Windows Server 2008 R2中关闭“IE增强的安全配置”
当在Windows Sever 2008 R2中运动IE8的时候会发现默认情况下IE启用了增强的安全配置,为了方便而且是在内网的情况下我们可以关闭IE8的增强安全配置,操作很简单如下步骤。
一,以本机管理员或是域管理员的身份登陆系统,在“开始”菜单-->“管理工具”-->“服务器管理器”,如下图:(或者点击任务栏上的服务器管理器图标即可)
二,或者在“开始”菜单-->“运行”中输入“servermanager.msc”回车即可,如下图:
三,在打开的服务器管理器窗口中选中“服务器管理器”,然后单右边窗口中的“配置 IE ESC”如下图:
在接下来打开的新窗口中,分别选中“管理员”-->“禁用”,“用户”-->“禁用”。默认情况是开启的,这里全部禁用即可,如下图:
PowerShell 本地化脚本:
Disable-InternetExplorerESC.ps1
function Disable-InternetExplorerESC { $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0 Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0 Stop-Process -Name Explorer Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green }
Disable-InternetExplorerESC
Enable-InternetExplorerESC.ps1
function Enable-InternetExplorerESC { $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 1 Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 1 Stop-Process -Name Explorer Write-Host "IE Enhanced Security Configuration (ESC) has been enabled." -ForegroundColor Green }
Enable-InternetExplorerESC
PowerShell 远程脚本:
Disable-IEESC.PS1
<# .Synopsis Disables Internet Explorer Enhanced Security(IE ESC). .Description This script disables IE ESC on list of given Windows 2008 servers .Parameter ComputerName Computer name(s) for which you want to disable IE ESC. .Parameter OutputToLogs This option allows you to save the failed and successful computer names to text files in c:\ drive. The successful computer will be avialable in c:\successcomps.txt file and the failed computers will be in c:\failedcomps.txt .Example Disable-IEESC.PS1 -ComputerName Comp1, Comp2 Disables IE ESC on Comp1 and Comp2 .Example Disable-IEESC.PS1 -ComputerName Comp1, Comp2 -OutputToLogs Disables IE ESC and stores output in logfiles located in c:\ .Example Get-Content c:\servers.txt | Disable-IEESC.PS1 -OutputToLogs Disables IE ESC on computers listed in servers.txt and saves success and failed computers list to c:\ .Notes NAME: Disable-IEESC.PS1 AUTHOR: Sitaram Pamarthi WEBSITE: http://techibee.com #> [cmdletbinding()] param( [parameter(ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)] [string[]]$ComputerName = $env:computername, [switch]$OutputToLogs ) begin { $AdministratorsKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" $UsersKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" $SuccessComps =@(); $FailedComps = @(); } process { foreach($Computer in $ComputerName) { if(!(Test-Connection -Computer $Computer -count 1 -ea 0)) { Write-Host "$Computer NOT REACHABLE" $FailedComps += $Computer continue } Write-Host "Working on $Computer" try { $BaseKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine",$Computer) $SubKey = $BaseKey.OpenSubKey($AdministratorsKey,$true) $SubKey.SetValue("IsInstalled",0,[Microsoft.Win32.RegistryValueKind]::DWORD) $SubKey = $BaseKey.OpenSubKey($UsersKey,$true) $SubKey.SetValue("IsInstalled",0,[Microsoft.Win32.RegistryValueKind]::DWORD) Write-Host "Successfully disabled IE ESC on $Computer" $SuccessComps += $Computer } catch { Write-Host "Failed to disable IE ESC on $Computer" $FailedComps += $Computer } } } end{ if($OutputToLogs) { $SuccessComps | Out-File "c:\successcomps.txt" $FailedComps | Out-File "c:\failedcomps.txt" } }
Enable-IEESC.PS1
<# .Synopsis Enables Internet Explorer Enhanced Security(IE ESC). .Description This script enables IE ESC on list of given Windows 2008 servers .Parameter ComputerName Computer name(s) for which you want to enable IE ESC. .Parameter OutputToLogs This option allows you to save the failed and successful computer names to text files in c:\ drive. The successful computer will be avialable in c:\successcomps.txt file and the failed computers will be in c:\failedcomps.txt .Example Enable-IEESC.PS1 -ComputerName Comp1, Comp2 Enables IE ESC on Comp1 and Comp2 .Example Enable-IEESC.PS1 -ComputerName Comp1, Comp2 -OutputToLogs Enables IE ESC and stores output in logfiles located in c:\ .Example Get-Content c:\servers.txt | Enable-IEESC.PS1 -OutputToLogs Enables IE ESC on computers listed in servers.txt and saves success and failed computers list to c:\ .Notes NAME: Enable-IEESC.PS1 AUTHOR: Sitaram Pamarthi WEBSITE: http://techibee.com #> [cmdletbinding()] param( [parameter(ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)] [string[]]$ComputerName = $env:computername, [switch]$OutputToLogs ) begin { $AdministratorsKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" $UsersKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" $SuccessComps =@(); $FailedComps = @(); } process { foreach($Computer in $ComputerName) { if(!(Test-Connection -Computer $Computer -count 1 -ea 0)) { Write-Host "$Computer NOT REACHABLE" $FailedComps += $Computer continue } Write-Host "Working on $Computer" try { $BaseKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine",$Computer) $SubKey = $BaseKey.OpenSubKey($AdministratorsKey,$true) $SubKey.SetValue("IsInstalled",1,[Microsoft.Win32.RegistryValueKind]::DWORD) $SubKey = $BaseKey.OpenSubKey($UsersKey,$true) $SubKey.SetValue("IsInstalled",1,[Microsoft.Win32.RegistryValueKind]::DWORD) Write-Host "Successfully enabled IE ESC on $Computer" $SuccessComps += $Computer } catch { Write-Host "Failed to enable IE ESC on $Computer" $FailedComps += $Computer } } } end{ if($OutputToLogs) { $SuccessComps | Out-File "c:\successcomps.txt" $FailedComps | Out-File "c:\failedcomps.txt" } }
