Disable Internet Explorer Enhanced Security Configuration in Windows Server 2019

This quick blog will explain the steps involved in disabling the annoying “Internet Explorer Enhanced Security Configuration is Enabled” window which you receive after opening IE for the first time in a fresh set up of Windows Server 2019. It’s a security feature which is enabled by default in Windows Server 2019 and looks something like this:

Notice the URL it opens when we start IE: res://iesetup.dll/HardAdmin.htm

When we try accessing any website, an error will pop-up which says the Enhanced Security Config has blocked the website, giving us an option to add the website to IE’s Trusted Zone. You can’t even access https enabled websites which are more secure compared to http ones. It can get cumbersome to add a website to the trusted zone every time we open a new page.

W arning Note: Disabling this feature will open up your IE’s access to the internet. So do install anti-virus software before doing this. Also, you can enable this feature back after downloading any other preferable browser.

How can we disable this?

Go to Start menu and click on the box that says Server Manager. Kindly have a look at the below image for reference:

On the Server Manager’s dashboard, click on Local Server from the left side menu and then click on IE Enhanced Security Configuration option which is to the right of the window. Kindly check the below image for reference:

After you click on the term ‘on’, it should give you a window just like this:

As you can see, the security feature is enabled for both Administrators and Users alike. Click on ‘off’ for both to disable this feature and click on OK.

That’s it! Simple, right? Head over to IE and access any website now.

Notice the URL that it gives now res://iesetup.dll/SoftAdmin.htm

But that should not worry now because it’s just a notification telling you that the Enhanced Security Configuration feature has been disabled. Now you can access any website without adding them to the Trusted Zone.

Conclusion

Disabling this feature will make it easy for you to access websites using IE, however, one should be aware of the potential harm in accessing malicious websites without installing a good anti-virus program in the system first. You can also work on other browsers with this feature disabled as it only affects the way IE connects to the internet.

Linux и Windows: помощь админам и пользователям

Администрируем и настраиваем Windows, Linux.

Отключение Internet Explorer Enhanced Security Configuration (IE ESC) в Windows Server 2008

При поддержке 2USB.ru — блог про гаджеты и usb клавиатуры и shop.2usb.ru — интернет-магазин usb флешек

Самое первое из того, что я делаю после установки нового сервера под управлением Windows в своем окружении это отключение расширенной безопасности IE (IE Enhanced Security Configuration — IE ESC). Процедура отключения немного изменилась в Windows Server 2008, поэтому я решил написать данную заметку.

Возможно, если вы начнете перед кем то говорить о данном отключении, то наткнетесь на стену непонимания. Однако я попытаюсь объяснить почему я отключаю IE ESC. Во-первых, вы впринципе не должны открывать неизвестные страницы на рабочих серверах. Поэтому возможно лучшим решением было бы вообще удалить IE, однако Microsoft не дает нам такой возможности, хотя на мой взгляд, расширенная безопасность IE довольно близка к отключенному IE — просто потому что пользоваться этим довольно затруднительно.

Я недавно попробовал открыть веб-сайт Microsoft на свеже установленном Windows Server 2008. Для полного открытия страницы мне потребовалось порядка 10 кликов. А если вы решите не добавлять сайт в надежные узлы вам придется делать эти клики каждый раз. Меня реально беспокоит психическое состояние тех людей, кто использует IE подобным образом.

Итак, теперь приступим от разглагольствываний к практике. Как вы возможно знаете, в Windows Server 2003 это отключалось через установку и удаление компонентов Windows. Теперь процедура несколько проще. Запустите Server Manager. Найдите секцию Security Information Section и нажмите ссылку “Configure IE ESC”. Вы можете отключить IE ESC и для Administrators и/или для пользователей. Последнее имеет смысл в случае терминального сервера.

Полезная информация

Качественное и недорогое создание сайтов саратов. Отличная работа в быстрые сроки.

FAQ about Internet Explorer Enhanced Security Configuration (ESC)

Internet Explorer Enhanced Security Configuration

Internet Explorer Enhanced Security Configuration (ESC) establishes security settings that define how users browse the internet and intranet websites. These settings also reduce the exposure of servers to websites that might present a security risk. This process is also known as IEHarden. For more information, see Internet Explorer: Enhanced Security Configuration.

Original product version: В Internet Explorer
Original KB number: В 4551931

The default setting for Internet Explorer ESC

This feature is enabled by default on servers.

The effects of enabling Internet Explorer ESC

Internet Explorer ESC adjusts the Internet Explorer extensibility and security settings to reduce exposure to possible future security threats. These settings are on the Advanced tab of Internet Options in Control Panel. The following table describes the settings.

Feature	Entry	Setting	Result
Browsing	Display Enhanced Security Configuration dialog box.	On	Displays a dialog box to notify you when an internet site tries to use scripting or ActiveX Controls.
Browsing	Enable Browser Extensions.	Off	Disables features that you installed for use together with Internet Explorer that are created by companies other than Microsoft.
Browsing	Enable Install on Demand (Internet Explorer).	Off	Disables installing Internet Explorer components on demand, if required by a webpage.
Browsing	Enable Install on Demand (Other).	Off	Disables installing web components on demand, if required by a webpage.
Microsoft VM	Just-in-time (JIT) compiler for virtual machine enabled (requires restart).	Off	Disables the Microsoft VM compiler.
Multimedia	Do not display online content in the media bar.	On	Disables playback of media content in the Internet Explorer media bar.
Multimedia	Do not display online content in the media bar.	On	Disables playback of media content in the Internet Explorer media bar.
Multimedia	Play animations in webpages.	Off	Disables animations.
Multimedia	Play videos in webpages.	Off	Disables video clips.
Security	Check for server certificate revocation (requires restart).	On	Automatically checks a website’s certificate to see whether the certificate has been revoked before accepting the certificate as valid.
Security	Check for signatures on downloaded programs.	On	Automatically verifies and displays the identity of programs that you download.
Security	Do not save encrypted pages to disk.	On	Disables saving secured information in your Temporary Internet Files folder.
Security	Empty Temporary Internet Files folder when browser is closed.	On	Automatically clears the Temporary Internet Files folder when you close the browser.

These changes reduce the functionality in webpages, web-based applications, local network resources, and applications that use a browser to display online help, support, and general user assistance.

How to turn off Internet Explorer ESC on Windows servers

To turn off Internet Explorer ESC, follow these steps:

Enter Server Manager in Windows search to start Server manager application.

Select Local Server.

Navigate to the IE Enhanced Security Configuration property, select the current setting to open the property page, select the Off option button for the desired users, and then select OK.

Select the Refresh icon on the Server Manager toolbar to see the new settings reflected in the server manager.

The following video demonstrates this procedure:

How to disable Internet Explorer ESC by using a script

Extract IEHArden_V5.bat from the compressed (.zip) file, and then run it either at an administrative command prompt or as part of log-in script by using the procedure that is documented at How to assign user logon scripts.

Contents of the batch file

How to manage the IEHarden Setting for users by using Group Policy Preferences (GPP)

To change the IEHarden setting for users by using Group Policy Preferences Registry configuration, follow these steps:

Open the GPMCM.msc console, and then navigate to User Configuration > Preferences > Windows Settings.

In the navigation pane, right-click the Registry object, and then select New > Registry Item.

In IEHarden Properties, specify the following settings:

Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

Value name: IEHarden

Value Type: REG_DWORD

Value data: 0 or 00000000

Select Apply and OK to complete this GPP configuration.

You may also want to check the following registry subkeys if this value does not resolve the problem. In most cases, this is not necessary.

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
• HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

Internet Explorer doesn’t seem to work after you disable ESC by using Server Manager

To troubleshoot this scenario, refer to Standard users can’t turn off Internet Explorer Enhanced Security feature on a Windows Server 2003-based terminal server or a later version. Basically, you may have to enable or disable ESC again. Targeting the registry may be the easiest way to resolve this problem.

Disable Internet Explorer Enhanced Security Configuration in Windows Server 2019/2016

Enhanced Security Configuration (IE ESC) is designed to protect a server from dangerous websites capable to infect system with malware. You need to add a website to the Trusted sites zone to open all its content in IE. Enhanced Security Configuration is enabled by default in Internet Explorer on Windows Server 2019/2016. In most cases such security restrictions are really helpful. But in some cases you might want to allow Internet Explorer open all websites including all third-party content without adding them as trusted ones. Here is how to disable Internet Explorer Enhanced Security Configuration in Windows Server 2019/2016.

Here is an example. When Internet Explorer Enhanced Security Configuration is enabled you see this start page when you launch IE:

When you try to open a website, you will see a pop-up window telling you Content from the website listed below is being blocked by the IE ESC: Here you need to either click Add to add the website to the Trusted sites zone or click Close to open in a restricted mode. In the last case a part of webpage content (such as JavaScript or web fonts) will be unavailable. Consequently, the majority of websites will loose a part of their functionality.

How to disable Internet Explorer Enhanced Security Configuration (IE ESC) on Windows Server 2019/2016

1. Click the Start Button and Launch Server Manager :

Server Manager in Windows Server 2019/2016

Head to Local Server .

Find IE Enhanced Security Configuration and click on On :

Turn off IE ESC for Administrators and/or for Users and click OK :

Now when you launch IE you will see soft configuration page telling you Internet Explorer Enhanced Security Configuration is not enabled:

Internet Explorer Enhanced Security Configuration is not enabled

You can visit all websites without adding them to Trusted sites zone:

Website opens normally when IE ESC is disabled

Читайте также:  Драйвер creative sound blaster creative live 5 1 для windows 10