Windows Server 2008: Manage Internet Explorer Enhanced Security Configuration

In Windows Server 2003, Microsoft introduced the Internet Explorer Enhanced Security Configuration feature. In many organizations, the first task that admins take is to disable this "feature" as it can very quickly become a hindrance to getting work done. To disable the feature, you had to use ASdd/Remove Programs, select Windows Components, and uncheck the Internet Explorer Enhanced Security Configuration checkbox and you were back to a normal browsing experience.

Microsoft has also included this security feature in Windows Server 2008. However, disabling and managing the feature in Windows Server 2008 requires a different process.

  • First, open the Server Manager by going to Start > Server Manager
  • In the Server Manager browse to the Security Information section and click Configure IE ESC. In the figure below, IE ESC is located in the very lower right-hand corner of the window.
  • Server Manager

  • In the Internet Explorer Enhanced Security Configuration window decide for whom you want IE ESC enabled or disabled and click OK.

    IE ESC options

  • About

    Since 1994, Scott Lowe has been providing technology solutions to a variety of organizations. After spending 10 years in multiple CIO roles, Scott is now an independent consultant, blogger, author, owner of The 1610 Group, and a Senior IT Executive w...


    hai i have server 2008 ads dns and i have to give internet how is possiable how is possiable please give me instrustion


    So, after applying Win2008 SP2, I can disable these settings, but on our terminal server, users still get the warning pop-ups that the specific site they try to browse to is not listed in their trusted sites and we have users complaining about the continual pop-ups. Is there a way to COMPLETELY remove ESC on terminal servers in Win2008?


    Change this key under the user profile with the following values: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap] ???IEHarden???=dword:00000000 ???UNCAsIntranet???=dword:00000000 ???AutoDetect???=dword:00000001

    Editor's Picks