Windows Server 2008 R2中关闭“IE增强的安全配置”
2014-01-14 21:58
477 查看
当在Windows Sever 2008 R2中运动IE8的时候会发现默认情况下IE启用了增强的安全配置,为了方便而且是在内网的情况下我们可以关闭IE8的增强安全配置,操作很简单如下步骤。
一,以本机管理员或是域管理员的身份登陆系统,在“开始”菜单-->“管理工具”-->“服务器管理器”,如下图:(或者点击任务栏上的服务器管理器图标即可)
二,或者在“开始”菜单-->“运行”中输入“servermanager.msc”回车即可,如下图:
三,在打开的服务器管理器窗口中选中“服务器管理器”,然后单右边窗口中的“配置 IE ESC”如下图:
在接下来打开的新窗口中,分别选中“管理员”-->“禁用”,“用户”-->“禁用”。默认情况是开启的,这里全部禁用即可,如下图:
PowerShell 本地化脚本:
PowerShell 远程脚本:
一,以本机管理员或是域管理员的身份登陆系统,在“开始”菜单-->“管理工具”-->“服务器管理器”,如下图:(或者点击任务栏上的服务器管理器图标即可)
二,或者在“开始”菜单-->“运行”中输入“servermanager.msc”回车即可,如下图:
三,在打开的服务器管理器窗口中选中“服务器管理器”,然后单右边窗口中的“配置 IE ESC”如下图:
在接下来打开的新窗口中,分别选中“管理员”-->“禁用”,“用户”-->“禁用”。默认情况是开启的,这里全部禁用即可,如下图:
PowerShell 本地化脚本:
Disable-InternetExplorerESC.ps1
function Disable-InternetExplorerESC { $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0 Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0 Stop-Process -Name Explorer Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green } Disable-InternetExplorerESC
Enable-InternetExplorerESC.ps1
function Enable-InternetExplorerESC { $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 1 Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 1 Stop-Process -Name Explorer Write-Host "IE Enhanced Security Configuration (ESC) has been enabled." -ForegroundColor Green } Enable-InternetExplorerESC
PowerShell 远程脚本:
Disable-IEESC.PS1
<# .Synopsis Disables Internet Explorer Enhanced Security(IE ESC). .Description This script disables IE ESC on list of given Windows 2008 servers .Parameter ComputerName Computer name(s) for which you want to disable IE ESC. .Parameter OutputToLogs This option allows you to save the failed and successful computer names to text files in c:\ drive. The successful computer will be avialable in c:\successcomps.txt file and the failed computers will be in c:\failedcomps.txt .Example Disable-IEESC.PS1 -ComputerName Comp1, Comp2 Disables IE ESC on Comp1 and Comp2 .Example Disable-IEESC.PS1 -ComputerName Comp1, Comp2 -OutputToLogs Disables IE ESC and stores output in logfiles located in c:\ .Example Get-Content c:\servers.txt | Disable-IEESC.PS1 -OutputToLogs Disables IE ESC on computers listed in servers.txt and saves success and failed computers list to c:\ .Notes NAME: Disable-IEESC.PS1 AUTHOR: Sitaram Pamarthi WEBSITE: http://techibee.com #> [cmdletbinding()] param( [parameter(ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)] [string[]]$ComputerName = $env:computername, [switch]$OutputToLogs ) begin { $AdministratorsKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" $UsersKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" $SuccessComps =@(); $FailedComps = @(); } process { foreach($Computer in $ComputerName) { if(!(Test-Connection -Computer $Computer -count 1 -ea 0)) { Write-Host "$Computer NOT REACHABLE" $FailedComps += $Computer continue } Write-Host "Working on $Computer" try { $BaseKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine",$Computer) $SubKey = $BaseKey.OpenSubKey($AdministratorsKey,$true) $SubKey.SetValue("IsInstalled",0,[Microsoft.Win32.RegistryValueKind]::DWORD) $SubKey = $BaseKey.OpenSubKey($UsersKey,$true) $SubKey.SetValue("IsInstalled",0,[Microsoft.Win32.RegistryValueKind]::DWORD) Write-Host "Successfully disabled IE ESC on $Computer" $SuccessComps += $Computer } catch { Write-Host "Failed to disable IE ESC on $Computer" $FailedComps += $Computer } } } end{ if($OutputToLogs) { $SuccessComps | Out-File "c:\successcomps.txt" $FailedComps | Out-File "c:\failedcomps.txt" } }
Enable-IEESC.PS1
<#
.Synopsis
Enables Internet Explorer Enhanced Security(IE ESC).
.Description
This script enables IE ESC on list of given Windows 2008 servers
.Parameter ComputerName
Computer name(s) for which you want to enable IE ESC.
.Parameter OutputToLogs
This option allows you to save the failed and successful computer names to text files in
c:\ drive. The successful computer will be avialable in c:\successcomps.txt file and the
failed computers will be in c:\failedcomps.txt
.ExampleEnable-IEESC.PS1 -ComputerName Comp1, Comp2
Enables IE ESC on Comp1 and Comp2
.ExampleEnable-IEESC.PS1 -ComputerName Comp1, Comp2 -OutputToLogs
Enables IE ESC and stores output in logfiles located in c:\
.Example
Get-Content c:\servers.txt | Enable-IEESC.PS1 -OutputToLogs
Enables IE ESC on computers listed in servers.txt and saves success and failed computers list to c:\
.Notes
NAME: Enable-IEESC.PS1
AUTHOR: Sitaram Pamarthi
WEBSITE: http://techibee.com
#>
[cmdletbinding()]
param(
[parameter(ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)]
[string[]]$ComputerName = $env:computername,
[switch]$OutputToLogs
)
begin {
$AdministratorsKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
$UsersKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
$SuccessComps =@();
$FailedComps = @();
}
process {
foreach($Computer in $ComputerName) {
if(!(Test-Connection -Computer $Computer -count 1 -ea 0)) {
Write-Host "$Computer NOT REACHABLE"
$FailedComps += $Computer
continue
}
Write-Host "Working on $Computer"
try {
$BaseKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine",$Computer)
$SubKey = $BaseKey.OpenSubKey($AdministratorsKey,$true)
$SubKey.SetValue("IsInstalled",1,[Microsoft.Win32.RegistryValueKind]::DWORD)
$SubKey = $BaseKey.OpenSubKey($UsersKey,$true)
$SubKey.SetValue("IsInstalled",1,[Microsoft.Win32.RegistryValueKind]::DWORD)
Write-Host "Successfully enabled IE ESC on $Computer"
$SuccessComps += $Computer
}
catch {
Write-Host "Failed to enable IE ESC on $Computer"
$FailedComps += $Computer
}
}
}
end{
if($OutputToLogs) {
$SuccessComps | Out-File "c:\successcomps.txt"
$FailedComps | Out-File "c:\failedcomps.txt"
}
}
相关文章推荐
- 一次Mysql 死锁事故
- UIUC同学Jia-Bin Huang收集的计算机视觉代码合集
- iOS XML解析类库对比概述
- FWNX-working diary - enter with different orders-
- 黑马程序员-学习日志-操作基本数据类型的数据流
- Makefile学习
- ios 第4天
- python里面的几个编码函数
- redhat5下安装MySQL-5.6,默认密码无法进入的解决办法
- Emacs中的IRC -- Erc
- 提示确认某一操作的对话框实现
- Android本地接口JNI的使用分析
- Xcode 5 Tutorial - Change App Icon
- Java多线程系列--“基础篇”09之 interrupt()和线程终止方式
- 天正制图步骤
- 生成自定义区间随机整数
- 33-使用递推算法求出5!
- JSONKIT在Object C 中的实现小结
- 关于程序员的作息安排(个人拙见)
- [系统工具]VMware Workstation 10.0 官方中文版 (附注册机/序列号)