Monday, December 21, 2015

Quickbooks Enterprise via Remote Desktop - Internet Security Levels Are Set Too High

We still run an old school NT4 domain using Samba 3. We are replacing a domain member server running Windows Server 2003 with one running Windows Server 2012 R2. Our users connect to the server via Remote Desktop. The users run Quickbooks Enterprise 15 in the remote desktop session. The users are not local administrators and by default, users starting the QBES application receive the following error:
 
The users are not administrators and are not able to make changes to their security settings by clicking the "Make Changes" button. We need to make system-wide changes to get our server/users working properly.

First, we need to disable Internet Explorer Enhanced Security Configuration. To do this, login to the server as an administrator, start Server Manager, select Local Server. In the right-pane/right-column, click "On" next to "IE Enhanced Security Configuration".

 In the new window, select "Off' for both Administrators and Users.
Click "OK" to save.

I have seen some reports that this single changes fixed it for some users. This was not the case for me. My guess is that the users that only had to make this change had local administrator privileges.

Next,  make the following registry changes via an administrator account to make system-wide Internet security changes to the server.

This registry value will force all users to only user the security settings that have been set in HKEY_LOCAL_MACHINE, rather then unique settings for each user.

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
"Security_HKLM_only "=dword:00000001

For QBES, we need to make changes to the Internet security zone. The  "Internet" zone is zone 3. I set both MinLevel and CurrentLevel to 11000, which is "Medium" security.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"CurrentLevel"=dword:00011000
"MinLevel"=dword:00011000

If you prefer other security settings, see this page (https://support.microsoft.com/en-us/kb/182569) for details.

This support page (https://support.microsoft.com/en-us/kb/833633) from Microsoft is where I found a lot of helpful information.

Posted by at

4 comments:

Noel said...

Awesome. This worked like a charm. Thank You so much!!!

September 14, 2016 at 4:05 PM
Unknown said...
This comment has been removed by a blog administrator.
August 27, 2017 at 8:29 PM
Jack said...
This comment has been removed by a blog administrator.
November 26, 2017 at 8:02 AM
Unknown said...

Perfect. Looked everywhere to find this. Server 2016 AWS GPOs didn't work for me but this did.

November 27, 2018 at 9:19 PM

Post a Comment

Subscribe to: Post Comments (Atom)