ActiveX controls extend the functionality of Internet Explorer, but they can also pose significant security risks. An ActiveX control could potentially access sensitive data, delete files, or cause other damage.

You can use Windows 2000 group policy to restrict ActiveX controls on a user's computer to a specific set of administrator-approved controls. By doing so, you let users continue using certain controls while restricting all others.

You can configure ActiveX group policy either at the local computer or at a higher level, such as an organizational unit or domain. To configure approved controls at the local level, open the MMC, and add the Group Policy snap-in focused on the local computer. Browse to the User Configuration | Administrative Templates | Windows Components | Internet Explorer | Administrator Approved Controls policy.

You'll find several policies that control specific ActiveX controls. Double-click a policy, and click Enabled to allow the use of that ActiveX control. To prevent its use, choose Disabled. Repeat the process for other controls as needed to allow or deny them based on your user and security requirements.