The ActiveX installation policy for sites in Trusted zones machine setting should be configured correctly. This policy setting controls the installation of ActiveX controls for sites in Trusted zone. If this setting is enabled ActiveX controls will be installed according to the settings defined by this policy setting. If this setting is disabled or not configured ActiveX controls will always prompt the user before installation. If the trusted site uses the HTTPS protocol, this policy setting can also control how ActiveX Installer Service responds to certificate errors. By default all HTTPS connections must supply a server certificate that passes all validation criteria. If you are aware that a trusted site has a certificate error but you want to trust it anyway you can select the certificate errors that you want to ignore. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\ActiveX Installer Service\ActiveX installation policy for sites in Trusted zones (2) KEY: HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies\InstallTrustedOCX