microsoft:faq_about_internet_explorer_enhanced_security_configuration_esc
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
microsoft:faq_about_internet_explorer_enhanced_security_configuration_esc [2021/07/29 19:10] – aperez | microsoft:faq_about_internet_explorer_enhanced_security_configuration_esc [2021/07/29 19:29] (current) – aperez | ||
---|---|---|---|
Line 3: | Line 3: | ||
**Internet Explorer Enhanced Security Configuration** | **Internet Explorer Enhanced Security Configuration** | ||
- | Internet Explorer Enhanced Security Configuration (ESC) establishes security settings that define how users browse the internet and intranet websites. These settings also reduce the exposure of servers to websites that might present a security risk. This process is also known as IEHarden. For more information, | + | Internet Explorer Enhanced Security Configuration (ESC) establishes security settings that define how users browse the internet and intranet websites. These settings also reduce the exposure of servers to websites that might present a security risk. This process is also known as IEHarden. For more information, |
Original product version: | Original product version: | ||
Line 40: | Line 40: | ||
{{: | {{: | ||
- | The following video demonstrates this procedure: | + | [[https:// |
+ | |||
+ | [[https:// | ||
+ | |||
+ | **How to disable Internet Explorer ESC by using a script** | ||
+ | |||
+ | 1. Create an IEHArden_V5.bat file with the following batch file content. | ||
+ | |||
+ | 2. Run the bat file either at an administrative command prompt or as part of log-in script by using the procedure that is documented at How to assign user logon scripts. | ||
+ | |||
+ | **Contents of the batch file** | ||
+ | |||
+ | ECHO OFF | ||
+ | REM IEHarden Removal Project | ||
+ | REM HasVersionInfo: | ||
+ | REM Author: Axelr | ||
+ | REM Productname: | ||
+ | REM Comments: Helps remove the IE Enhanced Security Component of Windows 2003 and 2008(including R2) | ||
+ | REM IEHarden Removal Project End | ||
+ | ECHO ON | ||
+ | ::Related Article | ||
+ | ::933991 Standard users cannot turn off the Internet Explorer Enhanced Security feature on a Windows Server 2003-based terminal server | ||
+ | :: | ||
+ | :: Rem out if you like to Backup the registry keys | ||
+ | ::REG EXPORT " | ||
+ | ::REG EXPORT " | ||
+ | REG ADD " | ||
+ | REG ADD " | ||
+ | ::x64 | ||
+ | REG ADD " | ||
+ | ::Disables IE Harden for user if set to 1 which is enabled | ||
+ | REG ADD " | ||
+ | REG ADD " | ||
+ | REG ADD " | ||
+ | ::Removing line below as it is not needed for Windows 2003 scenarios. You may need to enable it for Windows 2008 scenarios | ||
+ | ::Rundll32 iesetup.dll, | ||
+ | Rundll32 iesetup.dll, | ||
+ | Rundll32 iesetup.dll, | ||
+ | Rundll32 iesetup.dll, | ||
+ | ::This apply to Windows 2003 Servers | ||
+ | REG DELETE " | ||
+ | REG DELETE " | ||
+ | REG ADD " | ||
+ | REG ADD " | ||
+ | ::REG DELETE " | ||
+ | ::REG DELETE " | ||
+ | :: Optional to remove warning on first IE Run and set home page to blank. remove the :: from lines below | ||
+ | :: 32-bit HKCU Keys | ||
+ | REG DELETE " | ||
+ | REG ADD " | ||
+ | REG ADD " | ||
+ | :: This will disable a warning the user may get regarding Protected Mode being disable for intranet, which is the default. | ||
+ | :: See article http:// | ||
+ | :: Intranet Protected mode is disable. Warning should not appear and this key will disable the warning | ||
+ | REG ADD " | ||
+ | :: Removing Terminal Server Shadowing x86 32bit | ||
+ | REG DELETE " | ||
+ | :: Removing Terminal Server Shadowing Wow6432Node | ||
+ | REG DELETE " | ||
+ | |||
+ | |||
+ | **How to manage the IEHarden Setting for users by using Group Policy Preferences (GPP)** | ||
+ | |||
+ | To change the IEHarden setting for users by using Group Policy Preferences Registry configuration, | ||
+ | |||
+ | 1. Open the GPMCM.msc console, and then navigate to User Configuration > Preferences > Windows Settings. | ||
+ | |||
+ | 2. In the navigation pane, right-click the Registry object, and then select New > Registry Item. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | 3. In IEHarden Properties, specify the following settings: | ||
+ | |||
+ | * Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap | ||
+ | |||
+ | * Value name: IEHarden | ||
+ | |||
+ | * Value Type: REG_DWORD | ||
+ | |||
+ | * Value data: 0 or 00000000 | ||
+ | |||
+ | {{: | ||
+ | |||
+ | Select **Apply** and **OK** to complete this GPP configuration. | ||
+ | |||
+ | Note: | ||
+ | You may also want to check the following registry subkeys if this value does not resolve the problem. In most cases, this is not necessary. | ||
+ | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap | ||
+ | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap | ||
+ | HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap | ||
+ | |||
+ | **Internet Explorer doesn' | ||
+ | |||
+ | To troubleshoot this scenario, refer to [[https:// | ||
- | [[https:// |
microsoft/faq_about_internet_explorer_enhanced_security_configuration_esc.1627603802.txt.gz · Last modified: 2021/07/29 19:10 by aperez