[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Unable to disable IE ESC on Terminal Server

Posted on 2011-03-16
6
Medium Priority
?
3,675 Views
Last Modified: 2013-12-08
We have recently set up a Terminal Server so that Teachers and Students can access there work remotely. The Server is running Windows 2008 R2 Enterprise SP1 with the Remote Desktop Services Role installed.

The problem we are having is that we want to disable IE Enhanced Security Configuration for all users but currently it only works for Teachers and not for Students. We have turned off IE ESC in Server Manager for both Administrators and Users and I have also followed the suggested fix from technet forums http://social.technet.microsoft.com/forums/en-US/winserverGP/thread/14aa9d58-0e06-4236-b92c-ca770a464073 

After installing the additional Group Policy settings I configured them to disable IE ESC for both Administrators and Users then rebooted the Server and ran RSOP logged in as both a Teacher and a Student and both reported that IE ESC was disabled ( Have attached image IE-ESC-RSOP.jpg).

Still Student users are getting the notifications that websites are blocked by IE ESC ( attached screenshot Student IE ESC.jpg).

All I can think is it's a Group Policy that is over ruling the policy to disable IE ESC but can't for the life of me figure out which one. Any suggestions or help would be much appreciated as i'm running out of ideas...

IE-ESC-RSOP.jpg
Student-IE-ESC.jpg
0
Comment
Question by:Evotec-IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 13

Expert Comment

by:connectex
ID: 35153436
I've posted this before but here we go again. Microsoft wants you to configure this IE lockdown settings prior to installing Remote Desktop Services (or the formally known terminal services). So you've set the lockdown settings but unfortunately it doesn't take for all existing users. Here how you can fix it. I hate to say I haven't seen a better way as of yet. You need to do a reset on IE under the user's logon. To do so, Open IE. Go to Tools->Internet Options. Click on the Advanced tab. Click the Reset button and complete the reset of the process. Close and re-open IE and now no more lockdown.
0
 

Author Comment

by:Evotec-IT
ID: 35153829
Thanks connectex I did see your previous post but as I mentioned in my original post this is a school environment so we're talking about 2000 students with IE locked down. So unfortunately your suggestion isn't really workable for our situation.

The other problem is it happens to both Students that existed before RD Services were installed and it still happens to Student created afterwards. Teacher Accounts created before and after are both fine so the fact it only affects students suggests to me it's a Group Policy setting.

I'll try running Gpresult which i'd forgotten about till just now and compare the results for both a  Student and Teacher to see if I can spot anything that might be relevant but apart from that i'm out of ideas so if anyone else has a suggestion i'd be happy to hear it.

Thanks.
.
0
 
LVL 13

Expert Comment

by:connectex
ID: 35153843
I've searched a lot on this issue when I first discovered one it at one of my installations. It was a pain in the butt for only a small number of users. But I've yet to find another fix that actually works. You could send e-mails with complete directions as end user can complete the all the steps themselves. I know it seems like it should be easier but I'm still looking for the better solution. It's been posted here at least three times now and no one else seems to have found a better way.
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 

Accepted Solution

by:
Evotec-IT earned 0 total points
ID: 35153879
I just found this article which looks really promising -

http://www.ie8blog.com/2009/11/19/how-to-disable-ie-enhance-security-on-windows-2008-and-windows-2003/ 

Will post back results of how it goes.
0
 

Author Comment

by:Evotec-IT
ID: 35155509
The above solution worked perfectly. I just created a batch file using the supplied code and pushed it out using Group Policy.
0
 

Author Closing Comment

by:Evotec-IT
ID: 35187282
Because I figured it out myself, the only other suggestion offered wasn't relevant to my situation.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question