laptop user working off-line accessing secured website

[Bonno Bloksma]

Hi,

User with laptop, laptop part of domain. User logs on with domain
credentials whether laptop is connected to the company network or not.
Windows set to provide log on credentials to "secure website(s)"

When connected to the company network the user can access a secured website
which requires to log on with domain credentials.
When not connected the user is denied access to the website.

If we set IE7 to ask for the credentials and enter correct domain\user with
the password everything works.

Is this a bug in Windows XP Pro SP2, is it a feature? ;-)
If it's a bug will it be fixed in SP3?

Bonno Bloksma

 

[Joe4500]

Hi,

User with laptop, laptop part of domain. User logs on with domain
credentials whether laptop is connected to the company network or not.
Windows set to provide log on credentials to "secure website(s)"

When connected to the company network the user can access a secured website
which requires to log on with domain credentials.
When not connected the user is denied access to the website.

If we set IE7 to ask for the credentials and enter correct domain\user with
the password everything works.

Is this a bug in Windows XP Pro SP2, is it a feature? ;-)
If it's a bug will it be fixed in SP3?

Bonno Bloksma

It is a feature of Windows Server which allows you to set a cached
number of domain logins. If this is set to anything higher than 0,
then it will allow users to logon without domain authentication. So,
a person may gain access to the computer, having never authenticated
with the domain, hence the problem you are experiencing with the
secured web site.

 

[Joe4500]

It is a feature of Windows Server which allows you to set a cached
number of domain logins.  If this is set to anything higher than 0,
then it will allow users to logon without domain authentication.  So,
a person may gain access to the computer, having never authenticated
with the domain, hence the problem you are experiencing with the
secured web site.- Hide quoted text -

- Show quoted text -

The default is 10.

 

[Bonno Bloksma]

Hi,

credentials whether laptop is connected to the company network or not.
Windows set to provide log on credentials to "secure website(s)"

When connected to the company network the user can access a secured
website
which requires to log on with domain credentials.
When not connected the user is denied access to the website.

If we set IE7 to ask for the credentials and enter correct domain\user
with
the password everything works.

Is this a bug in Windows XP Pro SP2, is it a feature? ;-)
If it's a bug will it be fixed in SP3?

It is a feature of Windows Server which allows you to set a cached
number of domain logins. If this is set to anything higher than 0,
then it will allow users to logon without domain authentication. So,
a person may gain access to the computer, having never authenticated
with the domain, hence the problem you are experiencing with the
secured web site.

If I understand your explanation correctly the laptop wil use the cached
credentials to let the user log on, but it will not provide those same
credentials to the IIS server.
So eventhough the laptop is allowing the user to logon with cached
credentials, I need to set this at the IIS server as well?
Any link to a relevant part of the IIS documentation or a link to a kb
article where I can read more about this?

Bonno

 

[Joe4500]

Hi,









If I understand your explanation correctly the laptop wil use the cached
credentials to let the user log on, but it will not provide those same
credentials to the IIS server.
So eventhough the laptop is allowing the user to logon with cached
credentials, I need to set this at the IIS server as well?
Any link to a relevant part of the IIS documentation or a link to a kb
article where I can read more about this?

Bonno- Hide quoted text -

- Show quoted text -

This is exactly correct. The credentials are not passed onto the IIS
server on purpose as a security measure. I don't think this
capability exists, but I am not 100% positive.