Enhanced Security Configuration

Turn Off Internet Explorer Enhanced Security Configuration

How To Turn Off Internet Explorer Enhanced Security Configuration


Windows Server 2008 R2

Windows Server 2012 R2 Instructions --> scroll down

There are a few hiccups in the process of using a Windows Server Machine to do demonstrations. This is one of the first I encountered.


When you hit Internet Explorer for the first time (and every time) to demo something online you are presented with this message. Windows Server 2008 R2 has a built in Internet Explorer Security Configuration enabled for any user who sits at the console of the server. However there are circumstances, where you want to change the default behavior.

If you need to disable the IE ESC here is what you do.

1. Open the Server Manager Tool. Configure IE ESC is located on the right hand side of the interface in the section heading Security Information.


2. Select the link Configure IE Esc and the configuration window will open.


At this point you can choose whether to turn off IE ESC for Administrators or for Users or for both. I am going to turn it off for administrators since my account is an administrative account.

3. Open Internet Explorer and notice the glaring Warnings that IE ESC has been disabled. I find it funny that we list exactly how to turn IE ESC back on but on the initial page we never told you how to turn it off.


4. If you would like you can change the Local Intranet Zone settings or you can simply request not to have the message displayed in the future. And then you can visit Bing.com


5. One last suggestion. Change your homepage to Bing.com so that next time you open your Internet Explorer browser you don’t have to see the IE ESC message again. Unfortunately unless you change it the message will be the default home page.

And there you have it. A Windows Server 2008 R2 machine that can surf the internet free of IE ESC.


Have you seen this? Or similar in SharePoint 2010?

This is just a quick guide to disabling the setting that makes Internet Explorer unbarable in a labb or test environment. Often, you do use the browser on the lab, dev or test server to quickly verify functionality or in SharePoint, to access Central Administration web site and make the first initial configurations. When IE ESC is eneabled, you get popups all the time and you are asked to add every new url to the IE trusted sites zone.
So, on a dev, test or lab server, it is ok to disable it, at least if you ask me. As long as you are aware of what you are doing and that it after all does provide an extra layer of security.
At the end of this post, I have added what all the settings in IE ESC really does, one by one.

Updated 2013-02-06 – Added link menu

Server2012_Logo_small Disable IE ESC using the GUI – Graphical User Interface
powershell_logo_small Disable IE ESC using PowerShell
Server2012_Logo_small General Information about IE ESC

GUI – Graphical User Interface

The steps:

1. On the Windows Server 2012 server desktop, locate and start the Server Manager.

2. Select Local Server (The server you are currently on and the one that needs IE ESC turned off)

3. On the right side of the Server Manager, you will by default find the IE Enhanced Security Configuration Setting. (The default is On)

4. You have two settings that can be disabled, one only affects the Administrators and the other all users. The preferred method when testing (if for example SharePoint) is to use a non-admin account and if that is the case, disable the IEESC only for users. Using a local administrator account would cause an additional threat to security and it will also often not give you the required result in tests, since the administrator has permissions where a normal user do not.
Make your selection to Off for Administrators, Users or both.

5. In this example, I have selected to completely disable Internet Explorer Enhanced Security. When your seelction is made, click OK.

6. Back in the Server Manager, you will see that the setting has not changed at all. Press F5 to refresh the Server Manager and you wil see that it is changed to Off.

Done, open up a IE browser windows and try to access any internal site to test the setting, you will notice that you no longer are prompted in the same way.

Was this article helpful?

mood_bad Dislike 0
mood Like 0
visibility Views: 2172