Blog: Terminal Server

When building a terminal server, don’t forget to uninstall IE Enhanced Security BEFORE you install terminal services on a Windows 2003 Server, especially if you plan to sysprep the server and image it. For some reason, if you don’t do this, certain keys are left behind in the registry and in the default profile user hive (ntuser.dat file) that cause issues. IEES is uninstalled, but new user profiles created on that server still have remnants and do not function as expected. Users may get the IEES pop-ups when visiting any site that is not in their trusted sites list and it seems to affect JavaScript execution privileges as well. Here is the Microsoft article that addresses this issue ( The workaround if this has happened is to follow Method 4 and then rebuild the affected profiles. If Method 3 is followed, it doesn’t seem be a complete fix from our experience.


When installing an application on a terminal server it is necessary to change the server to install mode by running “change user /install” from a command prompt or by performing the install through “Add/Remove Programs.”  After the installation you must run “change user /execute” to bring it out of install mode.  This ensures that the .ini files for the installed application are stored in the Terminal Server system directory.  These files are used as the master copies for the user-specific .ini files. 

Why is this important?  [more]When a user runs an application for the first time, the application looks in the home directory for its .ini files.  If it does not find them in the home directory it will look in the Terminal Server system directory and copy them to the user’s home directory.  If an application is installed while the server is not in install mode, the .ini files will be saved to the home directory.  New users will therefore be unable to pull down the .ini files from the Terminal Server system directory, and the application will not run.