Disable/Enable the Internet Explorer Enhanced Security Configuration for Users/Non-Admins with Group Policy

In a previous post, I covered disabling/enabling the Internet Explorer Enhanced Security Configuration (IE ESC) for Administrators via Group Policy. Disabling the IE ESC for Administrators is usually something I don’t recommend in a production environment. However, disabling it for Users/Non-Administrators is a different story. In most cases, you won’t have someone logging in to a console or over Remote Desktop (RDP) to your servers that doesn’t have Admin rights… that is unless your running Terminal Services/Remote Desktop Services or a third-party product like XenApp. In those environments, it is very normal to have users logged into a remote session that do need access to fully functional web browser. Microsoft didn’t give us any kind of obvious Group Policy setting to enable or disable the IE ESC. Like the setting for Admins, it is a Registry entry that can be tweaked with Group Policy Preferences for deployment to groups of servers so than you can make sure your end users are receiving a consistent environment.


Continue reading