Title (Arial 20 Bold)<same as filename>Thanks for the replies from Carl and Chad. I've removed IEESC from control panel, add remove and found that indeed it was still enabled in the shadow key - now set to 0. It seems that the error is it's looking for :Zone.Identifier (filemon output) 14:36:06 iexplore.exe:2412 QUERYINFORMATION C:\DOCUME~1\user1\LOCALS~1\Temp\1\techtmp.htm:Zone.Identifier NOT FOUND Attributes: Error I know that this feature (zone.identifier and ADS) came in with XP SP2 and W2K3 SP1 .. but I can see nothing in the filemon log regarding Zone.Identifier on a client XP SP2 machine (local) then the Iframe appears correctly - which is what the techtmp.htm creates with an embedded PDF in it. If I remove the W2K3 SP1 then the filemon log appears very similar to the Win XP SP2 ... ie. no mention of Zone.identifier I've added the website to the local intranet zone but still no joy. Is there a way to dumb-down even more the security on IE (an oxymoron if ever there was one)to change IE to not use zone.identifier ? -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Carl Stalhood Sent: 20 September 2005 02:46 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: W2K3 SP1 and Internet Explorer Enhanced Security Configuration Look for the registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IEHarden. This key controls the IEESC. This key might also have been propagated to the shadow key so look there as well (HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\...) If you are seeing the message about IEESC being enabled in the IE home page then that does not necessarily mean that it is enabled. This is nothing more than a simple .html file. ------------------------------------------------------------------------------ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Davey Sent: Monday, September 19, 2005 11:44 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] W2K3 SP1 and Internet Explorer Enhanced Security Configuration W2K3 T/S with SP1 (applied after build - not slipstreamed) Internet Explorer Enhanced Security Configuration - turned off for users If I login to the the above T/S server via RDP as a user I don't get the Internet Explorer Enhanced Security Configuration pop-up message when I use IE ... all seems good.. However... If I login directly to the console (as the same user) I do get the message that IEESC is configured on the server. I think that the security is still enabled for the users (including newly created users) as some sites don't seem to work correctly after installing SP1.. which is why I logged in at the console. Is there a special way to remove the IEESC for T/S users ?.. or a way to prove if it is still on for them ?. Help ! Davey