Solved

Internet Explorer Enhanced Security Configuration

Posted on 2003-11-20
10
1,611 Views
Last Modified: 2008-01-09
Setup:

2x Windows 2000 domain controllers
3x Windows 2000 Advanced Server's running Terminal Services
2x Windows 2003 Server Enterprise Edition servers running Terminal Services
1x Windows 2000 Server running IIS for web hosting

One of the applications used through terminal services is a web based application that uses some Java script. This program runs fine when logging onto a 2k Apps server, but when you logon to the new 2003 servers the application gives the following error message when launching IE:

"Content within this application coming from the website listed below is being blocked by Internet Explorer Enhanced Security Configuration. http://192.168.2.253. If you trust this web-site you can lower your security configurations . . . .etc."

Users are then prompted to add this site to thier trusted sites zone to be able to procede. Once added the problem goes away for this user.

The problem is, there are thousands of users and we need this software to work seemlessly without any security pop-ups like this. I have gone into Windows components and un-installed the Internet Explorer Enhanced Security Configuration but this has made no difference. I have configured the domain policy to add the site in question to the trusted sites zone for all users, but this policy just doesn't seem to implement when users log on. They still get the same error message and the only sites in the trusted zones listing are MS windows update sites.

The software we use must use IE as the browser. The browser software is only a small part of the whole package and so bandwidth/load to the IIS box is not in question. The rest of the software package (written in VB mainly) runs fine on the 2003 servers. The Apps servers use MS load balancing for TS logon's and are all high spec servers on a 100Mbps / 1Gbps LAN.

Is there anyway I can disable/switch off the IE Enhanced Security Configuration without having to deploy IEAK or something?

Cheers in advance.
0
Comment
Question by:pah250
  • 3
  • 2
  • 2
  • +1
10 Comments
 
LVL 3

Expert Comment

by:Chris_Picciotto
ID: 9788023
The solution i'm thinking of would require you to use group policy to either add the sites to the trusted sites list ( In group policy User Configuration\Windows Settings\Internet Explorer Maintenance\Security) You would then either adjust the security settings accordingly or add the appropriate sites to the trusted sites list.

This also depends on how your AD is setup.

Hope this gives you an idea.

0
 

Author Comment

by:pah250
ID: 9788480
Tried this. Everytime I click to edit the Security Zones and Privacy I get a long winded warning message that says "You have chosen to import settings that are compatible with computers that don't have IE Enhanced Security Configuration enabled. These security settings wil be ignored on machines where the enhanced security configuration is enabled" .I have dissabled the Enhanced Security Configuration on all the 2003 boxes and configured this policy for the domain, but it has no effect.
0
 
LVL 3

Expert Comment

by:Chris_Picciotto
ID: 9790752
What service pack are you running on the 2000 domain controllers?
0
 

Author Comment

by:pah250
ID: 9800768
All the 2K servers are SP4

I've managed to sort it though now. There is a registry key in HKCU that stores all the security information and website entries for all 4 security zones in IE. Just needed to export the key to file and add it into the common logon script for all users - job done.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 2

Accepted Solution

by:
Lunchy earned 0 total points
ID: 10084034
PAQed, with points refunded (250)

Lunchy
Friendly Neighbourhood Community Support Admin
0
 
LVL 2

Expert Comment

by:epsilonx
ID: 12107409
pah250:  Can you post the registry key that was necessary?  The settings in the HKCU\Software\Internet Explorer\Security key don't seem to cut it.
0
 

Author Comment

by:pah250
ID: 12111895
The solution that we use to get around this is to first create a new user with domain admin rights and log on to the windows 2003 terminal server. Then use IE to add in all the internal websites that domain users will need to access in the course of thise normal life (users are restricted a a pre-set list of internal websites only). Then export the following hive and all sub hives:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]

Then we add this registry file into the logon scripts for all domain users giving each user trusted access to our predefined list of internal web sites. Problem solved.
0
 
LVL 2

Expert Comment

by:epsilonx
ID: 12112913
Ah, OK.  I thought it was a solution to enabling web access to any websites.  What you've got here you can also do in group policies, but sometimes the good ol' reg file works just as well.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Suggested Solutions

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now