Howto disable Content Advisor on your Terminal Servers

1 Aug

So Internet Explorer contains a feature that’s called Content Advisor and can block and allow sites. Content Advisor can be managed with GPO but it’s very tricky, especially in a SBC environment.

When you want to use Content Advisor GPO’s you need to apply them on an OU with users in it. Altough it is a User Configuration policy do NOT apply it on an OU that contains servers. Even with loopback mode enabled and security filtering on your GPO Content Advisor will write data in the HKLM part of you registry and therefore apply to all your users that logon to your Terminal Servers. Just removing your policy will not undo the damage. So if you run in to this problem this is what you need to do.

First make sure your Content Advisor policy is disabled again. Open your GPO manager and click User Configuration\Windows Settings\Internet Explorer Maintenance\Security\Security\Security Zones and Content Ratings. Do not customize content ratings must be set.

Next you need to inspect the registry of the servers you applied the policy to. Browse to HKLM\Software\Microsoft\Windows\CurrentVersion\Policies and inspect the Ratings key. It needs to be empty. If there is data in there just delete the whole key.

With a fresh restart of Internet Explorer the Content Advisor will be set to default (disabled).

Comments

Leave a Reply