it happens all the time, I spin up a vm with windows server and I can't access the internet because of IE security. Does anyone have a straight-forward PowerShell script for disabling IE security?
Asked
Active
Viewed 4.6k times
37
-
What do you want to disable? ESC? Protected Mode? – Andy Arismendi Feb 20 '12 at 21:01
-
2yes, IE ESC (here's a few more characters to allow me to post this comment????) – Chris Hayes Feb 20 '12 at 21:05
2 Answers
58
function Disable-InternetExplorerESC {
$AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
$UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0
Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0
Stop-Process -Name Explorer
Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green
}
function Enable-InternetExplorerESC {
$AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
$UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 1
Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 1
Stop-Process -Name Explorer
Write-Host "IE Enhanced Security Configuration (ESC) has been enabled." -ForegroundColor Green
}
function Disable-UserAccessControl {
Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Value 00000000
Write-Host "User Access Control (UAC) has been disabled." -ForegroundColor Green
}
drop this into a .ps1 file
then at the prompt type a period, a space and the path to the file something like this:
[PS 1] . C:\Users\Administrator\Desktop\YourPowerShellScript.ps1
Then you can call the command at the prompt:
[PS 1] Disable-InternetExplorerESC
Chris Hayes
- 3,876
- 7
- 42
- 72
-
-
2@wes2020 I stole this script from somewhere but my assumption is that stopping explorer only 'restarts' it. Explorer will start if it is stopped – Chris Hayes Apr 20 '15 at 21:40
-
In Windows Server 2012, this does not work for me. If you start IE after applying this, the trusted popups still appear; in Server Manager, the trusted feature shows "off" but if you click to the configuration both admin and user checkboxes still show "on". – MaxVT Jun 03 '15 at 15:39
-
@MaxVT The Rundll32 iesetup.dll settings [here](http://absolute-sharepoint.com/2012/06/how-to-disable-ie-enhanced-security-using-powershell.html) appear to have fixed things on Server 2012. – russau Oct 31 '15 at 14:59
17
The below modification has added -Force parameters to avoid any confirmations. I was prompted to do this when prompted to confirm that I wanted to end the "explorer" process..
function Disable-InternetExplorerESC {
$AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
$UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0 -Force
Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0 -Force
Stop-Process -Name Explorer -Force
Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green
}
function Enable-InternetExplorerESC {
$AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
$UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 1 -Force
Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 1 -Force
Stop-Process -Name Explorer -Force
Write-Host "IE Enhanced Security Configuration (ESC) has been enabled." -ForegroundColor Green
}
function Disable-UserAccessControl {
Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Value 00000000 -Force
Write-Host "User Access Control (UAC) has been disabled." -ForegroundColor Green
}
Disable-UserAccessControl
Disable-InternetExplorerESC
Vladimir Panteleev
- 24,651
- 6
- 70
- 114
Roy Barbour
- 171
- 1
- 2
-
Guys, just export the registry key you need, toggling the setting in Server Manager for Enable and Disable and use the .reg files in PowerShell. Don't make this so hard... – Patrick Burwell Sep 01 '21 at 15:33