how do sites run in IE without asking for "allow scripts/activeX"?

Question

I have tried googling this and have not come up with any good leads...

I have a webpage I'm testing (it's an html document on my local machine).

When loaded, IE asks if I want to allow scripts and activeX (I don't get why they are considered equally dangerous)

Popular sites like cnn.com and stackoverflow.com don't ask me if I want to run scripts, they just do. How and why does this occur? Do I have to do something special to keep this from happening? (There is a prompt, but I don't want this to appear for my normal users)

Answer 1

You can always enable ActiveX for offline & online by default. Go to:

Tools > Internet Options > Advanced > Security :

(✓) Allow active content from CDs to run on My Computer
(✓) Allow active content to run in files on My Computer

Answer 2

Import following registries(saving following content as a .reg file) you can get the IE ActiveX always enabled without asking for your decision

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"NoUpdateCheck"=dword:00000001
"NoJITSetup"=dword:00000001
"Disable Script Debugger"="yes"
"Show_ChannelBand"="No"
"Anchor Underline"="yes"
"Cache_Update_Frequency"="Once_Per_Session"
"Display Inline Images"="yes"
"Do404Search"=hex:01,00,00,00
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Save_Session_History_On_Exit"="no"
"Show_FullURL"="no"
"Show_StatusBar"="yes"
"Show_ToolBar"="yes"
"Show_URLinStatusBar"="yes"
"Show_URLToolBar"="yes"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Use_DlgBox_Colors"="yes"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Check_Associations"="yes"
"FullScreen"="no"
"Window_Placement"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,e9,00,00,00,b4,00,00,00,75,04,00,00,54,05,00,\
  00
"Expand Alt Text"="no"
"Move System Caret"="no"
"NscSingleExpand"=dword:00000001
"DisableScriptDebuggerIE"="yes"
"Error Dlg Displayed On Every Error"="no"
"NoWebJITSetup"=dword:00000000
"Page_Transitions"=dword:00000001
"FavIntelliMenus"="no"
"Enable Browser Extensions"="yes"
"UseThemes"=dword:00000001
"Force Offscreen Composition"=dword:00000000
"NotifyDownloadComplete"="yes"
"AllowWindowReuse"=dword:00000001
"Friendly http errors"="yes"
"ShowGoButton"="yes"
"SmoothScroll"=dword:00000001
"Enable AutoImageResize"="yes"
"Enable_MyPics_Hoverbar"="yes"
"Play_Animations"="yes"
"Play_Background_Sounds"="yes"
"Display Inline Videos"="yes"
"Show image placeholders"=dword:00000000
"Print_Background"="no"
"AutoSearch"=dword:00000005

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"iexplore.exe"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings]
"LOCALMACHINE_CD_UNLOCK"=dword:00000000

Answer 3

Somehow IE trusts local documents less than the ones on the Internet. Which is counter intuitive. But I'm sure there is a reason... what has no reason or explanation, however, is that if you put the following

<!-- saved from url=(0017)http://localhost/ -->

at the top of your document, IE will trust it more.

(also how come there is no WTF tag on StackOverflow? Desperately needed)

Answer 4

It's because those site aren't running locally, they are running on some other server somewhere else.

If you check out Tools->Internet Options for IE and look at Security, Privacy and especially "Advanced". You'll see a whole host of options.