Monday, 17 July 2017

How to Quickly Disable IE ESC in Windows Server 2016 using PowerShell

I really hate “Internet Explorer Enhanced Security Configuration”. Whilst I understand the arguments for it - and against - I simply loathe it.
Good thing that we can easily disable it using PowerShell.

Disabling IE ESC

All you need to do is (using keyboard shortcuts here):

1) Press the Windows button
2) Type “po” for PowerShell (you might have to type a bit more - with a vanilla install, Windows PowerShell will be the best match)
3) Press Ctrl+Shift+Enter (shortcut to Administrator: Windows PowerShell)
Note: You may need to click ‘yes’ to the User Account Control prompt.
4) Then copy and paste the following code into Powershell:


$AdminsKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
$UsersKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
$BaseKey = [Microsoft.Win32.RegistryKey]::OpenBaseKey("LocalMachine","Default")

$SubKey = $BaseKey.OpenSubkey($AdminsKey,$true)
$SubKey.SetValue("IsInstalled",0,[Microsoft.Win32.RegistryValueKind]::DWORD)
$SubKey = $BaseKey.OpenSubKey($UsersKey,$true)
$SubKey.SetValue("IsInstalled",0,[Microsoft.Win32.RegistryValueKind]::DWORD)
logoff


Note 1: We have to log off and log on for the settings to take effect.
Note 2: Here we disable IE ESC for Admins and Users.

Enabling IE ESC

If you wanted to enable IE ESC, it’s just (0 changed to 1):


$AdminsKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
$UsersKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
$BaseKey = [Microsoft.Win32.RegistryKey]::OpenBaseKey("LocalMachine","Default")

$SubKey = $BaseKey.OpenSubkey($AdminsKey,$true)
$SubKey.SetValue("IsInstalled",1,[Microsoft.Win32.RegistryValueKind]::DWORD)
$SubKey = $BaseKey.OpenSubKey($UsersKey,$true)
$SubKey.SetValue("IsInstalled",1,[Microsoft.Win32.RegistryValueKind]::DWORD)
logoff


Image: “Internet Explorer Enhanced Security Configuration is not enabled” - hurrah!

Credit: This 4sysops.com post led me in the right direction.

No comments:

Post a Comment