We are currently facing a debate regarding the Internet Explorer's setting 'Initialize and script ActiveX controls not marked as safe for scripting'.
I have been maintaining an in-house application that uses Outlook's and Word's automation to send email and generate letters. As it is an internal application, the url of the application is detected as 'Local Intranet'.
Our Sysadmins have changed the GPO of our workstation and disabled this setting. Unfortunately, this broke the script that was automating Office. Now we have a debate around the questions:
- should we change this setting back?
- or change the security of the local intranet zone to low (which would allow the script to run - with a prompt)?
- or should we re-develop the application in order not to use office automation?
Of course, as a developer, I would recommend the first or the second solution. But, I'd like to make sure that I'm not asking for something that would put our company's security at stake.
Does anyone have any experience? feedback on such a topic?