Wednesday, September 4, 2013

PowerShell to disable IE Enhanced Security

So, my employer has a number of web consoles for various applications.

This is fine, except for pesky IE Enhanced Security.

So, to automatically disable this for members of the local Administrators group just comment out the User section from the script below.

Now, before you reply that I should be adding the URL to the exclusion list and all that.  This is so much simpler.  Why?  Because I don’t have to worry about a shortcut having localhost vs. the FQDN in it.

This one section of my script runs and Administrators are happy.  After all, these are servers.  And outside of hitting a local console once or twice or applying updates, they should not even be logged in locally, right(?)

# Disable IE Enhanced Security Configuration for Administrators and Users for web consoles
try {
$AdminKey = “HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}”
$UserKey = “HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}”
Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 0
Set-ItemProperty -Path $UserKey -Name “IsInstalled” -Value 0
Stop-Process -Name Explorer
“IE Enhanced Security Configuration (ESC) has been disabled on this machine.”
}
catch {"Failed to disable IE ESC" }

No comments: