IE Enhanced Security Mode and Turning it off

Refer to  Zenapp for original post. I have added a little bit myself.

IEESC (IE Enhanced Security Mode) is a very good feature on most servers – you shouldn’t be doing much web surfing from your server’s desktop anyway and this helps protect you from malware, which is the last thing you want on a Windows Server system.
Of course if Microsoft had any guts IE would be disabled by default, but I digress.

Is it on or off?
The obvious way is to start IE, and your home page is set to res://shdoclc.dll/hardAdmin.htm, which shows you it’s enabled. This is not accurate because I can manually set my home page to this address, and it will shows it’s Enabled, even it’s NOT. As shown in the following picture.


Turning off IE ESC Manually
On Windows 2003 Server it was easy – just open up Add/Remove Programs and remove the component from the server – IE becomes fully opened up.

Windows Server 2008 and 2008 R2 had a nice easy way to do this as well.  Just load up Server Manager (you know, that annoying screen that pops up every time you log in… okay, its in Administrative Tools if you have never used a computer before). Use servermanager.msc command to bring it up if you don’t have it opened.  About a third down, see the Configure IE ESC link. 

Click it and you should see this box – by default a XenApp 6 server will have IE ESC turned off the users (cleverly) but on for administrators (annoyingly, especially if you are an administrator and you actually use Citrix).  Configure as you see fit – personally its Off for both for me on all Citrix servers.