Too many logons
For now we're running MOSS2007. Our users hate having to constantly log on when visiting the portal, opening a document from the portal, opening a document from an Office program, when starting Outlook and periodically afterwords, having to logon to MySites and the main portal site (technically, if the IE settings have been changed, they don't have to log into the main portal, but that doesn't help on MySites) and so on. The main problem about this is that the users bypass MOSS functionality by downloading files to their local machines when working on them as that bypasses the password pain. (In essence the issue makes many of the SharePoint advantages moot, justifying not using them.) Our security needs are straightforward: Most users access from within a single domain on a LAN, but almost everyone occasionally needs to access from outside the office, via a remote machine over the Internet. Many of our users, especially remotely, do not use IE as their browser. (Some don't use PCs or Windows, either.) I've been looking at recommendations for fixing this but the basic ones, involving changing security settings for IE don't seem to make a difference. Our current domain is a Windows 2003 one, but we've installed some Server 2008 servers one of which will ultimately become a DC. MOSS is running on Windows Server 2003. IIS authentication is set for Integrated Windows and Digest Authentication. I can't use a client based VPN because we can't support the users adequately, but I can set up an SSL VPN if that will help. So my question is: For our current MOSS 2007 set up, is there anything we can do to ease the pain? One other note, we're a small company. About 10-15 users inside the firewall and a varying group of freelancers and sales folks outside the firewall. That's why simplicity is the goal. Thanks everyone. Barry
November 11th, 2010 1:20pm
Ask you end user to add your site to their trusted site. Ask you end users to check "Remember my password" The outlook and Sharepoint are not on the same zone and they will get prompt. Use single sign on service which come with MOSS.Sara
November 11th, 2010 2:04pm
Hi BECohen, If I understand your question correctly, your meaning is that you want to simplify your login procedure so that you don’t have to logon everywhere and anytime, right? If it is so, I agree with Sara said above, you can try to use SSO(single sign on). It is a property of access control of multiple, related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. For more information about SSO, you can check the following articles: http://technet.microsoft.com/en-us/library/cc262932(office.12).aspx http://msdn.microsoft.com/en-us/library/dd586632(office.11).aspx Hope this helps. Regards.
November 12th, 2010 2:05am
HI Cohen, When you use Internet Explorer to access the WebDAV site, Internet Explorer uses Windows HTTP Services (WinHTTP). WinHTTP sends user credentials only in response to requests that occur on a local intranet site during an authenticated logon process. However, WinHTTP does not check the security zone settings in Internet Explorer to determine whether a Web site is a local intranet site. Instead, WinHTTP depends on the proxy settings in Internet Explorer to determine whether a Web site is a local intranet site. On the Client If the Automatically detect settings option is not enabled, any auto-configuration script that is defined will not be processed. WinHTTP will not identify the WebDAV site as a local intranet site. Therefore, WinHTTP will send out a request without user credentials, and you will be prompted to type user credentials. Set IE to Automatically Detect IE8 IE > Tools > Internet Options > Connections > Lan Settings > Automatically Detect Settings: Check to Enable then Click Ok and Ok again Note: This also assumes that the All of your WebApp FQFDNs are inYour Local Intranet Zone: Note Do NOT use Trusted Sites, this was only for version IE6 and earlier and I would have argued then it was incorrect... To Add Site to Local Intranet Zone IE8 >Tools >Internet Options >Security >Local Intranet> Sites>Advanced > Add > All of Your SitWebApps FQDN.. This is not necessary if you are connecting to the NetBios Name of the Site as Microsoft will authenticate top these sites as members of the Intranet Security Zone automatically On the WFEs Check if the WebServer > Role Service > WebDav Publishing is installed on the SharePoint Server. I have had this issue and the only way I found the resolution was with Fiddler, another farm to compare where I didn’t have the issue, and Google. Disabling the component is not enough, it must be removed completely from IIS using the following steps: Open Server Manager On the left side of the pane click on Roles Scroll down to the "Role Services" section, and click on "Remove Role Services" Under "web server" uncheck the box next to "WebDav Publishing" Choose Next, then choose Remove A reboot will be required There is a KB Article KB2171959 for this with MOSS 2007 and explorer view that was published July 7th http://support.microsoft.com/kb/2171959/en-us Reference Sudeep Gopalakrishnan http://www.pubsub.com/Webdav-folders-–-no-full-functionality_Windows-MOSS-7tB9oLk7rqi,fVoMRAEGZf3E Sean McDonough SharePoint, WebDAV, and a Case of the 405 Status Codes http://sharepointinterface.com/2009/12/28/sharepoint-webdav-and-a-case-of-the-405-status-codes/ Troubleshooting WebDav http://www.microsoft.com/downloads/details.aspx?FamilyId=C523AC7A-5724-48BE-B973-641E805588F4&displaylang=en Please ping back the post and let us know how it goes.. If necessary I can take a look at your configuration through LiveMeeting Cheers, -IvanIvan Sanders My LinkedIn Profile, My Blog, @iasanders.
November 12th, 2010 3:43am
Thank you everyone. These answers are all very helpful, but to some extent don't address the problem. The problem is that my users don't like to enter id and password when accessing a file on the portal when using Outlook or Word or Excel or Windows Explorer. As far as I can tell SSO on MOSS 2007 or the Secure Service Store on SharePoint Server 2010 aren't designed for this feature. Also, Secure Service Store seems overly complex and expensive to implement for our small user base. The settings for IE security, trusted sites etc., do seem to ease access from Internet Explorer, but don't seem to affect other Office programs. Setting "Trusted Locations" in Word etc, doesn't seem to have an effect either. To be more accurate, once a file has been opened in Word, Excel, etc., the connection doesn't seem to need fresh credentials for a while, though ultimately the user needs to reenter again. (I am not concerned about non-Microsoft applications, only Microsoft ones. Specifically Office 2007 or Office 2010.) Is this the usual behavior, being asked for credentials nearly every time a file is accessed? Or, is there a way to eliminate this annoying "feature".
December 14th, 2010 6:49pm