Article ID: 908784 - Last Review: October 11, 2007 - Revision: 1.4

New users are still limited by the Internet Explorer Enhanced Security Configuration component in Windows Server 2003 after this component is removed

View products that this article applies to.

On This Page

Expand all | Collapse all

SYMPTOMS

New users are limited to visiting only the sites that are listed in the Local intranet and Trusted sites zones in Microsoft Internet Explorer. This symptom occurs even though you uninstalled the Internet Explorer Enhanced Security Configuration component in Microsoft Windows Server 2003.
Back to the top

RESOLUTION

To resolve this problem, use one of the following methods.
Back to the top

If this problem has not already occurred

To prevent this problem when you are using Sysprep, add the following line to the Sysprep.inf file:
[UNATTENDED]
UpdateServerProfileDirectory=0
Back to the top

If this problem has already occurred

If this problem has already occurred, use one of the following methods.

The server is a member of a domain

If the server is a member of a domain, use an .adm template to unlock users who have to run a computer without the enhanced security. To obtain this .adm template, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?familyid=d41b036c-e2e1-4960-99bb-9757f7e9e31b&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=d41b036c-e2e1-4960-99bb-9757f7e9e31b&displaylang=en)

The server is not a member of a domain

  1. Create a new user account. Name this account "Test_User."
  2. Add the Test_User user account to the Administrators group.
  3. Log on by using the Test_User account. The Test_User account can visit only those sites that are listed in the Local intranet and Trusted sites zones in Internet Explorer.
  4. Add the Internet Explorer Enhanced Security Configuration component. To do this, follow these steps:
    1. Click Start, point to Control Panel, and then click Add or Remove Programs.
    2. Click Add/Remove Windows Components.
    3. In the Components list, click to select the Internet Explorer Enhanced Security Configuration check box, and then click Next.
    4. Click Finish.
  5. Remove the Internet Explorer Enhanced Security Configuration component. To do this, follow these steps:
    1. Click Start, point to Control Panel, and then click Add or Remove Programs.
    2. Click Add/Remove Windows Components.
    3. In the Components list, click to clear the Internet Explorer Enhanced Security Configuration check box, and then click Next.
    4. Click Finish.
  6. Log off the computer.
  7. Log on to the computer by using a different Administrator account.
  8. Rename the Ntuser.dat file in the following folder as " Ntuser.OLD":
    Documents and Settings\Default User
  9. Copy the Ntuser.dat file from the Documents and Settings\Test_User folder to the following folder:
    Documents and Settings\Default User
  10. Fix the existing user profiles. To fix the existing user profiles, use either of the following methods.
    • Method 1: Repair existing user profiles that are new or that contain few changes
      1. Back up any important files that are located in the following folder:
        Documents and Settings\Username\My Documents
        Important Note the user name in this folder.
      2. Delete the following folder:
        Documents and Settings\Username
      3. Log off the computer, and then log back on by using the user name that you noted in step 1. When you log back on, the user's profile is re-created by the new Ntuser.dat file.
      4. Restore any backed-up files to the following folder:
        Documents and Settings\Username\My Documents
    • Method 2: Repair existing user profiles that contains extensive changes
      1. Temporarily add the user account for the user who is experiencing this problem to the Administrators group.
      2. Log on by using the user account from step 1.
      3. Add the Internet Explorer Enhanced Security Configuration component. To do this, follow these steps:
        1. Click Start, point to Control Panel, and then click Add or Remove Programs.
        2. Click Add/Remove Windows Components.
        3. In the Components list, click to select the Internet Explorer Enhanced Security Configuration check box, and then click Next.
        4. Click Finish.
      4. Uninstall the Internet Explorer Enhanced Security Configuration component. To do this, follow these steps:
        1. Click Start, point to Control Panel, and then click Add or Remove Programs.
        2. Click Add/Remove Windows Components.
        3. In the Components list, click to clear the Internet Explorer Enhanced Security Configuration check box, and then click Next.
        4. Click Finish.
      5. Log off, and then log on by using a different user account that is a member of the Administrators group.
      6. Remove the user from the Administrator's group.
Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the top

MORE INFORMATION

About Internet Explorer Enhanced Security Configuration

By default, Microsoft Windows Server 2003 provides the Internet Explorer Enhanced Security Configuration set of security settings. These settings limit the types of content that a user who is at the server can view by using Microsoft Internet Explorer. However, the user can still view sites that are listed in the Local intranet and Trusted sites zones. By default, scripting on pages that are available from the Internet does not run. These settings help to make sure that a local user on a server computer does not download a virus or a harmful file from the Internet that can infect the server. Internet Explorer Enhanced Security Configuration does not affect remote users who are viewing content on the server. Internet Explorer Enhanced Security Configuration only affects users who are running Internet Explorer on the server computer.

Back to the top

Technical support for Windows x64 editions

Your hardware manufacturer provides technical support and assistance for Microsoft Windows x64 editions. Your hardware manufacturer provides support because a Windows x64 edition was included with your hardware. Your hardware manufacturer might have customized the Windows x64 edition installation with unique components. Unique components might include specific device drivers or might include optional settings to maximize the performance of the hardware. Microsoft will provide reasonable-effort assistance if you need technical help with your Windows x64 edition. However, you might have to contact your manufacturer directly. Your manufacturer is best qualified to support the software that your manufacturer installed on the hardware.

For product information about Microsoft Windows XP Professional x64 Edition, visit the following Microsoft Web site:
http://www.microsoft.com/windowsxp/64bit/default.mspx (http://www.microsoft.com/windowsxp/64bit/default.mspx)
For product information about Microsoft Windows Server 2003 x64 editions, visit the following Microsoft Web site:
http://www.microsoft.com/windowsserver2003/64bit/x64/editions.mspx (http://www.microsoft.com/windowsserver2003/64bit/x64/editions.mspx)
Back to the top
APPLIES TO
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Web Edition
Back to the top
Keywords: 
kbtshoot KB908784
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

 

Related Support Centers