In this series, I take a closer look at the Microsoft Internet Explorer Enhanced Security Configuration (IE ESC) feature on Windows Server. As I outlined in my previous posts, there are several ways to disable IE ESC. Most sites recommend to just disable IE ESC in Server Manager if this “feature” gets on your nerves. However, in some environments unchecking the “Continue to prompt when website content is blocked” option might be a better solution. In this post, I will explore this option.

Michael Pietroforte

Michael Pietroforte is the founder and editor of 4sysops. He is a Microsoft Most Valuable Professional (MVP) with more than 30 years of experience in IT management and system administration.

Internet Explorer Enhanced Security Configuration dialog box

Internet Explorer Enhanced Security Configuration dialog box

How to disable the IE ESC dialog box ^

As simple as this option might seem, there is lots of confusion about it in forums. First, let’s see what disabling the IE ESC prompt does. You might think that Internet Explorer will load the website without continuously prompting you again. But that is only half of the truth. Internet Explorer will only load the HTML code and will disable all active stuff such as JavaScript and ActiveX Controls.

Since most websites don’t work properly with disabled scripting, this setting is not really useful in most cases. However, if you enable JavaScript in Internet Explorer, most sites will work even though Internet Explorer Enhanced Security Configuration is still enabled, without the need to add the corresponding website to the Trusted sites zone.

Running JavaScript with enabled IE ESC ^

To enable JavaScript in Internet Explorer, click the Tools icon, then Internet Options, and then the Security tab. Select the Internet zone and then click Custom level… Navigate to Scripting -> Active Scripting, and then click Enable.

Enable JavaScript in Internet Explorer

Enable JavaScript in Internet Explorer

It is important to note that this setting is a bit dangerous; whenever someone opens Internet Explorer on the server, he will get the message that IE ESC is enabled even though harmful JavaScript code could now run on the server. The advantage is of this setting is that it is still more secure than with Internet Explorer Enhanced Security Configuration disabled.

I have to add another warning. On Windows Server 2012, I sometimes noticed a strange behavior when I followed the above procedure. Whenever I wanted to launch Internet Explorer from the Modern UI Start Screen, I got the message “This app can’t open – Internet Explorer can’t be opened using the Built-in Administrator account. Sign in with a different account and try again.”

Internet Explorer can’t be opened using the Built-in Administrator account

Internet Explorer can’t be opened using the Built-in Administrator account

It appears to be a Windows Server 2012 Modern UI bug because opening Internet Explorer from the desktop worked without problems. Undoing the settings described above doesn’t solve the problem. Note that this didn’t happen on all Windows Server 2012 systems.

How to enable the IE ESC prompt ^

There is another strange thing with the IE ESC dialog box. It seems there is no setting in Internet Explorer to get the prompt back once you disable the “Continue to prompt when website content is blocked” checkbox so that you can add sites again to the Trusted sites zone.

The IE ESC description of Windows Server 2008 R2 mentions a setting (Display enhanced security configuration dialog) in the Advanced tab of Internet Options to enable the IE ESC prompt again. However, there is no such setting. The corresponding Windows Server 2012 document no longer contains the passage.

I know of two ways to enable the dialog box again. One is to reset Internet Explorer settings in the Advanced Tab of the Internet Options. Note that restoring the advanced settings isn’t enough. The downside of this way is that all your Internet Explorer settings will be lost.

Reset Internet Explorer Settings

Reset Internet Explorer Settings

The other option is to enable the prompt in the Registry. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain and set DisplayTrustAlertDlg to 1.

Enable the IE ESC prompt Registry setting

Enable the IE ESC prompt Registry setting

Please let me know if you found another way to enable the IE ESC dialog box.

Win the monthly 4sysops member prize for IT pros

Share
1+

0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

CONTACT US

Please ask IT administration questions in the forum. Any other messages are welcome.

Sending
© 4sysops 2006 - 2017

Log in with your credentials

or    

Forgot your details?

Create Account