Microsoft KB Archive/908784

= New users are still limited by the Internet Explorer Enhanced Security Configuration component in Windows Server 2003 after this component is removed =

Article ID: 908784

Article Last Modified on 10/11/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
 * Microsoft Windows Server 2003, Datacenter x64 Edition
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard x64 Edition
 * Microsoft Windows Server 2003, Web Edition

-





SYMPTOMS
New users are limited to visiting only the sites that are listed in the Local intranet and Trusted sites zones in Microsoft Internet Explorer. This symptom occurs even though you uninstalled the Internet Explorer Enhanced Security Configuration component in Microsoft Windows Server 2003.



RESOLUTION
To resolve this problem, use one of the following methods.

If this problem has not already occurred
To prevent this problem when you are using Sysprep, add the following line to the Sysprep.inf file:

[UNATTENDED]

UpdateServerProfileDirectory=0

If this problem has already occurred
If this problem has already occurred, use one of the following methods.

The server is a member of a domain
If the server is a member of a domain, use an .adm template to unlock users who have to run a computer without the enhanced security. To obtain this .adm template, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?familyid=d41b036c-e2e1-4960-99bb-9757f7e9e31b&displaylang=en

The server is not a member of a domain
 Create a new user account. Name this account &quot;Test_User.&quot; Add the Test_User user account to the Administrators group. Log on by using the Test_User account. The Test_User account can visit only those sites that are listed in the Local intranet and Trusted sites zones in Internet Explorer. Add the Internet Explorer Enhanced Security Configuration component. To do this, follow these steps:  Click Start, point to Control Panel, and then click Add or Remove Programs. Click Add/Remove Windows Components. In the Components list, click to select the Internet Explorer Enhanced Security Configuration check box, and then click Next.</li> Click Finish.</li></ol> </li> Remove the Internet Explorer Enhanced Security Configuration component. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, point to Control Panel, and then click Add or Remove Programs.</li> Click Add/Remove Windows Components.</li> In the Components list, click to clear the Internet Explorer Enhanced Security Configuration check box, and then click Next.</li> Click Finish.</li></ol> </li> Log off the computer.</li> Log on to the computer by using a different Administrator account.</li> Rename the Ntuser.dat file in the following folder as &quot; Ntuser.OLD&quot;:

Documents and Settings\Default User

</li> Copy the Ntuser.dat file from the Documents and Settings\ folder to the following folder:

Documents and Settings\Default User

</li> Fix the existing user profiles. To fix the existing user profiles, use either of the following methods. <ul> Method 1: Repair existing user profiles that are new or that contain few changes <ol> Back up any important files that are located in the following folder:

Documents and Settings\ \My Documents

Important Note the user name in this folder.</li> Delete the following folder:

Documents and Settings\

</li> Log off the computer, and then log back on by using the user name that you noted in step 1. When you log back on, the user's profile is re-created by the new Ntuser.dat file.</li> <li>Restore any backed-up files to the following folder:

Documents and Settings\ \My Documents

</li></ol> </li> <li>Method 2: Repair existing user profiles that contains extensive changes <ol> <li>Temporarily add the user account for the user who is experiencing this problem to the Administrators group.</li> <li>Log on by using the user account from step 1.</li> <li>Add the Internet Explorer Enhanced Security Configuration component. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Click Start, point to Control Panel, and then click Add or Remove Programs.</li> <li>Click Add/Remove Windows Components.</li> <li>In the Components list, click to select the Internet Explorer Enhanced Security Configuration check box, and then click Next.</li> <li>Click Finish.</li></ol> </li> <li>Uninstall the Internet Explorer Enhanced Security Configuration component. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Click Start, point to Control Panel, and then click Add or Remove Programs.</li> <li>Click Add/Remove Windows Components.</li> <li>In the Components list, click to clear the Internet Explorer Enhanced Security Configuration check box, and then click Next.</li> <li>Click Finish.</li></ol> </li> <li>Log off, and then log on by using a different user account that is a member of the Administrators group.</li> <li>Remove the user from the Administrator's group.</li></ol> </li></ul> </li></ol>

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

<div class="moreinformation_section">

About Internet Explorer Enhanced Security Configuration
By default, Microsoft Windows Server 2003 provides the Internet Explorer Enhanced Security Configuration set of security settings. These settings limit the types of content that a user who is at the server can view by using Microsoft Internet Explorer. However, the user can still view sites that are listed in the Local intranet and Trusted sites zones. By default, scripting on pages that are available from the Internet does not run. These settings help to make sure that a local user on a server computer does not download a virus or a harmful file from the Internet that can infect the server. Internet Explorer Enhanced Security Configuration does not affect remote users who are viewing content on the server. Internet Explorer Enhanced Security Configuration only affects users who are running Internet Explorer on the server computer.

Technical support for Windows x64 editions
Your hardware manufacturer provides technical support and assistance for Microsoft Windows x64 editions. Your hardware manufacturer provides support because a Windows x64 edition was included with your hardware. Your hardware manufacturer might have customized the Windows x64 edition installation with unique components. Unique components might include specific device drivers or might include optional settings to maximize the performance of the hardware. Microsoft will provide reasonable-effort assistance if you need technical help with your Windows x64 edition. However, you might have to contact your manufacturer directly. Your manufacturer is best qualified to support the software that your manufacturer installed on the hardware.

For product information about Microsoft Windows XP Professional x64 Edition, visit the following Microsoft Web site:

http://www.microsoft.com/windowsxp/64bit/default.mspx

For product information about Microsoft Windows Server 2003 x64 editions, visit the following Microsoft Web site:

http://www.microsoft.com/windowsserver2003/64bit/x64/default.mspx

Additional query words: Winx64 Windowsx64 64bit 64-bit

Keywords: kbtshoot KB908784

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.