"Nick Miron" <nicolas.miron@cgi.com> wrote in message
news:6a4c3d36.0405281023.33d53f74@posting.google.com...
> I've got a problem that hopefully someone can help with...
>
> I have a website on "DomainA" (IIS Win2000 server) setup with Windows
> Integrated Authentication. If I'm logged on DomainA on a workstation,
> and try to access the website using IE, everything goes thru normally
> (expected behavior).
>
> If I'm logged on locally on a workstation and try to access same
> website, I get prompted. Which is again expected...Now, with my own
> workstation (WinXP, IE6 SP2), I have the prompt with only 2 prompts -
> Username & Password. So, I enter the "DomainA\myUsername" and my
> password, and it goes thru fine.
>
> I used to get prompted everytime when logged on locally, even if I
> checked the "Save my password" checkbox. Then I found the settings in
> Internet Options / Security Tab - Custom Level button in the "Security
> Level for this Zone" section.
>
> At the bottom, in the "Logon" section, if I change the default
> selection of "Automatic logon only in Intranet" to "Automatic logon
> with current username & password" - I do not get prompted anymore, and
> the saved password is passed to IIS and I get access to the site (even
> though I'm not logged in the DomainA).
>
> Everything is fine so far - but then I have this other group of
> clients, who typically log on to DomainB, but have their a username in
> DomainA. They didn't want to get prompted everytime, so I told them
> to change the same "Logon" selection in IE, hoping that they'd end up
> with the same situation as I have.
>
> Thing is, they always get prompted. Their workstation is Win2000 SP3,
> w/IE6 SP1.
>
> First obvious difference is, they get the prompt with 3 values -
> Username, Password, and Domain. (Anyone has any idea why that is
> different than my plain Username/Password prompt?)
>
> More important though is, no matter what I try, I can't set their
> browser/workstation to not prompt. I would have thought that the same
> settings that decides if I get prompted or not on my own workstation,
> would do the same thing with theirs...but obviously not. They do
> select the "Save my password" checkbox - but all that does is
> pre-populate the password for them. While all they have left to do is
> press enter, it still is too much of an hassle (as the website is for
> a call center application - where every action by the Client Reps has
> to be kept to a minimum)...
>
> Any ideas?
>
> Thx

"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message news:<uc7kQvxREHA.1448@TK2MSFTNGP11.phx.gbl>...
> They are in a different domain, hence their machines likely
> have a different DNS FQDN, and so, their machines will have
> a different belief as to just what is "local intranet".
> Is the server identified on their machines as belonging to the
> zone where you configured their IE to attempt to use Windows
> integrated authentication ??
>
> --
> Roger Abell
> Microsoft MVP (Windows Server System: Security)