Disable IE Enhanced Security Configuration using Powershell

<#
.Synopsis
   Disables IE Enhanced Security Configuration
.DESCRIPTION
   Disables IE Enhanced Security Configuration
.EXAMPLE
   Disable-IEEnhancedSecurity 

   Disables IE ESC on local computer
.EXAMPLE
   Disable-IEEnhancedSecurity -ComputerName localhost, server1  -AdministratorOnly

   Disables IE ESC on a list of computer for Administartors only
.EXAMPLE
   Get-QADComputer | Where {$_.Os -match "server"} | Disable-IEEnhancedSecurity  -AdministratorOnly

   Disables IE ESC on servers passed in from another commandlet
#>
function Disable-IEEnhancedSecurity
{

    [CmdletBinding(SupportsShouldProcess=$true)]
    Param
    (
        # a computername o list of computernames
        [Parameter(Mandatory=$false,
                   ValueFromPipeline=$true,
                   ValueFromPipelineByPropertyName=$true,
                   Position=0)]
        [Alias("DnsHostname")]
        [string[]]$ComputerName=$env:COMPUTERNAME,
        
        # do not ping the computer first
        [Parameter(Mandatory=$false,
                   ValueFromPipeline=$false,
                   ValueFromPipelineByPropertyName=$false)]
        [switch]$DonotTestConnection,

        # disable for administrator only
        [Parameter(Mandatory=$false,
                   ValueFromPipeline=$false,
                   ValueFromPipelineByPropertyName=$false)]
        [switch]$AdministratorOnly
    )

    Begin
    {
        $OneLevelUpKey = "SOFTWARE\Microsoft\Active Setup\Installed Components"
        $AdministratorsKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
        $UsersKey = "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
        $CommonKey = "IsInstalled"
        New-Variable -Name RegistryValue -Description "Constant" -Value 0 -Option ReadOnly

        Write-Debug "Parameter Computername: $ComputerName"
        Write-Debug "Parameter DonotTestConnection: $DonotTestConnection"

        if ($AdministratorOnly.IsPresent) {
            $ShouldProcessString = "Disabling IE Enhanced Security for Administrators only"
        } else {
            $ShouldProcessString = "Disabling IE Enhanced Security for Administrators and Users"
        }
        
    }

    Process
    {
    
        Foreach( $computer in $ComputerName) {
            if ($PSCmdlet.ShouldProcess("$($computer)", $ShouldProcessString)) {

                if ($DoNotTestConnection.IsPresent) {
                    $connectionTestResult = $true
                } else {
                    $connectionTestResult = Test-Connection -ComputerName $computer -Count 1 -Quiet
                }

                if ($connectionTestResult) {


                    $HklmHive = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine",$computer)

                    $TopKey = $HklmHive.OpenSubKey($OneLevelUpKey,$true)
                    if ($TopKey.GetSubKeyNames() | where {$_ -like "{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" -or $_ -like "{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"}) {


                        $SubKey = $HklmHive.OpenSubKey($AdministratorsKey,$true)
                        $SubKey.SetValue($CommonKey,$RegistryValue,[Microsoft.Win32.RegistryValueKind]::DWORD)
                        $SubKey.Close()

                        if (-not $AdministratorOnly.IsPresent) {
                            $SubKey = $HklmHive.OpenSubKey($UsersKey,$true)
                            $SubKey.SetValue($CommonKey,$RegistryValue,[Microsoft.Win32.RegistryValueKind]::DWORD)
                            $SubKey.Close()
                        }

                        #Get-Process -name explorer | Stop-Process
                    } else {
                        Write-Warning "Computer $computer does not contain IE Enhanced Security, it probaly isn't a server system"
                    }
                } else {
                    Write-Warning "Computer $computer is unreachable"
                }
            } #should process
        } #for each
    }
    End
    {
    }
}


Advertisements

Tagged:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

smsagent

Tips, tricks and time-savers for the Windows and ConfigMgr administrator

To The Point

Anything about Technology and Business

Brian's Power Windows Blog

Microsoft in the Enterprise. Windows, Hyper-V, Exchange, SQL, and more!

PowerScripting Podcast

Shownotes and links for the PowerScripting Podcast, a podcast to help people learn Windows Powershell

Learn Powershell | Achieve More

What is this Powershell of which you speak?

%d bloggers like this: