|
I also have some probably
not applicable information to add. J Actually, I consider it discussion enrichment. Anyways, I’ve
seen strange things related to authentication, DEP, and other security
enhancements. They are different and possibly unrelated, but they seem very
close in the family of problems and exhibit similar or exact symptoms. We’ve
experienced some similar things as well Al. DEP was impacting the way that the
OS interacted with a couple of Apps that were accessed via FQDN paths. A protection
prompt would kick in until we disabled DEP (for certain clients) as you described.
Interestingly enough, that did not
work for both apps. It turned out that Windows/Internet Explorer security was
kicking in. Adding the UNC path of the share hosted on the server to the Trusted
Sites in IE removed the security prompt. It appears that IE security settings treated
FQDN paths with further restrictions that caused DEP to kick in. Somewhat
similar, I just recently found out why it was that certain sites accessed
through IE have been prompting users for passwords. Though IIS was set for
integrated authentication and the users certainly had rights to the intranet
sites, authentication prompts were still occurring. It turns out that if a FQDN
was used to access the site, credential were not being passed and the site was
being treated as external to the domain. If just the hostname was used, no
prompt would occur and successful authentication would automatically occur. The
site was treated as an intranet site within IE. http://www.windowsitpro.com/Web/Article/ArticleID/22279/22279.html Though this article limits this issue to specific
version of IE and IIS, I find it applicable to other versions that I’ve
test with as high as IIS6.0 and IE7.0 Beta. Though all of these things may be
unrelated, the relationship between IE, Windows Explorer, FQDN paths, & Adrião’s final resolution makes me think that
there is connection between all of these things at some level. Maybe it’s
just the axiom that more security = less usability. J Ushruf From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Garrett Probably not applicable to this subject
but I had a problem with SP1 when it added in Data Execution Prevention. A new tab labeled Data Execution
Prevention is present under System Properties – Advanced –
Performance Settings that tells the O/S not to run certain potentially harmful
programs and scripts. I have to support a java-based application and it was
driving us nuts until we adjusted DEP for Windows apps only. Keep another SP1 item to keep an eye
on...... -----Original Message----- I
have been bitten by it with databases, but my understanding is that it is
relevant to any authentication attempt that tries to access a resource that
does not have a registered SPN. http://support.microsoft.com/?id=887993
Now that
I think about it, the right way would probably be to make sure the required SPN
is registered for the server in question. The KB above can help determining
whether it is an SPN issue. If it is, after registering the SPN, the
DisableLoopbackCheck reg value can be set back to 0 or deleted. Guy From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Abouelnasr, Jerry Is it your experience
that this applies to UNC file paths as well? From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Teverovsky Another
thing that is worth mentioning is the loopback check that has been enforced
since W2K3 SP1. Try
disabling the loopback check or specifying additional FQDNs using one of the
methods in the following KB: http://support.microsoft.com/?kbid=896861 Guy From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] |
- RE: [ActiveDir] Windows 2003 sp1 DNS problem adriaoramos
- RE: [ActiveDir] Windows 2003 sp1 DNS problem Al Garrett
- RE: [ActiveDir] Windows 2003 sp1 DNS problem Justin_Leney
- RE: [ActiveDir] Windows 2003 sp1 DNS problem Abouelnasr, Jerry
