SBS 2011 Internet Explorer security too high

Posted on 2011-02-18
Medium Priority
Last Modified: 2012-05-11
I want to know how to completely eliminate any security pop ups from browsing on IE8 on my SBS 2011 standard server. I mean eliminate those ADD/CLOSE dialog boxes that pop up and get in the way of everything you are trying to do.

I understand the risks already, that's not what this question is about.

Question by:dgrenda
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 59

Accepted Solution

Cliff Galiher earned 2000 total points
ID: 34929505
The solution is to open "Server Manager" (not the SBS console) and click on the link to manage "ESC" for IE. From there you can turn on or off ESC for administrators or all users.


Author Comment

ID: 34935060
On an important (to me) question I asked some time ago, I was receiving comments from an individual whose english was terrible and more importantly whose comments were completely ridiculous and counter-productive. I actually thought I was being messed with. It was frustrating in the face of what I needed to get done.

After a couple of time wasting comments I replied to this individual and told him to quit wasting my time and not to use this forum to practice his english. One of you moderators came down very hard on me for offending this individual's feelings and reminded me that the experts are here out of the goodness of their hearts and I should remember that or take a hike.

Now the tables are turned and once again it's the favored "expert" who is supported after actually insulting me.

I apologize to all involved here. I realize now that I have misunderstood the way this place works and what my premium membership actually entitles me to. I missed the fine print about insiders and outsiders.

I will ignore future insults and just concentrate on getting my questions answered. However I will not award this individual any points for the hassle he has caused me.

Again, apologies and I will refrain from any extraneous interaction and ignore any such from your experts.

Author Closing Comment

ID: 34937856
In the interest of moving forward, here are the points awarded. I just didn't appreciate being made to look stupid. This entire website is based on people's ability to ask all sorts of questions. What's the use if you are going to be insulted as stupid for asking?

Anyway, I appreciate the site for those folks who are truly helpful. I will limit any future off topic discussion and will ignore any such discussion given to me.

So I apologize for my portion of the issue. I appreciate the assistance.
LVL 59

Expert Comment

by:Cliff Galiher
ID: 34938773
Since my original answer was (understandably) edited, I want to reiterate that while my answer is the correct process to disable ESC, I also think disabling it is a *very bad* idea.

It was never my intention to make you "look stupid." I do use sarcasm as an instructional tool and I realize that rubs some people the wrong way. Browsing from a server is something I happen to be particulary passionate about so I posted my response as I did to drive home a point. I write my responses not just for the questioner, but also understanding that EE encourages users to search for other questions before posting their own and this questoin could be viewed by others. As such, even if you understand the risks of browsing from the server, the next person reading this questoin (and answer) may not, so I want my answer (And hence this follow-up) to be *VERY CLEAR* on the point that, while it can be done, it is rarely (if ever) a good idea.

I genuinely cannot think of a single situation where I'd want to browse on the server. Downloading patches can be done from a workstation and saved to the server or saved to a USB key. Searching error messages or event viewer links can be done from a workstation as well. Even Microsoft's support site can serve up the occasional banner ad, and banner ads can carry malicious code. I just cannot in good conscience recommend browsing from the server under any circumstance.

With that said, if there were truly a unique circumstance where it was required, I still wouldn't turn off ESC. IE ESC provides a sandbox that protects the OS from IE. Disabling IE essentially removes that sandbox which means any exploit of Active-X, Java, Flash, or similar now has direct access to the OS. If I were required to browse from the server, I'd grab a portable browser so it left no install footprint and use one that didn't have add-ons or, most notably, Active-X. As of today, my choice would be a portable version of Chrome, which I always have on a USB key as part of my toolbox, but that may change as newer browser editions surface and their security footprint changes.

So I hope that better explains my position, why I posted as I did, and provides some additional information for anybody who happens to read this questions. As far as the personal contention, I apologize for my part in that my sarcasm was easily misunderstood. I could have done a better job of explaining my position in my initial answer.


Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question