Solved

Internet Explorer Enhanced Security Configuration

Posted on 2003-11-20
10
1,622 Views
Last Modified: 2008-01-09
Setup:

2x Windows 2000 domain controllers
3x Windows 2000 Advanced Server's running Terminal Services
2x Windows 2003 Server Enterprise Edition servers running Terminal Services
1x Windows 2000 Server running IIS for web hosting

One of the applications used through terminal services is a web based application that uses some Java script. This program runs fine when logging onto a 2k Apps server, but when you logon to the new 2003 servers the application gives the following error message when launching IE:

"Content within this application coming from the website listed below is being blocked by Internet Explorer Enhanced Security Configuration. http://192.168.2.253. If you trust this web-site you can lower your security configurations . . . .etc."

Users are then prompted to add this site to thier trusted sites zone to be able to procede. Once added the problem goes away for this user.

The problem is, there are thousands of users and we need this software to work seemlessly without any security pop-ups like this. I have gone into Windows components and un-installed the Internet Explorer Enhanced Security Configuration but this has made no difference. I have configured the domain policy to add the site in question to the trusted sites zone for all users, but this policy just doesn't seem to implement when users log on. They still get the same error message and the only sites in the trusted zones listing are MS windows update sites.

The software we use must use IE as the browser. The browser software is only a small part of the whole package and so bandwidth/load to the IIS box is not in question. The rest of the software package (written in VB mainly) runs fine on the 2003 servers. The Apps servers use MS load balancing for TS logon's and are all high spec servers on a 100Mbps / 1Gbps LAN.

Is there anyway I can disable/switch off the IE Enhanced Security Configuration without having to deploy IEAK or something?

Cheers in advance.
0
Comment
Question by:pah250
  • 3
  • 2
  • 2
  • +1
10 Comments
 
LVL 3

Expert Comment

by:Chris_Picciotto
ID: 9788023
The solution i'm thinking of would require you to use group policy to either add the sites to the trusted sites list ( In group policy User Configuration\Windows Settings\Internet Explorer Maintenance\Security) You would then either adjust the security settings accordingly or add the appropriate sites to the trusted sites list.

This also depends on how your AD is setup.

Hope this gives you an idea.

0
 

Author Comment

by:pah250
ID: 9788480
Tried this. Everytime I click to edit the Security Zones and Privacy I get a long winded warning message that says "You have chosen to import settings that are compatible with computers that don't have IE Enhanced Security Configuration enabled. These security settings wil be ignored on machines where the enhanced security configuration is enabled" .I have dissabled the Enhanced Security Configuration on all the 2003 boxes and configured this policy for the domain, but it has no effect.
0
 
LVL 3

Expert Comment

by:Chris_Picciotto
ID: 9790752
What service pack are you running on the 2000 domain controllers?
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:pah250
ID: 9800768
All the 2K servers are SP4

I've managed to sort it though now. There is a registry key in HKCU that stores all the security information and website entries for all 4 security zones in IE. Just needed to export the key to file and add it into the common logon script for all users - job done.
0
 
LVL 2

Accepted Solution

by:
Lunchy earned 0 total points
ID: 10084034
PAQed, with points refunded (250)

Lunchy
Friendly Neighbourhood Community Support Admin
0
 
LVL 2

Expert Comment

by:epsilonx
ID: 12107409
pah250:  Can you post the registry key that was necessary?  The settings in the HKCU\Software\Internet Explorer\Security key don't seem to cut it.
0
 

Author Comment

by:pah250
ID: 12111895
The solution that we use to get around this is to first create a new user with domain admin rights and log on to the windows 2003 terminal server. Then use IE to add in all the internal websites that domain users will need to access in the course of thise normal life (users are restricted a a pre-set list of internal websites only). Then export the following hive and all sub hives:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]

Then we add this registry file into the logon scripts for all domain users giving each user trusted access to our predefined list of internal web sites. Problem solved.
0
 
LVL 2

Expert Comment

by:epsilonx
ID: 12112913
Ah, OK.  I thought it was a solution to enabling web access to any websites.  What you've got here you can also do in group policies, but sometimes the good ol' reg file works just as well.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Application Deployment - Simple 7 652
Server 2012R2 Foundation and Server 2000 3 131
DNS server query - zone verus cache 5 188
Running Baan iV on VMware 3 163
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Starting your own business is always a daunting process, and for most people it is brand new experience. Avoid the common pitfalls by following these tips to start on the road to success.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question