| Author | Messages | |
gturner
Posts:26
 | | 09/08/2010 10:33 PM |
| I am looking to manage with Group policy the Enhanced security
configuration (ESC) for IE8 running on a Windows 2008 R2 server running
Remote desktop services (Terminal server).
The server manager is indicating that these ESC settings;
On - Administrators
Off - Users
However as we launch the IE8 on the Terminal server the ESC is clearly
enabled for Users;
This suggests that some sort of (default ?) policy either machine or
user which I can't be sure of is over-riding the values reported by the
server manager.
I have been through the policy editor but unable to find any relevant
policy values, which seem to have moved from Windows 2003 days, so would
be thankful for suggestion in this.
Thanks. G
| | | |
| dmarelia
Posts:394
| | 09/09/2010 6:56 PM |
| Graham-
Have you check RSOP on this box to verify if there is any policy coming down? I am not completely familiar with the defaults on ESC and I would be surprised if there is some default policy in place, but anything is possible with IE!
Darren
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Graham Turner
Sent: Wednesday, September 08, 2010 1:01 PM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] IE8 enhanced security configuration
I am looking to manage with Group policy the Enhanced security configuration (ESC) for IE8 running on a Windows 2008 R2 server running Remote desktop services (Terminal server).
The server manager is indicating that these ESC settings;
On - Administrators
Off - Users
However as we launch the IE8 on the Terminal server the ESC is clearly enabled for Users;
This suggests that some sort of (default ?) policy either machine or user which I can't be sure of is over-riding the values reported by the server manager.
I have been through the policy editor but unable to find any relevant policy values, which seem to have moved from Windows 2003 days, so would be thankful for suggestion in this.
Thanks. G
| | | |
| alanhutchinson
Posts:15
| | 09/09/2010 7:05 PM |
| It's a couple of years since I got entangled with ESC on a terminal
server and unless it's different on W2K8 I really wouldn't touch it with
a barge pole. I ended up rebuilding the servers with it disabled for all
users. Again, I could be wrong but I think these come under the category
of unmanaged policies and as such are difficult to reverse. I also
vaguely remember encountering the issue you're experiencing. Doesn't
answer your question I'm afraid and things may have changed (or it may
have been my incomptence).
Regards,
Alan.
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Graham Turner
Sent: 08 September 2010 21:01
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] IE8 enhanced security configuration
I am looking to manage with Group policy the Enhanced security
configuration (ESC) for IE8 running on a Windows 2008 R2 server running
Remote desktop services (Terminal server).
The server manager is indicating that these ESC settings;
On - Administrators
Off - Users
However as we launch the IE8 on the Terminal server the ESC is clearly
enabled for Users;
This suggests that some sort of (default ?) policy either machine or
user which I can't be sure of is over-riding the values reported by the
server manager.
I have been through the policy editor but unable to find any relevant
policy values, which seem to have moved from Windows 2003 days, so would
be thankful for suggestion in this.
Thanks. G
| | | |
| Marcus1170
Posts:2
| | 09/09/2010 7:28 PM |
| Graham,
Take a look at this article it may help
http://www.ie8blog.com/2009/11/19/how-to-disable-ie-enhance-security-on-
windows-2008-and-windows-2003/
Marcus
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Graham Turner
Sent: Wednesday, September 08, 2010 4:01 PM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] IE8 enhanced security configuration
I am looking to manage with Group policy the Enhanced security
configuration (ESC) for IE8 running on a Windows 2008 R2 server running
Remote desktop services (Terminal server).
The server manager is indicating that these ESC settings;
On - Administrators
Off - Users
However as we launch the IE8 on the Terminal server the ESC is clearly
enabled for Users;
This suggests that some sort of (default ?) policy either machine or
user which I can't be sure of is over-riding the values reported by the
server manager.
I have been through the policy editor but unable to find any relevant
policy values, which seem to have moved from Windows 2003 days, so would
be thankful for suggestion in this.
Thanks. G
| | | |
| fantomen
Posts:3
| | 09/09/2010 9:25 PM |
| I can't see that you can configure ESC in any way with GP.
Have you tried to turn it on and then off again to see if that helps.
Are you really sure you are running IE as a "normal" user. Run Whoami.exe
/USER /GROUP to make sure you don't belong to a group you shouldn't.
G Johansson
2010/9/9 Hutchinson, Alan <xxxxxxxxxxxxxxxx>
> It's a couple of years since I got entangled with ESC on a terminal
> server and unless it's different on W2K8 I really wouldn't touch it with a
> barge pole. I ended up rebuilding the servers with it disabled for all
> users. Again, I could be wrong but I think these come under the category of
> unmanaged policies and as such are difficult to reverse. I also vaguely
> remember encountering the issue you're experiencing. Doesn't answer your
> question I'm afraid and things may have changed (or it may have been my
> incomptence).
>
> Regards,
>
> Alan.
>
> ------------------------------
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Graham Turner
> *Sent:* 08 September 2010 21:01
>
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* [gptalk] IE8 enhanced security configuration
>
> I am looking to manage with Group policy the Enhanced security
> configuration (ESC) for IE8 running on a Windows 2008 R2 server running
> Remote desktop services (Terminal server).
>
>
>
> The server manager is indicating that these ESC settings;
>
>
>
> On – Administrators
>
> Off – Users
>
>
>
> However as we launch the IE8 on the Terminal server the ESC is clearly
> enabled for Users;
>
>
>
> This suggests that some sort of (default ?) policy either machine or user
> which I can’t be sure of is over-riding the values reported by the server
> manager.
>
>
>
> I have been through the policy editor but unable to find any relevant
> policy values, which seem to have moved from Windows 2003 days, so would be
> thankful for suggestion in this.
>
>
>
> Thanks. G
>
>
>
| | | |
| gturner
Posts:26
| | 09/09/2010 10:12 PM |
| Thanks to those who have responded on this.
I had found the www.ie8blog.com <http://www.ie8blog.com/> reference and
applied the reg change to get the ESC to be off for Admins & users and
consistent with the server manager GUI.
I can only assume this resulted from an 'improper' order of ESC
configuration and enabling the RDS.
However when I run IE8 with this setting, this seems to 'stick' for
Administrators, and I get the IE8 reconfigured without ESC.
For users - no joy !
ESC still enabled, but what I did get to happen was that we can then add
sites to the Trusted sites etc. which was previously greyed as per
numerous Internet references !
This gives us a 'workaround' albeit with not the desired result.
I agree with the sentiment of my fellow Southampton-ite !
This is not good !
As this happens for new user profiles, I suspect somewhere that values
have got tattooed into 'default' user profile, or perhaps the 'runonce'
script that seems to execute some browser customization.
Advices in how to look at the 'runonce' script would be helpful, but for
now this has to remain unresolved.
Thanks again
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of
xxxxxxxxxxxxxxxx
Sent: 09 September 2010 17:52
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] IE8 enhanced security configuration
Graham,
Take a look at this article it may help
http://www.ie8blog.com/2009/11/19/how-to-disable-ie-enhance-security-on-
windows-2008-and-windows-2003/
Marcus
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Graham Turner
Sent: Wednesday, September 08, 2010 4:01 PM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] IE8 enhanced security configuration
I am looking to manage with Group policy the Enhanced security
configuration (ESC) for IE8 running on a Windows 2008 R2 server running
Remote desktop services (Terminal server).
The server manager is indicating that these ESC settings;
On - Administrators
Off - Users
However as we launch the IE8 on the Terminal server the ESC is clearly
enabled for Users;
This suggests that some sort of (default ?) policy either machine or
user which I can't be sure of is over-riding the values reported by the
server manager.
I have been through the policy editor but unable to find any relevant
policy values, which seem to have moved from Windows 2003 days, so would
be thankful for suggestion in this.
Thanks. G
| | | |
|
|