Solved

Unable to disable IE ESC on Terminal Server

Posted on 2011-03-16
6
3,206 Views
Last Modified: 2013-12-08
We have recently set up a Terminal Server so that Teachers and Students can access there work remotely. The Server is running Windows 2008 R2 Enterprise SP1 with the Remote Desktop Services Role installed.

The problem we are having is that we want to disable IE Enhanced Security Configuration for all users but currently it only works for Teachers and not for Students. We have turned off IE ESC in Server Manager for both Administrators and Users and I have also followed the suggested fix from technet forums http://social.technet.microsoft.com/forums/en-US/winserverGP/thread/14aa9d58-0e06-4236-b92c-ca770a464073 

After installing the additional Group Policy settings I configured them to disable IE ESC for both Administrators and Users then rebooted the Server and ran RSOP logged in as both a Teacher and a Student and both reported that IE ESC was disabled ( Have attached image IE-ESC-RSOP.jpg).

Still Student users are getting the notifications that websites are blocked by IE ESC ( attached screenshot Student IE ESC.jpg).

All I can think is it's a Group Policy that is over ruling the policy to disable IE ESC but can't for the life of me figure out which one. Any suggestions or help would be much appreciated as i'm running out of ideas...

IE-ESC-RSOP.jpg
Student-IE-ESC.jpg
0
Comment
Question by:Evotec-IT
  • 4
  • 2
6 Comments
 
LVL 13

Expert Comment

by:connectex
ID: 35153436
I've posted this before but here we go again. Microsoft wants you to configure this IE lockdown settings prior to installing Remote Desktop Services (or the formally known terminal services). So you've set the lockdown settings but unfortunately it doesn't take for all existing users. Here how you can fix it. I hate to say I haven't seen a better way as of yet. You need to do a reset on IE under the user's logon. To do so, Open IE. Go to Tools->Internet Options. Click on the Advanced tab. Click the Reset button and complete the reset of the process. Close and re-open IE and now no more lockdown.
0
 

Author Comment

by:Evotec-IT
ID: 35153829
Thanks connectex I did see your previous post but as I mentioned in my original post this is a school environment so we're talking about 2000 students with IE locked down. So unfortunately your suggestion isn't really workable for our situation.

The other problem is it happens to both Students that existed before RD Services were installed and it still happens to Student created afterwards. Teacher Accounts created before and after are both fine so the fact it only affects students suggests to me it's a Group Policy setting.

I'll try running Gpresult which i'd forgotten about till just now and compare the results for both a  Student and Teacher to see if I can spot anything that might be relevant but apart from that i'm out of ideas so if anyone else has a suggestion i'd be happy to hear it.

Thanks.
.
0
 
LVL 13

Expert Comment

by:connectex
ID: 35153843
I've searched a lot on this issue when I first discovered one it at one of my installations. It was a pain in the butt for only a small number of users. But I've yet to find another fix that actually works. You could send e-mails with complete directions as end user can complete the all the steps themselves. I know it seems like it should be easier but I'm still looking for the better solution. It's been posted here at least three times now and no one else seems to have found a better way.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Accepted Solution

by:
Evotec-IT earned 0 total points
ID: 35153879
I just found this article which looks really promising -

http://www.ie8blog.com/2009/11/19/how-to-disable-ie-enhance-security-on-windows-2008-and-windows-2003/ 

Will post back results of how it goes.
0
 

Author Comment

by:Evotec-IT
ID: 35155509
The above solution worked perfectly. I just created a batch file using the supplied code and pushed it out using Group Policy.
0
 

Author Closing Comment

by:Evotec-IT
ID: 35187282
Because I figured it out myself, the only other suggestion offered wasn't relevant to my situation.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question