Re: Windows XPx64 does not require user authenication against Shar



"StanP" <sep@xxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E5B1C637-0261-4EE2-8B44-B764840DFA33@xxxxxxxxxxxxxxxx
Thanks again Roger, I posted to the SP groups before coming here. No one
is
replying, or suggesting, guess I'm on my own with this one.

Thank again, personnally, I think it's a bug in the x64 interaction with
Sharepoint ir IIS.


I don't know about that, at long distance lacking full specifics of the
SP config. However, it really does not make sense that the server
will have such radical behavior change based only on version of
the client OS.
You are welcome, for what it was . . .
Roger

"Roger Abell [MVP]" wrote:

I would suggest that you post to one of the Sharepoint newsgroups
as the granting of access to all sites on the Sharepoint server at the
site admin level must be due to some misconfig of the Sharepoint
roles. Just how that plays out with an account getting that level of
access when authentication is behind the scene with integrated
authentication, but is not the access level obtained when credentials
must be explicitly provided upon prompt is, frankly, rather hard to
fathom, at least assuming the same account is what ends up being
authenticated in both cases.

In the meantime you might consider using the IE adm template
settings via GPO to force the Internet options config on systems.

Roger
"StanP" <sep@xxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6D70176A-1E7E-441E-910E-6E7796733137@xxxxxxxxxxxxxxxx
Roger,

Sorry I didn't answer your other points,

So, if a machine local account logs into an x64 XP it gets prompted
when attempting access to any of those Sharepoint webs, but if ANY
domain account logs in then it can access ANY of the Sharepoint webs
even though some of them are restricted so they should not allow that
domain account. Correct summary?

Yes this is correct, however without changing the settings that I
discribed in my first reply, they don't get prompted, they have full
access and that is not a good thing at all. All they have to do is be
a
member of the Domain within where the Sharepoint sites reside and
they
get access, period, to both Top level portals and sub sites they are
not
setup in.<<

To prevent those who will never have a need to access these site I have
gone
one step further, I have placed the Sharepoint URLS within a Restricted
Zone,
and have set the User Authenication/Logon to "Anonymous logon". This
thoughs
then into a You are not authorized page since the SS portals deny this
type
of logon.


"Roger Abell [MVP]" wrote:

"StanP" <sep@xxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:044BB026-22C1-4F22-AE63-0EF30D421CC8@xxxxxxxxxxxxxxxx
I have a mixed environment with x86 and x64 XP systems. All have the
updates
required and most access Sharepoint 2003 portals. Anonymous Access
is
not
allowed, Windows Authentication is required, however have found that
none
of
the x64 clients are prompted for user credentials (DOMAIN\username
and
password) while all x86 clients are. All are required to login to
the
domain
to gain access, but after that the x64 clients do not need to
re-validate
to
gain access to the Sharepoint sites, even if they are not setup as
vaild
users to those sites.

Any and all ideas as to how to prevent this would be very very much
appreciated.


Well, I thought I had a likely cause, until I got to your statement
even if they are not setup as vaild users to those sites
I was thinking to explain this by differences in the Internet options
security settings and/or zone recognition differences between the
machines, specifically as those impact whether Windows authentication
is allowed in the IE settings.

So, if a machine local account logs into an x64 XP it gets prompted
when attempting access to any of those Sharepoint webs, but if ANY
domain account logs in then it can access ANY of the Sharepoint webs
even though some of them are restricted so they should not allow that
domain account. Correct summary?

If only specific domain accounts show this, while logged in as one,
have you checked for cached network credentials ? in the properties
of the account in control panel ?

Roger








.



Relevant Pages

  • Re: MOSS Authentication Mechanism
    ... Configure Kerberos authentication (Office SharePoint Server) ... User A logged in using his domain account to A's PC, ... A and B's PC have more or less same configuration. ...
    (microsoft.public.sharepoint.portalserver)
  • Re: MOSS Authentication Mechanism
    ... Does A and B user has the same rights to the library and/or in sharepoint? ... Configure Kerberos authentication ... User A logged in using his domain account to A's PC, ...
    (microsoft.public.sharepoint.portalserver)
  • Re: Windows XPx64 does not require user authenication against Shar
    ... Sharepoint ir IIS. ... authentication, but is not the access level obtained when credentials ... when attempting access to any of those Sharepoint webs, ... domain account logs in then it can access ANY of the Sharepoint webs ...
    (microsoft.public.windows.server.security)
  • Re: MOSS Authentication Mechanism
    ... I believe sharepoint page has been added to browers' settings. ... I would rather suggest to check the browser security settings and adding ... Configure Kerberos authentication ... User A logged in using his domain account to A's PC, ...
    (microsoft.public.sharepoint.portalserver)
  • Re: old domain account keeps on being referenced
    ... > use a user's domain account instead of his new one. ... > sharepoint services on windows 2003 server with sqlserver as the backend. ... > email and the correct display name. ... > we thought it was an active directory thing. ...
    (microsoft.public.sharepoint.windowsservices)