> It would obviously be far better if there was a way to configure the
> browser and then prevent the user from changing the settings. It would
> also be good to have a site administration tool that allows you to
> dictate policy (IE configuration). It would also be great to have
> ActiveX proxies/blockers that ran right on the Firewall.
This *can* be done. Microsoft provides (for the cost of shipping the
CD-ROM) an administration kit that can be used to create an install set
for IE that has any or all options preset and can be set to prevent the
user from changing them. The particular option of interest is in the
views menu under options->security. There is a checkbox there for
blocking ActiveX. Of course, the end user could choose to install over
the version you provide.
The other tools Microsoft provides for Win95 machines is the system
policy editor. With this tool you can choose exactly what rights the
user has, including the ability to prevent or limit software installs.
We have some clients that prevent the user from doing anything (can't
even change the wallpaper settings) while others leave their systems
wide open and regularity scan them and automate the process of returning
the machine to its initial configuration.
In my opinion you must balance corporate culture with productivity and
risk. Microsoft *does* have some tools that are useful in this regard.