Microsoft is well aware that many common exploits and vulnerabilities use the Internet Explorer (IE) browser and associated plugins for the easiest attack vector. The primary defense against these attacks include frequent software updates and anti-virus software. This is considered a sufficient risk mitigation on end-user systems. On server systems, Microsoft goes a step further to discourage administrators from inadvertently receiving malware or exploits through IE browsing or plugins – welcome to the world of “Internet Explorer Enhanced Security Configuration” often affectionately referred to as IE ESC.
If you actually want to use Internet Explorer on your Microsoft server system, the common guidance is to disable the IE ESC feature. Internet Explorer is not really useable while ESC is enabled – general consensus leads me to believe that Microsoft intends to discourage administrators from using Internet Explorer while on server systems by crippling IE with ESC by default. If you agree with Microsoft, you might want to avoid running IE on your servers and stick to running IE on end-user versions of Windows only (XP, Vista, 7, 8, etc). For those who accept the risk of running IE on a server, here are some links to help disable ESC:
- Disable Internet Explorer Enhanced Security Configuration (IE ESC) in Windows Server 2012 (4sysops.com)
- Disable Internet Explorer Enhanced Security Configuration (IE ESC) in Windows Server 2008 R2 (4sysops.com)
- For older versions of Windows Server, try Google 😉