Login/Register
Disable IE security on Windows Server via PowerShell
Asked Answered
Solved internet-explorerpowershellwindows-server-2008-r2
P

2

37

it happens all the time, I spin up a vm with windows server and I can't access the internet because of IE security. Does anyone have a straight-forward PowerShell script for disabling IE security?

Panaggio answered 20/2, 2012 at 20:56 Comment(2)
What do you want to disable? ESC? Protected Mode?Immune
yes, IE ESC (here's a few more characters to allow me to post this comment????)Panaggio
P
58
function Disable-InternetExplorerESC {
    $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
    $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
    Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0
    Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0
    Stop-Process -Name Explorer
    Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green
}
function Enable-InternetExplorerESC {
    $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
    $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
    Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 1
    Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 1
    Stop-Process -Name Explorer
    Write-Host "IE Enhanced Security Configuration (ESC) has been enabled." -ForegroundColor Green
}
function Disable-UserAccessControl {
    Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Value 00000000
    Write-Host "User Access Control (UAC) has been disabled." -ForegroundColor Green    
}

drop this into a .ps1 file

then at the prompt type a period, a space and the path to the file something like this:

[PS 1] . C:\Users\Administrator\Desktop\YourPowerShellScript.ps1

Then you can call the command at the prompt:

[PS 1] Disable-InternetExplorerESC
Panaggio answered 20/2, 2012 at 21:18 Comment(4)
Why are you stopping "Explorer", but not restarting it?Dusky
@wes2020 I stole this script from somewhere but my assumption is that stopping explorer only 'restarts' it. Explorer will start if it is stoppedPanaggio
In Windows Server 2012, this does not work for me. If you start IE after applying this, the trusted popups still appear; in Server Manager, the trusted feature shows "off" but if you click to the configuration both admin and user checkboxes still show "on".Chartulary
@Chartulary The Rundll32 iesetup.dll settings here appear to have fixed things on Server 2012.Lamarckian
L
17

The below modification has added -Force parameters to avoid any confirmations. I was prompted to do this when prompted to confirm that I wanted to end the "explorer" process..

function Disable-InternetExplorerESC {
    $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
    $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
    Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0 -Force
    Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0 -Force
    Stop-Process -Name Explorer -Force
    Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green
}
function Enable-InternetExplorerESC {
    $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
    $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
    Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 1 -Force
    Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 1 -Force
    Stop-Process -Name Explorer -Force
    Write-Host "IE Enhanced Security Configuration (ESC) has been enabled." -ForegroundColor Green
}
function Disable-UserAccessControl {
    Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Value 00000000 -Force
    Write-Host "User Access Control (UAC) has been disabled." -ForegroundColor Green    
}
Disable-UserAccessControl
Disable-InternetExplorerESC
Laniferous answered 10/4, 2015 at 21:35 Comment(1)
Guys, just export the registry key you need, toggling the setting in Server Manager for Enable and Disable and use the .reg files in PowerShell. Don't make this so hard...Londoner

© 2022 - 2024 — McMap. All rights reserved.