?
Solved

Unable to disable IE ESC on Terminal Server

Posted on 2011-03-16
6
Medium Priority
?
3,520 Views
Last Modified: 2013-12-08
We have recently set up a Terminal Server so that Teachers and Students can access there work remotely. The Server is running Windows 2008 R2 Enterprise SP1 with the Remote Desktop Services Role installed.

The problem we are having is that we want to disable IE Enhanced Security Configuration for all users but currently it only works for Teachers and not for Students. We have turned off IE ESC in Server Manager for both Administrators and Users and I have also followed the suggested fix from technet forums http://social.technet.microsoft.com/forums/en-US/winserverGP/thread/14aa9d58-0e06-4236-b92c-ca770a464073 

After installing the additional Group Policy settings I configured them to disable IE ESC for both Administrators and Users then rebooted the Server and ran RSOP logged in as both a Teacher and a Student and both reported that IE ESC was disabled ( Have attached image IE-ESC-RSOP.jpg).

Still Student users are getting the notifications that websites are blocked by IE ESC ( attached screenshot Student IE ESC.jpg).

All I can think is it's a Group Policy that is over ruling the policy to disable IE ESC but can't for the life of me figure out which one. Any suggestions or help would be much appreciated as i'm running out of ideas...

IE-ESC-RSOP.jpg
Student-IE-ESC.jpg
0
Comment
Question by:Evotec-IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 13

Expert Comment

by:connectex
ID: 35153436
I've posted this before but here we go again. Microsoft wants you to configure this IE lockdown settings prior to installing Remote Desktop Services (or the formally known terminal services). So you've set the lockdown settings but unfortunately it doesn't take for all existing users. Here how you can fix it. I hate to say I haven't seen a better way as of yet. You need to do a reset on IE under the user's logon. To do so, Open IE. Go to Tools->Internet Options. Click on the Advanced tab. Click the Reset button and complete the reset of the process. Close and re-open IE and now no more lockdown.
0
 

Author Comment

by:Evotec-IT
ID: 35153829
Thanks connectex I did see your previous post but as I mentioned in my original post this is a school environment so we're talking about 2000 students with IE locked down. So unfortunately your suggestion isn't really workable for our situation.

The other problem is it happens to both Students that existed before RD Services were installed and it still happens to Student created afterwards. Teacher Accounts created before and after are both fine so the fact it only affects students suggests to me it's a Group Policy setting.

I'll try running Gpresult which i'd forgotten about till just now and compare the results for both a  Student and Teacher to see if I can spot anything that might be relevant but apart from that i'm out of ideas so if anyone else has a suggestion i'd be happy to hear it.

Thanks.
.
0
 
LVL 13

Expert Comment

by:connectex
ID: 35153843
I've searched a lot on this issue when I first discovered one it at one of my installations. It was a pain in the butt for only a small number of users. But I've yet to find another fix that actually works. You could send e-mails with complete directions as end user can complete the all the steps themselves. I know it seems like it should be easier but I'm still looking for the better solution. It's been posted here at least three times now and no one else seems to have found a better way.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 

Accepted Solution

by:
Evotec-IT earned 0 total points
ID: 35153879
I just found this article which looks really promising -

http://www.ie8blog.com/2009/11/19/how-to-disable-ie-enhance-security-on-windows-2008-and-windows-2003/ 

Will post back results of how it goes.
0
 

Author Comment

by:Evotec-IT
ID: 35155509
The above solution worked perfectly. I just created a batch file using the supplied code and pushed it out using Group Policy.
0
 

Author Closing Comment

by:Evotec-IT
ID: 35187282
Because I figured it out myself, the only other suggestion offered wasn't relevant to my situation.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question