[THIN] Re: W2K3 SP1 and Internet Explorer Enhanced Security Configuration
- From: "Davey" <DB1001@xxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Tue, 20 Sep 2005 13:08:09 +0100
Title (Arial 20 Bold)<same as filename>Thanks for the replies from Carl and
Chad.
I've removed IEESC from control panel, add remove and found that indeed it was
still enabled in the shadow key - now set to 0.
It seems that the error is it's looking for :Zone.Identifier
(filemon output)
14:36:06 iexplore.exe:2412 QUERYINFORMATION
C:\DOCUME~1\user1\LOCALS~1\Temp\1\techtmp.htm:Zone.Identifier NOT FOUND
Attributes: Error
I know that this feature (zone.identifier and ADS) came in with XP SP2 and W2K3
SP1 .. but I can see nothing in the filemon log regarding Zone.Identifier on a
client XP SP2 machine (local) then the Iframe appears correctly - which is
what the techtmp.htm creates with an embedded PDF in it. If I remove the W2K3
SP1 then the filemon log appears very similar to the Win XP SP2 ... ie. no
mention of Zone.identifier
I've added the website to the local intranet zone but still no joy. Is there a
way to dumb-down even more the security on IE (an oxymoron if ever there was
one)to change IE to not use zone.identifier ?
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of
Carl Stalhood
Sent: 20 September 2005 02:46
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: W2K3 SP1 and Internet Explorer Enhanced Security
Configuration
Look for the registry key
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\IEHarden. This key controls the IEESC.
This key might also have been propagated to the shadow key so look there as
well (HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal
Server\Install\Software\Microsoft\...)
If you are seeing the message about IEESC being enabled in the IE home page
then that does not necessarily mean that it is enabled. This is nothing more
than a simple .html file.
------------------------------------------------------------------------------
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Davey
Sent: Monday, September 19, 2005 11:44 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] W2K3 SP1 and Internet Explorer Enhanced Security Configuration
W2K3 T/S with SP1 (applied after build - not slipstreamed)
Internet Explorer Enhanced Security Configuration - turned off for users
If I login to the the above T/S server via RDP as a user I don't get the
Internet Explorer Enhanced Security Configuration pop-up message when I use IE
... all seems good..
However...
If I login directly to the console (as the same user) I do get the message
that IEESC is configured on the server.
I think that the security is still enabled for the users (including newly
created users) as some sites don't seem to work correctly after installing
SP1.. which is why I logged in at the console.
Is there a special way to remove the IEESC for T/S users ?.. or a way to
prove if it is still on for them ?.
Help !
Davey
Other related posts:
