In this post, I will show you how to disable Internet Explorer Enhanced Security Configuration (IE ESC) on multiple remote computers using PowerShell.

Sitaram Pamarthi

Sitaram Pamarthi is working as a Windows Engineer and his special fields of interest are PowerShell, Active Directory, Exchange, and virtualization.

I am sure most Windows administrators are familiar with the frustrating screen shown below. When you log on to a Windows Server and try to browse to a website (including Microsoft sites), you’ll sometimes see this kind of message. This happens when you have Internet Explorer Enhanced Security Configuration (IE ESC) enabled on your server.

Disable IE Enhanced Security Configuration (IE ESC) on remote computers using PowerShell

IE Enhanced Security Configuration (IE ESC)

The script that I am going to discuss below will help you disable IE ESC on multiple remote computers so that you don’t need to disable it explicitly by logging on to each Windows Server you built. You can also place code from this script into your WDS build routines so that IE ESC will get disabled during build time itself.

IE ESC has ON/OFF settings for administrators and normal users. These settings are stored in the registry at HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073} for administrators and HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073} for normal users. The “IsInstalled” registry value in the aforementioned keys gives the IE ESC ON/OFF status. If this registry value is set to “0”, IE ESC is disabled; “1” means enabled. So, the script is all about connecting to the remote registry and modifying the registry key values.

Below is the core part of the script. The script loops through each computer and checks if it is responding to a ping. If the ping is successful, the script connects to the remote registry using the Dotnet class [Microsoft.Win32.RegistryKey] and opens the sub keys that we discussed before. After that, it executes the SetValue method on the IsInstalled registry value to change its value to 0 (that is, to disable). All of these registry operations are bounded inside a try-catch block so that any errors that occur during registry connection and data modification are caught and handled properly. Based on the success or failure of the operation, each computer is assigned to either $SuccessComps or $failedComps, enabling these arrays to be used to store the data in files located on the c:\ drive when the –OutputToLogs parameter is used with the script.

If you are interested in knowing more about how to create and modify registry keys of remote computers using PowerShell, read my previous article.

Usage and Examples:

Here are the usage instructions and other help material for this script.

You can download the PowerShell script to disable Internet Explorer Enhanced Security Configuration here.

NOTE: By providing this script to disable IE ESC, I didn’t mean to say that you should disable IE ESC as a best practice. This script is intended only to help you disable IE ESC after you have decided that there is a good reason to do so. To know the ups and downs of disabling IE ESC, read this post.

Win the monthly 4sysops member prize for IT pros

Share
0

0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

CONTACT US

Please ask IT administration questions in the forum. Any other messages are welcome.

Sending
© 4sysops 2006 - 2017

Log in with your credentials

or    

Forgot your details?

Create Account