Original Article: https://www.ryadel.com/en/disable-internet-explorer-enhanced-security-windows-server-2012/


Disable Internet Explorer Enhanced Security in Windows Server 2012

 - by Ryan - 4 Comments. 6.6K
SHARETWEETPIN ITSHARE

Disable Internet Explorer Enhanced Security in Windows Server 2012

If you’re a System Administrator and you’re working with Windows, you surely know what happens everytime you install a new physical or virtualized Windows Server machine: you’re basically unable to download anything because the stock browser (Internet Explorer) blocks any unauthorized connection by default, leaving you with the following choices:

  • Allow hundreds of websites to download from the web everything you need.
  • Allow only the websites required to download Mozilla Firefox or Google Chrome website, download a different browser (with less restrictions) and use that instead.
  • Turn off the Internet Explorer Enhanced Security settings.

Honestly speaking, I often use the second option: however, with the ton of CDN and alternate location URLs used by the download distributors/managers within these past few years, authorizing those needed to allow a Google Chrome or Mozilla Firefox download can be rather slow. This post will guide you on the third option.

UPDATE: One of our readers also suggested a fourth viable option: installing Google Chrome with a Powershell script: if you want to follow that route, we suggest you to read this post. Many thanks to scottt732 for sharing this!

Using the GUI

The quickest way to do that is by using the Windows GUI:

  • On the Windows Server 2012 server desktop, locate and start the Server Manager.
  • Select Local Server from the left-side menu. If you use the Server Manager to manage multiple servers, be sure to select the server where you want to turn off IE Enhanced Security.
  • On the right side of the Server Manager panel, locate the IE Enhanced Security Configuration Setting: it should be turned ON, as it’s the default setting for brand-new installations.
  • Click to the ON (it’s a link) and a popup window will open, where you will be able to disable the Enhanced Security for Administrators and/or for all non-admin users: if you access the PC with an Administrative account it’s wise to disable just the first one, otherwise you might want to disable both: for example, if you need to test Sharepoint or the Outlook Web Interface with a test user, you might have to turn it off for all users to allow the test to be done.

That’s it.

Using PowerShell

If you’re a PowerShell expert, you might find more useful to run this snippet instead:

function Disable-IEESC
{
    $AdminKey = “HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}”
    Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 0
    $UserKey = “HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}”
    Set-ItemProperty -Path $UserKey -Name “IsInstalled” -Value 0
    Stop-Process -Name Explorer
    Write-Host “IE Enhanced Security Configuration (ESC) has been disabled.” -ForegroundColor Green
}
Disable-IEESC

As you can see, lines 3-4 are needed to disable Enhanced Security for Administrators, while lines 5-6 will do that for all other users. Feel free to comment out/remove what you don’t want to do.