We still run an old school NT4 domain using Samba 3. We are replacing a domain member server running Windows Server 2003 with one running Windows Server 2012 R2. Our users connect to the server via Remote Desktop. The users run Quickbooks Enterprise 15 in the remote desktop session. The users are not local administrators and by default, users starting the QBES application receive the following error:
The users are not administrators and are not able to make changes to their security settings by clicking the "Make Changes" button. We need to make system-wide changes to get our server/users working properly.
First, we need to disable Internet Explorer Enhanced Security Configuration. To do this, login to the server as an administrator, start Server Manager, select Local Server. In the right-pane/right-column, click "On" next to "IE Enhanced Security Configuration".
In the new window, select "Off' for both Administrators and Users.
Click "OK" to save.
I have seen some reports that this single changes fixed it for some users. This was not the case for me. My guess is that the users that only had to make this change had local administrator privileges.
Next, make the following registry changes via an administrator account to make system-wide Internet security changes to the server.
This registry value will force all users to only user the security settings that have been set in HKEY_LOCAL_MACHINE, rather then unique settings for each user.
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
"Security_HKLM_only "=dword:00000001
For QBES, we need to make changes to the Internet security zone. The "Internet" zone is zone 3. I set both MinLevel and CurrentLevel to 11000, which is "Medium" security.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"CurrentLevel"=dword:00011000
"MinLevel"=dword:00011000