Hi,
Thank you for using
Microsoft Office for IT Professionals Forums.
In most Intranet instances, this issue is most easily addressed by configuring the server to use Integrated Windows Authentication and then configuring
the client to enable automatic logon. The user name and the password of the currently logged-on Windows user is then automatically sent to the server when authentication is requested without prompting the user.
To enable integrated Windows authentication
- Log on to the Web server by using an administrator account.
- Click
Start and then click Control Panel.
- In
Control Panel, double-click Administrative Tools.
- Double-click
Internet Information Services.
- Click the Web server node.
A
Web Sites folder opens underneath the server name.
- You can configure authentication for all Web sites or for individual Web sites. To configure authentication for all Web sites, right-click the
Web Sites folder and then click Properties. To configure authentication for an individual Web site, open the
Web Sites folder, right-click the individual Web site, and then click
Properties.
The
Properties dialog box is displayed.
- Click the
Directory Security tab.
- In the
Anonymous access and authentication control section, click
Edit.
The
Authentication Methods dialog box is displayed.
- Under
Authenticated access, select Integrated Windows authentication.
- Click
OK to close the Authentication Methods dialog box.
- Click
OK to close the Properties dialog box.
- Close the
Internet Information Services window.
To enable integrated Windows authentication in Windows Vista/IIS 7
- Log on to the Web server by using an administrator account.
- Turn on Windows Authentication and II6 Management Compatibility, if you have not previously done this, by following these steps:
- Click
Start, click Control Panel and then click
Programs.
- Under
Programs and Features, click Turn Windows features on or off.
The User Access Control dialog box appears and prompts you for permission to continue.
-
- Click
Continue.
The Windows Features dialog box appears.
-
- In the feature list, expand the
Internet Information Services node.
-
- Under
Internet Information Services, expand the World Wide Web Services node.
- Under
World Wide Web Services, click Security.
- Click
Windows Authentication.
- Under
Internet Information Services, expand the Web Management Tools node.
- Under
Web Management Tools, expand the IIS 6 Management Compatibility node, and select the
IIS 6 Metabase and IIS 6 Configuration Compatibility check box.
- Under
Web Management Tools, select IIS Management Console and Click
OK.
- Restart the computer for these changes to take effect.
- Click
Start and then, click Control Panel.
- Click
Classic View, and then double-click Administrative Tools.
- In the
Name column and double-click Internet Information Services (IIS) Manager.
- In the
Connections column, expand the node for your server.
A
Web Sites folder opens underneath the server name.
- Expand the
Web Sites node and click the Web site for which you want to enable integrated Windows authentication.
- The title of the center pane changes to the name of the Web site that you selected. In this pane, under the
IIS heading, double-click Authentication.
The title of the pane changes to
Authentication.
- In the
Authentication pane, in the Name column, right-click
Windows Authentication and then click Enable.
- Close the
Internet Information Services (IIS) Manager window.
To enable Internet Explorer to allow automatic logon, the option must be enabled for the zone where the site is. The Local Intranet zone has a default
configuration of automatic logon with the current user name and password. The Local Intranet zone is defined as all network connections that were established by using a Universal Naming Convention (UNC) path and websites that bypass the proxy server or that
have names that do not include periods (such as http://local), as long as they are not assigned to either the Restricted
Sites or to the Trusted Sites zone. The Trusted zone has a default configuration of automatic logon only in the Intranet zone.
When you open Microsoft Office documents by using Microsoft Office on Windows Vista or on a later version of Windows, the application tries to establish
a Web-based Distributed Authoring and Versioning (WebDAV) connection to the web server through the Web Client service. Starting with Windows Vista, the Web Client service uses the WinHTTP network protocol and does not use the zone manager. The logged-on user
credentials are automatically passed only if one of the following criteria is met:
- The site is a NetBIOS name (it has no "dots" in the URL).
- A proxy is detected, and the site URL matches the proxy bypass criteria.
- The site is a fully qualified domain name (FQDN), the webclnt.dll version is greater than or equal to 6.0.6000.20729, and the site URL matches the criteria
that are specified in the Web Client service parameter registry value AuthForwardServerList. (See Knowledge Base article
943280 for more information.)
If your Windows logon credentials match those that are needed by the site, Integrated Windows Authentication should allow the client to be configured to
automatically log on by using the Windows user name and password. Please be aware that using Integrated Windows Authentication over an Internet-facing connection is not recommended or supported.
Keep in mind that if the credentials of the currently logged-on user are not what is needed to access the document (such as when the server and the workstation
are not in trusted domains), the user is prompted to enter credentials. The general guideline is that if you must provide credentials to access a site, you typically must provide credentials to open a document.
Please take your time to try the suggestions and let me know the results at your earliest convenience. If anything is unclear or if there is anything
I can do for you, please feel free to let me know.
Sincerely
Rex Zhang