Solved

Unable to disable IE ESC on Terminal Server

Posted on 2011-03-16
6
3,376 Views
Last Modified: 2013-12-08
We have recently set up a Terminal Server so that Teachers and Students can access there work remotely. The Server is running Windows 2008 R2 Enterprise SP1 with the Remote Desktop Services Role installed.

The problem we are having is that we want to disable IE Enhanced Security Configuration for all users but currently it only works for Teachers and not for Students. We have turned off IE ESC in Server Manager for both Administrators and Users and I have also followed the suggested fix from technet forums http://social.technet.microsoft.com/forums/en-US/winserverGP/thread/14aa9d58-0e06-4236-b92c-ca770a464073 

After installing the additional Group Policy settings I configured them to disable IE ESC for both Administrators and Users then rebooted the Server and ran RSOP logged in as both a Teacher and a Student and both reported that IE ESC was disabled ( Have attached image IE-ESC-RSOP.jpg).

Still Student users are getting the notifications that websites are blocked by IE ESC ( attached screenshot Student IE ESC.jpg).

All I can think is it's a Group Policy that is over ruling the policy to disable IE ESC but can't for the life of me figure out which one. Any suggestions or help would be much appreciated as i'm running out of ideas...

IE-ESC-RSOP.jpg
Student-IE-ESC.jpg
0
Comment
Question by:Evotec-IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 13

Expert Comment

by:connectex
ID: 35153436
I've posted this before but here we go again. Microsoft wants you to configure this IE lockdown settings prior to installing Remote Desktop Services (or the formally known terminal services). So you've set the lockdown settings but unfortunately it doesn't take for all existing users. Here how you can fix it. I hate to say I haven't seen a better way as of yet. You need to do a reset on IE under the user's logon. To do so, Open IE. Go to Tools->Internet Options. Click on the Advanced tab. Click the Reset button and complete the reset of the process. Close and re-open IE and now no more lockdown.
0
 

Author Comment

by:Evotec-IT
ID: 35153829
Thanks connectex I did see your previous post but as I mentioned in my original post this is a school environment so we're talking about 2000 students with IE locked down. So unfortunately your suggestion isn't really workable for our situation.

The other problem is it happens to both Students that existed before RD Services were installed and it still happens to Student created afterwards. Teacher Accounts created before and after are both fine so the fact it only affects students suggests to me it's a Group Policy setting.

I'll try running Gpresult which i'd forgotten about till just now and compare the results for both a  Student and Teacher to see if I can spot anything that might be relevant but apart from that i'm out of ideas so if anyone else has a suggestion i'd be happy to hear it.

Thanks.
.
0
 
LVL 13

Expert Comment

by:connectex
ID: 35153843
I've searched a lot on this issue when I first discovered one it at one of my installations. It was a pain in the butt for only a small number of users. But I've yet to find another fix that actually works. You could send e-mails with complete directions as end user can complete the all the steps themselves. I know it seems like it should be easier but I'm still looking for the better solution. It's been posted here at least three times now and no one else seems to have found a better way.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Accepted Solution

by:
Evotec-IT earned 0 total points
ID: 35153879
I just found this article which looks really promising -

http://www.ie8blog.com/2009/11/19/how-to-disable-ie-enhance-security-on-windows-2008-and-windows-2003/ 

Will post back results of how it goes.
0
 

Author Comment

by:Evotec-IT
ID: 35155509
The above solution worked perfectly. I just created a batch file using the supplied code and pushed it out using Group Policy.
0
 

Author Closing Comment

by:Evotec-IT
ID: 35187282
Because I figured it out myself, the only other suggestion offered wasn't relevant to my situation.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question