I'm trying this question again because apparently it didn't demonstrate enough effort to solve the problem, so I will list step by step what I have done and what is not working. If you are doubting the level of effort I have been back and forth on this problem for 2 days (other stuff did get in the way), and most every effort and finding something brings to documentation that is about a different server version, a different setup (generally with Active Directory) and precisely zero helpful information about what, in totality, actually has to be set to make this work.
The final result that I need is that for users the Internet Explorer security is set to Medium. This is because QuickBooks, which is what users use this server to run, insists on using IE and complains about the high settings, so our usual solution for working around the Windows IE security dance is not available (our usual solution being to just install Chrome for them).
The result has to include QuickBooks understanding that that is the setting.
I have a Windows Server 2008 R2, with terminal services enabled. There is no Active Directory involved on this server. The version of Internet Explorer is 11.0.2. We are primarily a linux shop on the server end and only have a small windows server for this purpose.
Using the local Group Policy Object editor, for a specific user (this is the current state, I have tried doing it for the Local Computer policy, in both the computer configuration and the user configuration) Under User Configuration/Windows Components/Internet Explorer/Internet Control Panel/Security Page, the Lock-Down Internet Zone and the Internet Zone templates are set to enabled and to medium.
The user has logged out and logged back in to activate the policy (that is what I have found needs to be done, but I could be wrong about that).
A solution that lets the user edit the tab would be fine too, but I don't see that option anywhere. The inline description on the Disable the Security page of the Internet Control Panel under "Security Zones: Do not allow users to change policies". I finally found that policy, and disabling it had no effect on the situation, so clearly something else is locking this, but I have no idea what.
At this point, the settings remain on high on the Tools->Options->Security tab from internet explorer for the user, and QuickBooks continues to detect them as high. The user remains unable to edit the security tab, even though there is no setting regarding disabling the security tab active (and I can't find a corresponding enabling the tab or giving the user rights to manipulate it).
All advice so far has generally been inaccurate, as it jumps to how things are under Active Directory - and they are not the same. The underlying setting or group policy structure may be the same, but that isn't obvious to me, and I don't accept that that level of familiarity is necessary to ask a question, especially when you could just as easily be dinged for lack of knowledge for getting it wrong.
So where is the setting (yes that comment got me in all the hot water on the last revision, but there it is again) to enable lower security in Internet Explorer for non-admin users or to allow users to set it themselves? I can't find it, and it is not for lack of trying, or because I don't understand system administration basics (although I will readily admit to not being an expert, and especially not in Windows Server system administration). The Group policy represents a tree of tens of thousands of settings, and it is not obvious what the right setting is.
This user has the same type of problem, but no resolution is provided in that thread.
Running rsop.msc on a user account shows that the policy is enabled as expected. But the computer behavior doesn't match.
I suggest using Group Policy & the Internet Explorer Maintenance Extension for this.
For Local Group Policy on your server open up the Group Policy Object Editor. (Start > run > mmc > Add/Remove Snap-ins > Group Policy Object Editor)
Navigate to
\Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page
In the right pane you will see Internet Zone Template. Right click to edit the template. Select Enable and from the drop down you can select your security level setting. This same process works for the Intranet Zone as well.
Also disabling IE Enhanced Security Configuration will allow you to change the Internet Zone. Server Manager > Configure IE ESC under Security Information: