Sunday, July 19, 2009

Disable IE Enhanced Security on 2008 Server

Disable IE Enhanced Security on 2008 Server



Well, as with many other things, the method to remove the IE Enhanced Security Configuration from 2008 windows server has moved. It was once easily found in the familiar Add/Remove programs applet through control panel and clicking on windows components would reveal additional options installed by the the OS for specific functions or roles of the server to operate. Now, it's moved to server manager in Windows Server 2008.
Windows Server 2008 installs by default with the Internet Explorer Enhanced Security enabled. So if you noticed, the Add/Remove programs in Control Panel is no longer used for adding and removing any Microsoft windows Server operating components. For so many years it was in that location, found through control panel but now it has changed with the new face of Windows Server 2008 so we all need to get used to as we've done for many other changes.

Server Manager is now used for managing Server Components, mainly throught the Roles and Features nodes, but IE Enhanced security is not listed here either. Remove IE Enhanced
Security with Server Manager:
Start -> Administrative Tools -> Server Manager
The root node is highlighted, in the right column, under the Security Information heading, click Configure IE ESC
Disable IE ESC for Administrators and/or Users

Having the enhanced security applied to the browser by default on servers is a nice thing to have. Many of us however do use the browser on the server to find driver updates and other things we need to perform tasks on the server wicthout the extra security nag.
Disable with Script or Registry Edit:
There will be a need somewhere to disable the Enhanced security feature of Windows server 2008 by using a script based method for automation of the process or by manully making the edits in the registry. Disable 2008's enhanced security using a script or a direct manual registry edit is through a registry setting that the GUI modifies. Specifically the IEHardenAdmin and IEHardenUser, so you could use a simple script to modify this setting. Refer to the following TechNet Article for more information.
http://technet.microsoft.com/en-us/library/cc749170.aspx