Article ID: 933991 - View products that this article applies to.
After you configure a Microsoft Windows Server 2003-based terminal server, standard users cannot turn off the Internet Explorer Enhanced Security Configuration feature. When a standard user clicks to clear the Internet Explorer Enhanced Security Configuration check box, the check box remains clear as expected. However, Internet Explorer Enhanced Security Configuration is still enabled.
Note You are more likely to experience this behavior on a terminal server that you configured from a prepared image (Sysprepped image).
To resolve this problem, use one or more of the following methods, as appropriate for your situation.
Method 1: Rebuild the terminal serverIf the terminal server was configured to have Internet Explorer Enhanced Security Configuration enabled and if the terminal server is in a locked down environment, you may be unable to completely remove Internet Explorer Enhanced Security Configuration.
In this case, it may be quicker to rebuild the terminal server. When you do this, use an Unattend.txt file together with the Windows Setup program to disable Internet Explorer Enhanced Security Configuration during the installation of Windows.
Method 2: Modify Internet Explorer settings for administrator accountsFor administrator accounts, you can run the following command to turn off Internet Explorer Enhanced Security Configuration:
rundll32.exe setupapi.dll,InstallHinfSection IESoftenAdmin 128 %windir%\inf\IEHARDEN.INFNote You must run this command by using an account that has administrative credentials. Additionally, for the changes to take effect, you must restart the computer after you run this command.
Method 3: Remove the IEHarden registry entry for particular standard user accountsImportant This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/322756/ )How to back up and restore the registry in Windows
To turn off Internet Explorer Enhanced Security Configuration for a few user accounts, you can remove the IEHarden registry entry from each standard user account profile. To do this, follow these steps:
Method 4: Create a new default profile for standard user accountsYou may have an environment in which one or more of the following conditions are true:
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
815141The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
(http://support.microsoft.com/kb/815141/ )Internet Explorer Enhanced Security Configuration changes the browsing experience
Article ID: 933991 - Last Review: October 11, 2007 - Revision: 1.5