• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3812
  • Last Modified:

Unable to disable IE ESC on Terminal Server

We have recently set up a Terminal Server so that Teachers and Students can access there work remotely. The Server is running Windows 2008 R2 Enterprise SP1 with the Remote Desktop Services Role installed.

The problem we are having is that we want to disable IE Enhanced Security Configuration for all users but currently it only works for Teachers and not for Students. We have turned off IE ESC in Server Manager for both Administrators and Users and I have also followed the suggested fix from technet forums http://social.technet.microsoft.com/forums/en-US/winserverGP/thread/14aa9d58-0e06-4236-b92c-ca770a464073 

After installing the additional Group Policy settings I configured them to disable IE ESC for both Administrators and Users then rebooted the Server and ran RSOP logged in as both a Teacher and a Student and both reported that IE ESC was disabled ( Have attached image IE-ESC-RSOP.jpg).

Still Student users are getting the notifications that websites are blocked by IE ESC ( attached screenshot Student IE ESC.jpg).

All I can think is it's a Group Policy that is over ruling the policy to disable IE ESC but can't for the life of me figure out which one. Any suggestions or help would be much appreciated as i'm running out of ideas...

IE-ESC-RSOP.jpg
Student-IE-ESC.jpg
0
Evotec-IT
Asked:
Evotec-IT
  • 4
  • 2
1 Solution
 
connectexCommented:
I've posted this before but here we go again. Microsoft wants you to configure this IE lockdown settings prior to installing Remote Desktop Services (or the formally known terminal services). So you've set the lockdown settings but unfortunately it doesn't take for all existing users. Here how you can fix it. I hate to say I haven't seen a better way as of yet. You need to do a reset on IE under the user's logon. To do so, Open IE. Go to Tools->Internet Options. Click on the Advanced tab. Click the Reset button and complete the reset of the process. Close and re-open IE and now no more lockdown.
0
 
Evotec-ITAuthor Commented:
Thanks connectex I did see your previous post but as I mentioned in my original post this is a school environment so we're talking about 2000 students with IE locked down. So unfortunately your suggestion isn't really workable for our situation.

The other problem is it happens to both Students that existed before RD Services were installed and it still happens to Student created afterwards. Teacher Accounts created before and after are both fine so the fact it only affects students suggests to me it's a Group Policy setting.

I'll try running Gpresult which i'd forgotten about till just now and compare the results for both a  Student and Teacher to see if I can spot anything that might be relevant but apart from that i'm out of ideas so if anyone else has a suggestion i'd be happy to hear it.

Thanks.
.
0
 
connectexCommented:
I've searched a lot on this issue when I first discovered one it at one of my installations. It was a pain in the butt for only a small number of users. But I've yet to find another fix that actually works. You could send e-mails with complete directions as end user can complete the all the steps themselves. I know it seems like it should be easier but I'm still looking for the better solution. It's been posted here at least three times now and no one else seems to have found a better way.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Evotec-ITAuthor Commented:
I just found this article which looks really promising -

http://www.ie8blog.com/2009/11/19/how-to-disable-ie-enhance-security-on-windows-2008-and-windows-2003/ 

Will post back results of how it goes.
0
 
Evotec-ITAuthor Commented:
The above solution worked perfectly. I just created a batch file using the supplied code and pushed it out using Group Policy.
0
 
Evotec-ITAuthor Commented:
Because I figured it out myself, the only other suggestion offered wasn't relevant to my situation.
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now