Windows Server 2008 R2中关闭“IE增强的安全配置”

当在Windows Sever 2008 R2中运动IE8的时候会发现默认情况下IE启用了增强的安全配置,为了方便而且是在内网的情况下我们可以关闭IE8的增强安全配置,操作很简单如下步骤。

一,以本机管理员或是域管理员的身份登陆系统,在“开始”菜单-->“管理工具”-->“服务器管理器”,如下图:(或者点击任务栏上的服务器管理器图标即可)

Windows <wbr>Server <wbr>2008 <wbr>R2中关闭鈥淚E增强的安全配置鈥
二,或者在“开始”菜单-->“运行”中输入“servermanager.msc”回车即可,如下图:

Windows <wbr>Server <wbr>2008 <wbr>R2中关闭鈥淚E增强的安全配置鈥

三,在打开的服务器管理器窗口中选中“服务器管理器”,然后单右边窗口中的“配置 IE ESC”如下图:

Windows <wbr>Server <wbr>2008 <wbr>R2中关闭鈥淚E增强的安全配置鈥
在接下来打开的新窗口中,分别选中“管理员”-->“禁用”,“用户”-->“禁用”。默认情况是开启的,这里全部禁用即可,如下图:

Windows <wbr>Server <wbr>2008 <wbr>R2中关闭鈥淚E增强的安全配置鈥

 

PowerShell 本地化脚本:

Disable-InternetExplorerESC.ps1
function Disable-InternetExplorerESC {
    $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
    $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
    Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0
    Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0
    Stop-Process -Name Explorer
    Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green
}

Disable-InternetExplorerESC

Enable-InternetExplorerESC.ps1
function Enable-InternetExplorerESC {
    $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
    $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
    Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 1
    Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 1
    Stop-Process -Name Explorer
    Write-Host "IE Enhanced Security Configuration (ESC) has been enabled." -ForegroundColor Green
}

Enable-InternetExplorerESC

PowerShell 远程脚本:

Disable-IEESC.PS1
<#

    .Synopsis 
        Disables Internet Explorer Enhanced Security(IE ESC).
        
    .Description
        This script disables IE ESC on list of given Windows 2008 servers
 
    .Parameter ComputerName    
        Computer name(s) for which you want to disable IE ESC.
    
    .Parameter OutputToLogs
        This option allows you to save the failed and successful computer names to text files in
        c:\ drive. The successful computer will be avialable in c:\successcomps.txt file and the 
        failed computers will be in c:\failedcomps.txt
    
    .Example
        Disable-IEESC.PS1 -ComputerName Comp1, Comp2
        
        Disables IE ESC on Comp1 and Comp2
    .Example
        Disable-IEESC.PS1 -ComputerName Comp1, Comp2 -OutputToLogs
        
        Disables IE ESC and stores output in logfiles located in c:\ 
        
    .Example
        Get-Content c:\servers.txt | Disable-IEESC.PS1 -OutputToLogs
        
        Disables IE ESC on computers listed in servers.txt and saves success and failed computers list to c:\    
       
    .Notes
        NAME:      Disable-IEESC.PS1
        AUTHOR:    Sitaram Pamarthi
        WEBSITE:   http://techibee.com

#>

[cmdletbinding()]
param(
    [parameter(ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)]
    [string[]]$ComputerName = $env:computername,
    [switch]$OutputToLogs
    
)

begin {
    $AdministratorsKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
    $UsersKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
    $SuccessComps =@();
    $FailedComps = @();
}

process {
    foreach($Computer in $ComputerName) {
        if(!(Test-Connection -Computer $Computer -count 1 -ea 0)) {
            Write-Host "$Computer NOT REACHABLE"
            $FailedComps += $Computer
            continue
        }

        Write-Host "Working on $Computer"
        try {
            $BaseKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine",$Computer)
            $SubKey = $BaseKey.OpenSubKey($AdministratorsKey,$true)
            $SubKey.SetValue("IsInstalled",0,[Microsoft.Win32.RegistryValueKind]::DWORD)
            $SubKey = $BaseKey.OpenSubKey($UsersKey,$true)
            $SubKey.SetValue("IsInstalled",0,[Microsoft.Win32.RegistryValueKind]::DWORD)
            Write-Host "Successfully disabled IE ESC on $Computer"
            $SuccessComps += $Computer
        }
        catch {
            Write-Host "Failed to disable IE ESC on $Computer"
            $FailedComps += $Computer
        }
        
    }
}

end{
    if($OutputToLogs) {
        $SuccessComps | Out-File "c:\successcomps.txt"
        $FailedComps | Out-File "c:\failedcomps.txt"
    }
}

Enable-IEESC.PS1
<#

    .Synopsis 
        Enables Internet Explorer Enhanced Security(IE ESC).
        
    .Description
        This script enables IE ESC on list of given Windows 2008 servers
 
    .Parameter ComputerName    
        Computer name(s) for which you want to enable IE ESC.
    
    .Parameter OutputToLogs
        This option allows you to save the failed and successful computer names to text files in
        c:\ drive. The successful computer will be avialable in c:\successcomps.txt file and the 
        failed computers will be in c:\failedcomps.txt
    
    .Example
        Enable-IEESC.PS1 -ComputerName Comp1, Comp2
        
        Enables IE ESC on Comp1 and Comp2
    .Example
        Enable-IEESC.PS1 -ComputerName Comp1, Comp2 -OutputToLogs
        
        Enables IE ESC and stores output in logfiles located in c:\ 
        
    .Example
        Get-Content c:\servers.txt | Enable-IEESC.PS1 -OutputToLogs
        
        Enables IE ESC on computers listed in servers.txt and saves success and failed computers list to c:\    
       
    .Notes
        NAME:      Enable-IEESC.PS1
        AUTHOR:    Sitaram Pamarthi
        WEBSITE:   http://techibee.com

#>

[cmdletbinding()]
param(
    [parameter(ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)]
    [string[]]$ComputerName = $env:computername,
    [switch]$OutputToLogs
    
)

begin {
    $AdministratorsKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
    $UsersKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
    $SuccessComps =@();
    $FailedComps = @();
}

process {
    foreach($Computer in $ComputerName) {
        if(!(Test-Connection -Computer $Computer -count 1 -ea 0)) {
            Write-Host "$Computer NOT REACHABLE"
            $FailedComps += $Computer
            continue
        }

        Write-Host "Working on $Computer"
        try {
            $BaseKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine",$Computer)
            $SubKey = $BaseKey.OpenSubKey($AdministratorsKey,$true)
            $SubKey.SetValue("IsInstalled",1,[Microsoft.Win32.RegistryValueKind]::DWORD)
            $SubKey = $BaseKey.OpenSubKey($UsersKey,$true)
            $SubKey.SetValue("IsInstalled",1,[Microsoft.Win32.RegistryValueKind]::DWORD)
            Write-Host "Successfully enabled IE ESC on $Computer"
            $SuccessComps += $Computer
        }
        catch {
            Write-Host "Failed to enable IE ESC on $Computer"
            $FailedComps += $Computer
        }
        
    }
}

end{
    if($OutputToLogs) {
        $SuccessComps | Out-File "c:\successcomps.txt"
        $FailedComps | Out-File "c:\failedcomps.txt"
    }
}

 

posted @ 2014-01-14 21:58  Edward Guan  阅读(1283)  评论(0编辑  收藏  举报