Disable IEESC on Windows 2008

Share on facebook
Share on twitter
Share on linkedin

The default configuration for Windows Server 2008 still has Internet Explorer Enhanced Security Configuration enabled. Considering most administrators probably disable this I wonder why it’s still there … nonetheless here is a script to disable Internet Explorer Enhanced Security Configuration (IEESC) from a script.

Disable IEESC on Windows 2008:

:: If required, backup the registry keys
:: This is always a good idea before making registry changes
REG EXPORT "HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" "%TEMP%.HKEY_LOCAL_MACHINE.SOFTWARE.Microsoft.Active Setup.Installed Components.A509B1A7-37EF-4b3f-8CFC-4F3A74704073.reg"
REG EXPORT "HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" "%TEMP%.HKEY_LOCAL_MACHINE.SOFTWARE.Microsoft.Active Setup.Installed Components.A509B1A8-37EF-4b3f-8CFC-4F3A74704073.reg"

REG ADD "HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" /v "IsInstalled" /t REG_DWORD /d 0 /f
REG ADD "HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /v "IsInstalled" /t REG_DWORD /d 0 /f

Rundll32 iesetup.dll, IEHardenLMSettings
Rundll32 iesetup.dll, IEHardenUser
Rundll32 iesetup.dll, IEHardenAdmin

REG DELETE "HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" /f /va
REG DELETE "HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /f /va

:: If you like you modify the registry to remove the warning that shows on first IE run
:: This registry change will also set the default home page to about:blank
REG DELETE "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain" /v "First Home Page" /f
REG ADD "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain" /v "Default_Page_URL" /t REG_SZ /d "about:blank" /f
REG ADD "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain" /v "Start Page" /t REG_SZ /d "about:blank" /f

Just another of those little Windows annoyances that can be removed easily if you like.