IE ESC -- hard to get rid of, hard to find.
- By Greg Shields
Internet Explorer Enhanced Security Configuration, or IE ESC for short, has been a valuable addition to Windows Servers since version 2003. IE ESC locks down the configuration of Internet Explorer to eliminate most add-ons, to prevent most scripts from running and it jacks up IE's security to the highest level. Or, in a nutshell, it effectively makes IE a royal pain-in-the-neck to use.
That being said, for servers that really shouldn't be used for surfing anyway, locking down IE is probably a good thing. Keeping IE ESC enabled on servers is a good idea, if only because it drives us to do our surfing on other machines. In certain circumstances, though, you'll find the need to enable it. Terminal servers are a good example of this. With terminal servers, it is likely that you'll be hosting Web-based applications that IE ESC's draconian policies won't agree with.
In those cases, removing IE ESC is a good idea. In Windows Server 2003, this was done through Add/Remove Windows Components. But in Windows Server 2008, that configuration has changed locations. In order to remove IE ESC on your newest server OS, you'll do that through Server Manager. Specifically, do this by focusing on the top-level node of Server Manager's tree. Then scroll down the right pane to find the section marked Server Summary. There, you'll see a link for Disable IE ESC. The resulting dialog box will allow you to disable it for administrators, normal users or both.
Greg Shields is Author Evangelist with PluralSight, and is a globally-recognized expert on systems management, virtualization, and cloud technologies. A multiple-year recipient of the Microsoft MVP, VMware vExpert, and Citrix CTP awards, Greg is a contributing editor for Redmond Magazine and Virtualization Review Magazine, and is a frequent speaker at IT conferences worldwide. Reach him on Twitter at @concentratedgreg.