need to change IE security levels for LOCAL users on Win 2k3 Serve

Discussion in 'Windows Server' started by ZippyDan, May 24, 2009.

  1. ZippyDan

    ZippyDan Guest


    No Domain
    Windows Server 2k3 running Citrix App Server for
    QuickBooks 2009 Enterprise

    Citrix is using LOCAL User profiles to login via Terminal Services
    QuickBooks complains about 5 times about various IE security issues
    (security level and trusted sites) every time a Citrix client logs in. This
    is confusing and annoying for my newbie users.

    I'm not terribly concerned about IE security on this machine as the Users do
    not have direct access to IE and the machine is not used for casual browsing.

    I have already uninstalled the Enhanced Internet Explorer Security addon for
    both Administrators and Users, but I can't find an easy way to change the IE
    security settings for each User. When I login as each User, it appears they
    don't have the permissions to change IE security settings.

    Can anyone help me with this situation? Remember they are LOCAL users not
    Domain Users, thanks.
    ZippyDan, May 24, 2009
    1. Advertisements

  2. Hello ZippyDan,

    YOU can use the local computer policies to configure IE for the w2k3 server

    a.. Click Start | Run, type mmc and press enter
    Console1 window pops up
    a.. Click Console
    a.. Select Add/Remove Snap-in...
    a.. Click Add button
    a.. Scroll to Group Policy within the Add Standalone Snap-in dialog
    a.. Highlight Group Policy snap-in and click Add button.
    a.. Click Finish when prompted to finish with Local Computer as the Group
    Policy Object.
    a.. Click Close
    a.. Click OK

    Scroll to User Configuration, Windows Settings, Internet Explorer.

    Hope this helps

    Isaac Oben [MCITP:EA, MCSE], May 25, 2009
    1. Advertisements

  3. ZippyDan

    ZippyDan Guest

    Well that seemed helpful at first but:

    When I try to access those policy settings, it warns me that settings I make
    there only apply if Enhanced Internet Explorer Security is installed. But
    with Enhanced Internet Explorer Security I cannot change the Internet to
    medium security level, which is what I need...
    ZippyDan, May 26, 2009
  4. ZippyDan

    ZippyDan Guest


    ZippyDan, May 28, 2009
  5. ZippyDan

    Alan K Guest

    Thank you for that post Isaac!

    With your instruction we were finally able to remove the Quickbooks/IE
    Security nag.
    Alan K, Jun 2, 2009
  6. ZippyDan

    Alan K Guest

    You obviously didn't read or understand the warning prompt ZD.

    It says: You've chosen to import settings that are compatible with
    computers that DON'T HAVE the IEESC enabled. The settings will be ignored
    where the IEESC is enabled.

    It's Micrsoft's standard double-negative speak. Those who work with GPO's
    know it very well. Anyway, in your initial post you said you had already
    disabled the IEESC. So if you follow the presented
    CONTINUE on the prompt and then you can modify the security sliders to
    whatever you want. It's a global setting so whatever you select will be the
    default for everyone (including admins and TS users).

    In our case, we only had to enable the setting Issac mentioned. We did not
    alter the actual security sliders in any way. The QB nag was gone once
    changed the policy.

    Does it make sense now?
    Alan K, Jun 2, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.