Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
can't disable internet explorer enhanced security configuration on Server 2008 R2

Answered can't disable internet explorer enhanced security configuration on Server 2008 R2

  • Wednesday, February 13, 2013 3:36 PM
     
     
    Sign In to Vote
    0

    Does anyone know how to properly disable Internet Explorer Enhanced Security Configuration (IEesc) on Server 2008 R2? I have turned IEesc off for both administrators and users in the server manager but only the primary Administrator account has had IEesc disabled. For all other accounts I create (admin or non-admin) they continue to have IEesc enabled when they log in.

    I have found discussions about this where people recommended setting group policy and registry keys. Unfortunately, none of these solutions have worked for me.

    For example, I added this key to the registry, set it to 0 and rebooted.

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IEHarden

    I also set these keys to 0 and rebooted:

    HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}\IsInstalled

    HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}\IsInstalled.

    The group policy settings I saw people talking about were related to Remote Desktop services. I haven't added the remote desktop role to my server so none of those GP options appear. in my GPO.

    I tried installing all the latest patches and even re-installed Server 2008 R2 from scratch but I still have the same problem. I even downloaded and applied IEesc GPO objects from the Server 2003 resource kit but that didn't help either.

    Is there simply no way to disable IEesc for all users on Server 2008 R2? I saw some people suggest that adding the Remote Desktop role will automatically disable IEesc, but I don't want to add the RDP role which requires licensing with cals. I would like to continue using the free single RDP remote admin sessions that is allowed with Server 2008. It seems strange to have to buy cals just to be able to turn off IEesc.

     

All Replies

  • Wednesday, February 13, 2013 5:24 PM
     
     
    Sign In to Vote
    0

    Hey buddy, i found this which might help

    Login as user and run these 3 commands from the commandline:

    Rundll32 iesetup.dll, IEHardenLMSettings

    Rundll32 iesetup.dll, IEHardenUser

    Rundll32 iesetup.dll, IEHardenAdmin

     
  • Wednesday, February 13, 2013 5:57 PM
     
     
    Sign In to Vote
    0

    @JRazek - Thanks for the suggestion. Unfortunately, these commands only partially help. I have to run them on each separate account I create. They don't apply to all accounts. I would need some kind of login script that is run or something to make these commands work.

     
  • Wednesday, February 13, 2013 10:26 PM
     
     
    Sign In to Vote
    0
    I just tried Server 2012 and have the exact same problem. Even after I turn off IEesc for all users IEesc is still enabled for each new account I make.
     
  • Wednesday, February 13, 2013 11:58 PM
     
     Answered
    Sign In to Vote
    0

    I found a solution. By lowering all the Internet Explorer security zone settings to the lowest setting in group policy I was able to effectively remove any blockers to my users accessing whatever sites they wish. IEesc is still enabled for all my users but I don't really care since this effectively eliminates all the security hassles.

    • Marked As Answer by msurkan Wednesday, February 13, 2013 11:58 PM
    •