Disable Enhanced Security Configuration in IE

Stop Sign

Stop Sign (Photo credit: ladybeames)

Microsoft is well aware that many common exploits and vulnerabilities use the Internet Explorer (IE) browser and associated plugins for the easiest attack vector. The primary defense against these attacks include frequent software updates and anti-virus software. This is considered a sufficient risk mitigation on end-user systems. On server systems, Microsoft goes a step further to discourage administrators from inadvertently receiving malware or exploits through IE browsing or plugins – welcome to the world of “Internet Explorer Enhanced Security Configuration” often affectionately referred to as IE ESC.

If you actually want to use Internet Explorer on your Microsoft server system, the common guidance is to disable the IE ESC feature. Internet Explorer is not really useable while ESC is enabled – general consensus leads me to believe that Microsoft intends to discourage administrators from using Internet Explorer while on server systems by crippling IE with ESC by default. If you agree with Microsoft, you might want to avoid running IE on your servers and stick to running IE on end-user versions of Windows only (XP, Vista, 7, 8, etc). For those who accept the risk of running IE on a server, here are some links to help disable ESC:


About notesbytom

Keeping technology notes on WordPress.com to free up my mind to solve new problems rather than figuring out the same ones repeatedly :-).
This entry was posted in System Administration and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s