| |||||
| |||||
By default, Microsoft Windows Server 2003 provides a set of security settings called Internet Explorer Enhanced Security Configuration. These settings limit the types of content that a user at the server can view using Microsoft Internet Explorer, except for sites listed in the Local intranet and Trusted sites zones. For example, by default, scripting on pages available from the Internet does not run. The goal of these settings is to help ensure that a local user on a computer that is also running as a server does not download a virus or other harmful files from the Internet and infect the server. Internet Explorer Enhanced Security Configuration doesn't affect remote users viewing content on the server, only users running Internet Explorer on the server computer itself.
Important Using Internet Explorer Enhanced Security Configuration on a Web server running Microsoft Windows SharePoint Services prevents some code that is necessary for viewing site pages or SharePoint Central Administration pages from running. Again, remote users with proper access rights can view the pages correctly, but a user running Internet Explorer on the server computer is unable to view or manage the site. Note also that the user at the server computer is unable to view and manage a remote SharePoint site, because of the security settings.
For single server deployments, running Windows SharePoint Services by using the default host name localhost allows you to view the pages. This is not recommended for more complex deployments, such as header-based host sites or server farms.
It is recommended that you add the URLs of all virtual servers that are hosted to the Internet Explorer Local intranet zone. In a server farm, you must also add the URLs of all domain-named sites to the list of local intranet sites. The advantage of this approach is that it helps secure local server computers by taking advantage of the Internet Explorer Enhanced Security Configuration and also allows administrators to manage local and remote SharePoint sites directly from a server computer. The disadvantage of this approach is that you must ensure that all Web servers and domain-named sites are added to the list of local intranet sites on every server in the deployment.
For example, if a server farm hosts the sites http://site1 and http://site2, you must add both site1 and site2 to the list of local intranet sites. In addition, you must add the names of each front-end Web server that is a member of the server farm to the list of local intranet sites. For example, if you have a server farm that includes two database servers named sql1 and sql2, and three front-end Web servers named it1, it2, and it3, you must add it1, it2, and it3 to the list of intranet sites. You must add all these server names and domain-named sites to the list of local intranet sites on each front-end Web server.
If you are not concerned about users working locally at the Web server, you can remove Internet Explorer Enhanced Security Configuration using Add or Remove Programs. The advantage of this solution is that it requires less time to configure server settings. This is of particular advantage for header-based host sites or server farms. The disadvantage of removing the enhanced security configuration is that it may leave the server computer vulnerable to attack by malicious users.