当在Windows Sever 2008 R2中运动IE8的时候会发现默认情况下IE启用了增强的安全配置,为了方便而且是在内网的情况下我们可以关闭IE8的增强安全配置,操作很简单如下步骤。
一,以本机管理员或是域管理员的身份登陆系统,在“开始”菜单-->“管理工具”-->“服务器管理器”,如下图:(或者点击任务栏上的服务器管理器图标即可)
二,或者在“开始”菜单-->“运行”中输入“servermanager.msc”回车即可,如下图:
三,在打开的服务器管理器窗口中选中“服务器管理器”,然后单右边窗口中的“配置 IE ESC”如下图:
在接下来打开的新窗口中,分别选中“管理员”-->“禁用”,“用户”-->“禁用”。默认情况是开启的,这里全部禁用即可,如下图:
PowerShell 本地化脚本:
Disable-InternetExplorerESC.ps1
function Disable-InternetExplorerESC {
$AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
$UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value
Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value
Stop-Process -Name Explorer
Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green
}
Disable-InternetExplorerESC
Enable-InternetExplorerESC.ps1
function Enable-InternetExplorerESC {
$AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
$UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value
Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value
Stop-Process -Name Explorer
Write-Host "IE Enhanced Security Configuration (ESC) has been enabled." -ForegroundColor Green
}
Enable-InternetExplorerESC
PowerShell 远程脚本:
Disable-IEESC.PS1
<#
.Synopsis
Disables Internet Explorer Enhanced Security(IE ESC).
.Description
This script disables IE ESC on list of given Windows servers
.Parameter ComputerName
Computer name(s) for which you want to disable IE ESC.
.Parameter OutputToLogs
This option allows you to save the failed and successful computer names to text files in
c:\ drive. The successful computer will be avialable in c:\successcomps.txt file and the
failed computers will be in c:\failedcomps.txt
.Example
Disable-IEESC.PS1 -ComputerName Comp1, Comp2
Disables IE ESC on Comp1 and Comp2
.Example
Disable-IEESC.PS1 -ComputerName Comp1, Comp2 -OutputToLogs
Disables IE ESC and stores output in logfiles located in c:\
.Example
Get-Content c:\servers.txt | Disable-IEESC.PS1 -OutputToLogs
Disables IE ESC on computers listed in servers.txt and saves success and failed computers list to c:\
.Notes
NAME: Disable-IEESC.PS1
AUTHOR: Sitaram Pamarthi
WEBSITE: http://techibee.com
#>
[cmdletbinding()]
param(
[parameter(ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)]
[string[]]$ComputerName = $env:computername,
[switch]$OutputToLogs
)
begin {
$AdministratorsKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
$UsersKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
$SuccessComps =@();
$FailedComps = @();
}
process {
foreach($Computer in $ComputerName) {
if(!(Test-Connection -Computer $Computer -count -ea )) {
Write-Host "$Computer NOT REACHABLE"
$FailedComps += $Computer
continue
}
Write-Host "Working on $Computer"
try {
$BaseKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine",$Computer)
$SubKey = $BaseKey.OpenSubKey($AdministratorsKey,$true)
$SubKey.SetValue("IsInstalled",,[Microsoft.Win32.RegistryValueKind]::DWORD)
$SubKey = $BaseKey.OpenSubKey($UsersKey,$true)
$SubKey.SetValue("IsInstalled",,[Microsoft.Win32.RegistryValueKind]::DWORD)
Write-Host "Successfully disabled IE ESC on $Computer"
$SuccessComps += $Computer
}
catch {
Write-Host "Failed to disable IE ESC on $Computer"
$FailedComps += $Computer
}
}
}
end{
if($OutputToLogs) {
$SuccessComps | Out-File "c:\successcomps.txt"
$FailedComps | Out-File "c:\failedcomps.txt"
}
}
Enable-IEESC.PS1
<#
.Synopsis
Enables Internet Explorer Enhanced Security(IE ESC).
.Description
This script enables IE ESC on list of given Windows servers
.Parameter ComputerName
Computer name(s) for which you want to enable IE ESC.
.Parameter OutputToLogs
This option allows you to save the failed and successful computer names to text files in
c:\ drive. The successful computer will be avialable in c:\successcomps.txt file and the
failed computers will be in c:\failedcomps.txt
.Example
Enable-IEESC.PS1 -ComputerName Comp1, Comp2
Enables IE ESC on Comp1 and Comp2
.Example
Enable-IEESC.PS1 -ComputerName Comp1, Comp2 -OutputToLogs
Enables IE ESC and stores output in logfiles located in c:\
.Example
Get-Content c:\servers.txt | Enable-IEESC.PS1 -OutputToLogs
Enables IE ESC on computers listed in servers.txt and saves success and failed computers list to c:\
.Notes
NAME: Enable-IEESC.PS1
AUTHOR: Sitaram Pamarthi
WEBSITE: http://techibee.com
#>
[cmdletbinding()]
param(
[parameter(ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)]
[string[]]$ComputerName = $env:computername,
[switch]$OutputToLogs
)
begin {
$AdministratorsKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
$UsersKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
$SuccessComps =@();
$FailedComps = @();
}
process {
foreach($Computer in $ComputerName) {
if(!(Test-Connection -Computer $Computer -count -ea )) {
Write-Host "$Computer NOT REACHABLE"
$FailedComps += $Computer
continue
}
Write-Host "Working on $Computer"
try {
$BaseKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine",$Computer)
$SubKey = $BaseKey.OpenSubKey($AdministratorsKey,$true)
$SubKey.SetValue("IsInstalled",,[Microsoft.Win32.RegistryValueKind]::DWORD)
$SubKey = $BaseKey.OpenSubKey($UsersKey,$true)
$SubKey.SetValue("IsInstalled",,[Microsoft.Win32.RegistryValueKind]::DWORD)
Write-Host "Successfully enabled IE ESC on $Computer"
$SuccessComps += $Computer
}
catch {
Write-Host "Failed to enable IE ESC on $Computer"
$FailedComps += $Computer
}
}
}
end{
if($OutputToLogs) {
$SuccessComps | Out-File "c:\successcomps.txt"
$FailedComps | Out-File "c:\failedcomps.txt"
}
}