX controls from websites. I have deployed a GPO that allows them to do this, however I still fail when it comes to UAC. The ActiveX controls install, but then require administrative priv to run. Is there a way around this? currently I have those users in the local administrator group because its the only way I can see around it.
SnapOverflow
You can try pre-approving the needed ActiveX controls using ActiveX Installer Service group policy. Unfortunately, this is something that you would have to enable before you create your OS image, since it is not installed in Vista by default. As an alternative, you can enable it manually via Programs and Features -> Windows Components on each workstation, but this is not feasible for a large network.
Details here:
technet.microsoft.com/en-us/library/cc721964(WS.10).aspx
Basically you whitelist the sites that users are allowed to install ActiveX controls from, thus allowing them to install them without the UAC elevation. Maintaining a white list may seem like a tedious process, but IMHO it's much better than letting users install whatever they want. By giving them admin access you're asking for all kinds of toolbars and Bonzie Buddies to appear on your network :).