You can turn off IE ESC for Administrators and/or for users. Then you scroll down to the Security Information Section and click “Configure IE ESC”. Internet Explorer Enhanced Security Configuration established.
You have to click on the root folder in Server Manager. By default, Internet Explorer Enhanced Security Configuration is enabled on Windows Server OS. In Windows Server 2008, this doesn’t work anymore.
In Windows Server 2003, one has to uninstall the corresponding Windows Component. When a standard user clears the Internet Explorer Enhanced Security Configuration check box, the check box remains clear as expected. In a test environment, where one doesn’t need this extra security, it makes sense to just disable Internet Explorer Enhanced Security. After you configure a Microsoft Windows Server 2003-based terminal server or a later version of the operating system, standard users can't turn off the Internet Explorer Enhanced Security Configuration feature. This browser is more secure than IE or Firefox because the bad guys usually only focus on popular browsers. Internet Explorer Enhanced Security Configuration (IE ESC) establishes security settings that define how users browse Internet and intranet Web sites.These settings also reduce the exposure of your server to Web sites that might present a security risk. And, I seriously doubt, that those who really do, know what they are actually adding to their trusted site zones all the time.Īnyway, my recommendation is to use Opera if you really have to access web pages on a productive server. In this short post you will see the steps to disable IE enhanced security in windows server 2012 R2. I wonder who really uses IE on a server this way. If you click on any link the click orgy will usually start again. You may only have to press the Best Practices buttons and check the ciphers list. A whole lot of the Internet is running TLS 1.2 only now so won't / can't talk to you if its not on. If you decide not to add the site to the trusted sites zone you might get away with just six clicks. Been a while, since I looked at Window Server 2016, but for may previous versions of WIndows Server, out of the box it is only set for TLS 1.0 and not 1.1 or 1.2. I had to click about ten times on this security prompt until the page was finally displayed. I just tried to access Microsoft’s homepage on a freshly installed Windows Server 2008. Not because it really enhances security, but because it makes IE literally useless. Unfortunately, Microsoft doesn’t allow this, though IE ESC comes very close to a disabled Internet Explorer. So the best way to enhance security would be if one could uninstall IE entirely. But let me explain first why I think that disabling Internet Explorer Enhanced Security is a good thing to do.įirst of all, one shouldn’t open web pages on production server, anyway.
Feel free to do this in a comment box below.
Usually, when you explain publicly how to turn off a security feature you will be confronted with protests in a moralizing undertone.