By default, Microsoft Internet Explorer Enhanced Security Configuration (ESC) is enabled in Windows Server 2003. However, Internet Explorer ESC is not enabled by default for Terminal Services if Terminal Services are installed by an unattended installation.
To enable Internet Explorer ESC for administrators or for users who browse while they are logged on to a Terminal Services session, you must specify IEHardenAdmin or IEHardenUser in the [Components] section of the unattend answer file.
When you specify TSEnable = ON in the [Components] section, Terminal Services automatically defaults to hard (IEHardenAdmin = ON) for administrators and soft (IEHardenUser = OFF) for users when Internet Explorer settings are not specified. If Internet Explorer settings are specified in the [Components] section, Terminal Services follow the settings.
[Components] TerminalServer = On IEHardenUser = ON|OFF IEHardenAdmin = ON|OFF
For more information about security settings in Internet Explorer, see the online Help for Internet Explorer ESC on a computer that is running Windows Server 2003:
Start Internet Explorer.
Click Enhanced Security Configuration.
The online Help includes instructions for changing the security settings in Internet Explorer. To change these settings, you must log on as a member of the Administrators group on the computer where you want to change settings.
For more information, see the Microsoft Windows Preinstallation Reference Help file (Ref.chm) on the Windows Server 2003 CD. This file is located at:
For additional information about creating an unattend answer file, click the following article number to view the article in the Microsoft Knowledge Base:
323438 HOW TO: Use Setup Manager to Create an Answer File in Windows Server 2003