’m still enjoying the experience as a new Windows 7 user. However, one of the problems I ran into recently was the repeated and constant prompting for username and password when accessing a document in my SharePoint repository. Actually, I was getting prompted twice despite the fact the SharePoint server is on my local network and in the same domain. Once for the initial SharePoint logon and the second when accessing office documents in a document repository. The first prompt was an easy fix and was due to the fact I access my SharePoint Site using its Fully Qualified Domain Name (FQDN) at sharepoint.company.com. As a result, IE believed the local SharePoint server to be on the Internet and thus considered in the Internet Zone.
To fix this:
1. Open IE, Select Tools –>Internet Options -> Security Tab and Select Sites
2. Ensure “Automatically detect intranet network” is checked and click Advanced
3. Add your SharePoint server’s fully qualified domain name. In my case, I chose to use an asterisk as a wildcard (*.companyname.com) to represents all hosts in my local intranet.
WARNING: Be very careful when using a wildcard on this setting to ensure your credentials are only used to connect to trusted servers on your “internal” network and not on the Internet. As an example, you would never want to use *companyname.com which can be easily spoofed and lead to passing internal domain credentials to a non-trusted external system.
4. In addition, when back on the Security tab, Click Custom Level and scroll down to the bottom of the Local Intranet Zone settings and ensure “Automatic logon only in Intranet zone” is checked.
5. Close and re-open your browser. You should no longer be prompted when accessing your local domain’s SharePoint server.
Well, that took care of issue number one but I was still getting prompted when opening an Office 2007 document from a SharePoint Document Repository. However, once the credentials are entered, the prompt goes away… for a while. Actually, I believe the credentials are simply not cached between logons and return when I access the document repository following logons or reboots. Anyway, this turned out to be due to the fact Microsoft changed the way online documents are accessed via Web Distributed Authoring and Versioning (WebDav). According to KB 943280, a windows Vista Client will be prompted for a username and password under the following conditions:
- A proxy server is not configured in Internet Explorer
- WebDav is used to access a fully qualified domain name site
Well, I can tell you that I did not have a proxy server configured and my SharePoint document repository was certainly a WebDav site accessed via FQDN
Although the KB article is meant for Vista, Windows 7 is essentially Vista version 2 so I figured it would hold the key. However, the hotfix listed in the article would not be applicable as it was included way back with Vista SP1 anyway and Windows 7 was bound to include that functionality.
Anyway, the fix for this is as follows:
1. Open Registry Editor to: HKLMSYSTEMCurrentControlSetServicesWebClientParameters
2. Add a new key using Multi-String Value
3. Enter AuthForwardServerList for the new key name
4. Edit the new key and enter the FQDN of the SharePoint or WebDav Server.
(In my case, I used *.companyname.com again. )
5. Close Registry editor, go to services in Computer Management and restart the WebClient service.
Alternatively, you can simply open a command prompt with elevated permissions and enter the following line (edited with your server info of course):
reg add HKLMSYSTEMCurrentControlSetServicesWebClientParameters /v AuthForwardServerList /t REG_MULTI_SZ /d *.companyname.com
You can restart WebClient in the same command prompt, type: Net Stop WebClient && Net Start WebClient
That’s it, seamless passthrough authentication to SharePoint!