Good day! A Windows Security window started popping up in the desktop PC of our users yesterday. The specific message is "The server wpad.<localdomain> at wpad.<localdomain> requires a username and password. Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection)." It's irritating our users and they are asking if it's a security issue. We never enabled a WPAD in our network. What triggered it and how do we disable it?

This is probably because you are or were using ISA Server. The wpad server is (and I quote): "Wpad.dat and Wspad.dat files are obtained from a WPAD server. The WPAD server can be an ISA Server computer that is configured to listen for automatic discovery requests, and generates the Wpad.dat and Wspad.dat files dynamically. Alternatively, the WPAD server can be hosted on another computer such as a computer running Internet Information Services (IIS). Clients configured to automatically discover proxy settings get information about the location of the WPAD server from the WPAD entry obtained from a DHCP or DNS server. " What has triggered it and how to disable it depends on your scenario wrt ISA.

Thanks for the reply. We don't have an ISA Server. The only major change that we did recently in our network was to load-balance two Internet connections using our firewall appliance. We then changed the DNS setting of our desktop PCs to automatically obtain DNS server address. Is the Windows Security pop-up window problem a result of the changes we did? If yes, how do we properly configure the DNS setting of our desktop PCs?

Were your desktop PCs set to static IP addresses before this? This is what I read from your answer, just want to confirm. I think the answer is to stop clients automatically detecting proxy settings. You can see this setting in your Internet Options, on the Connections tab, click the LAN settings button, and see there is a setting "Automatically detect settings" option. It is this setting that causes the client to search for proxy settings from an ISA server, resulting in the dialog box you are getting. I cannot tell you exactly how to do it on your router, of course, but that is the setting to look for.

If previously you had static addresses and now DHCP, I think the clue is here: "Clients configured to automatically discover proxy settings get information about the location of the WPAD server from the WPAD entry obtained from a DHCP or DNS server. "

Thank you for the replies Bigteddy. Our deskto PCs were set to obtain IP addresses automatically, and the DNS settings were set to static. After implementing the load-balancing of two Internet connections, our users reported they could not access some websites. This prompted us to change the DNS setting of our desktop PCs to automatically obtain DNS server addresses. It was after this change that the Windows Security window started popping up. We changed the LAN settings of Internet Explorer by disabling automatic detection of settings. This prevented the Windows Security window from popping up. However, we want to know how it was triggered in the first place so a more permanent resolution can be put forward.

I am honestly not sure why this is happening. The only thing I can imagine is that somehow your router is giving out this setting (Automatically detect settings) in it's DHCP responses. To overcome this permanently, one way would be to apply a Group Policy. The setting you are looking for is: User Configuration/Windows Components/Internet Explorer Maintenance/Connection/Automatic Browser Configuration. Turn this off.

Here's the reason, Jay: http://perimetergrid.com/wp/2008/01/11/wpad-internet-explorers-worst-feature/ It's IE trying to ping for proxy settings. If your server has an HTTP password set up in .htaccess for all hits, like ours does, you'll get a HTTP password dialog even when there's no "wpad.yourdomain.com" set up at all.