RE: Save IE password thorugh group policy

Hi Komandur,

Thank you for your post!

From your post, my understanding of this issue is: You want to use the
group policy save account¡¯s username and password. If I have misunderstood
your concerns, please feel free to let me know.

Based on my experience, the group policy can not save username and
password. You can configure IIS to Anonymous access or Digest
authentication for Windows domain servers before user permitted access to a
Web site.

Therefore, please refer to the following methods to see if this issue can
be resolved.

* Method 1: Configure Authentication in IIS (Anonymous access)
=======================
1. Start IIS Manager or open the IIS snap-in.
2. Expand Server_name, where Server_name is the name of the server, and
then expand Web Sites.
3. In the console tree, right-click the Web site, virtual directory, or
file for which you want to configure authentication, and then click
Properties.
4. Click the Directory Security or File Security tab (as appropriate), and
then under Anonymous and access control, click Edit.
5. Click to select the check box ¡°Anonymous access¡±, and then click OK.

Anonymous access: When anonymous access is turned on, no authenticated user
credentials are required to access the site. This option is best used when
you want to grant public access to information that requires no security.
When a user tries to connect to your Web site, IIS assigns the connection
to the IUSER_ComputerName account, where ComputerName is the name of the
server on which IIS is running. By default, the IUSER_ComputerName account
is a member of the Guests group. This group has security restrictions,
imposed by NTFS file system permissions, that designate the level of access
and the type of content that is available to public users. To edit the
Windows account used for anonymous access, click Browse in the Anonymous
access box.

IMPORTANT: If you turn on anonymous access, IIS always tries to
authenticate users by using anonymous authentication first, even if you
turn on additional authentication methods.

* Method 2: Configure Authentication in IIS (Digest authentication for
Windows domain servers)
======================
1. Start IIS Manager or open the IIS snap-in.
2. Expand Server_name, where Server_name is the name of the server, and
then expand Web Sites.
3. In the console tree, right-click the Web site, virtual directory, or
file for which you want to configure authentication, and then click
Properties.
4. Click the Directory Security or File Security tab (as appropriate), and
then under Anonymous and access control, click Edit.
5. Click to select the check box ¡°Digest authentication for Windows domain
servers¡±, and then click OK.

Digest authentication for Windows domain servers: Digest authentication
requires a user ID and password, provides a medium level of security, and
may be used when you want to grant access to secure information from public
networks. This method offers the same functionality as basic
authentication. However, this method transmits user credentials across the
network as an MD5 hash, or message digest, in which the original user name
and password cannot be deciphered from the hash. To use this method,
clients must use Microsoft Internet Explorer 5.0 or later, and the Web
clients and Web servers must be members of, or be trusted by, the same
domain.

If you turn on digest authentication, type the realm name in the Realm box.

For more information, please refer to the following KB article:

324274 How To Configure IIS Web Site Authentication in Windows Server 2003
http://support.microsoft.com/kb/324274/en-us

Please try my methods and update me with the results. If something is
unclear, please feel free to let me know.

Sincerely,
Tom Zhang, MCSE 2003
Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

.

Relevant Pages

  • RE: SBS 2003 Activesync Problem-getting 0x85010004 error on the PD
    ... Please open IIS manager console, navigate to Web Sites->Default Web Site ... Click Directory Security tap, Under Authentication and access control, ... When opening a new thread via the web interface, we recommend you check the ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS 2003 Activesync Problem-getting 0x85010004 error on the PDA
    ... when access Activesync on PDA. ... Please open IIS manager console, navigate to Web Sites->Default Web Site ... Click Directory Security tap, Under Authentication and access control, ...
    (microsoft.public.windows.server.sbs)
  • Re: Can login domain be set to a default?
    ... > site as known by the browsing public, then this has no impact on the> need for specifying a login domain. ... > They need to say domain\user because the IIS is on a member and> you are having them use domain accounts instead of machine local> accounts of the IIS box. ... If you drop the Windows integrated and go to clear> text authentication then you can still use domain accounts and you> can specify a default login domain. ... >> When users access a secured web site I manage the normal Windows login>> dialog appears requiring the username and password. ...
    (microsoft.public.windows.server.security)
  • RE: LOGON_USER through https tunnel
    ... Have you disabled anonymous access? ... Go to IIS Manager, right click on the site and go to Directory Security. ... Click the Edit button in Authentication and access control, ... Subject: LOGON_USER through https tunnel ...
    (Security-Basics)
  • Re: adding a new site results in iis error 401.1
    ... it means that the username/password you configured in IIS for the ... The reason you can get a 401.1 for anonymous access is this -- when you ... In general, the other authentication methods are pretty fast, unless your ...
    (microsoft.public.inetserver.iis)