Sharepoint 07 site constant prompt for passwords

Posted on 2010-01-12
Medium Priority
Last Modified: 2012-05-08
I have read a few articles on how to suppress constant password prompts when dealing with Sharepoint 07.  Here's our situation.

We have a Sharepoint 07 site assigned to us by a separate IT dept.  We have control over it's content and structure, but we do have access to the IIS box on which the Sharepoint site is housed.  We have our users remote into an application server running Windows Server 2008.  When there, a script automatically directs them to our Sharepoint site where they can work.  We do this because the App server has the right version of Word (Word 2007) we want all users to use when modifying docs in doc libraries.  However, we are seeing the "excessive" password prompt issue as described in many articles on the Internet.  I have made sure that the site is part of the user's trusted sites (did this through GPO and even on user profiles themselves).  Also made sure the "Automatic Logon with Current User name and Password" option is checked under the trusted site settings.  

Still, we get a windows password prompt (need to provide domain\username and password) for the initial arrival at the site, and once you click on any of the docs in a document library.  There is no security certificate associated with the site (just an FYI).  Seems the issue I'm posting this to is related, but I don't have a problem with users not being able to see specific images on the site, it's password prompting issues.  Think I've tried all available options.  Anyone have any other ideas?  Thanks!
Question by:pableIT
  • 4
  • 2

Author Comment

ID: 26297565
Meant to say that we do NOT have access to the IIS box on which the Sharepoint 07 site is housed.  Slip of the keyboard fingers there.
LVL 83

Expert Comment

ID: 26297634
Hello pableIT,

Add to "Intranet Site" not "trusted site"


Author Comment

ID: 26297965
Thanks for the idea leak, but I tried that too.  It does not work to get rid of the doc library password prompt.  Both Trusted Sites and Local Intranet (you can only have the site in one zone at a time of course) seem to do nothing to carry through the authentication.  In either zone, I have it checked to "Automatic Logon with Current User name and Password".  Thinking this is something more to do with Windows 2008 Server and the RDP session.  If you manually RDP to the server and go to the Sharepoint site, you get the same behavior with re-entry of credentials, so seems unlikely that RDP would be the culprit, but I'm thinking out loud.  You may be able to replicate this behavior (if you have a Sharepoint Site), by doing an RDP session to a workstation (or a Win 2008 server), and then seeing if you get the prompts.  I have noticed that RDP to a workstation to see the site, DOES carry the credentials in most cases (a few times it did not, but perhaps zone settings were not right).  Makes me think once again it has something to do with WIndows Server 2008 (does NOT have SR2 btw).  If you have any other ideas, I'd appreciate hearing them.  Thanks!
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Accepted Solution

amolghanwat earned 1000 total points
ID: 26299172
So, are we saying that this password prompts are not there when we try to open the site from the WinXP or 2003 machine? And this only occurs when users log in to Win2008 Server?
If yes, then most probably this looks like an IE8 issue and not WIndows2008 issue.

IE7 and IE* have been redesigned with respect to security. The zones matter a lot and so do the credentials.
Whenever the site is in internet or unknown zone, IE7 and 8 uses protected cache mode to save the credentials. This is not shared with any other application due to security issues. Thus, it is expected that Office client will ask for another authentication as office also needs to authenticate the user with IIS.

The credentials will be gone, only if the office cleints are able to access the credentials from IE.

Check the following articles:




Author Comment

ID: 26307012
Wow, thanks for all the info there amolghanwat.  Great stuff!  To clarify, you are correct with my situation.  If you log into a Windows XP (the only version of Windows we have on the workstations currently) client around here and go the Sharepoint site, you are not prompted for the user logon info when you open a doc library document.  However, when logged onto the Windows 2008 server, you will consistently get prompted for password info when you click on a doc in a doc libarary.  
I looked at all the links you have above, and the first one really struck me as similar to my situation.  


Neil van Wyngaard had a Vista issue like this, and since Windows 2008 is more similar to Vista than to XP, the situation seemed to fit.  I ended up doing almost exactly what he did in his article, but I started to slim it down a bit more.  I found I did not need to configure the connection settings in IE (they did nothing).  I made sure the Sharepoint site was in the Local Intranet zone in IE too.  In reviewing those IE zones, I noticed that the site was in the trusted sites as well as the local intranet sites.  This is probably due to a GPO that was in effect which also tryed to set IE with this site in it's trusted sites.  Doing that and allowing the user to modify their sites seems to have confused IE a bit there.  But, checked everything out twice, and now the Sharepoint site is ONLY in the Local Intranet site list.  The kicker was disabling the "Web Client" service in Windows 2008.  That seems to have taken the extra password prompt out!  Yeah!  So, here are all the settings I'm currently using:

1.  Stopped "Web Client" in services (like the author of the link article, I'm just waiting to see what ill effects this might have on other things...so far so good though).
2.  Set the Sharepoint site in the Local Intranet zone
3.  Set Local Intranet zone behavior to "Automatically detect intranet network"
4.  Under the security settings for the local intranet zone, I checked off "Automatic logon with current user name and password"
5.  "Enable Protected Mode" is also checked for the Local Intranet zone (there by default).

I did not install the software update for web folders as Neil van Wyngaard explains.  Thought that was situated too much for Vista.  Not sure exactly what it may or may not do either (didn't get to read up on it), but perhaps it would be good to install.  If you have thoughts on that let me know.

At any rate, thanks for the help.  I'll give you the credit for the answer.  Thanks for researching all of that.  I was going nuts looking myself!

Author Closing Comment

ID: 31676355
Followed first link in post.  Not precisely my issue, but the closest by far over all other materials I've seen on the Net.  Good find!

Expert Comment

ID: 26327153
Good thought about looking into the webclient service.
That service is used by the Office clients to access the documents through the URI. When we disable that service, office clients might not be able to perform all the tasks.

Service - WebClient
Description of Service - Enables Windows-based programs to create, access, and modigy Internet-based files.

When we disable the webclient service, WebDav goes out of the picture which is used to access files using protected modes..
I am thinking that when we have the WebClient Service enabled, Office client apps will create another thread and try to access the URI using Windows Webclient network (WebDav). A WebClient instance does not send optional HTTP headers by default. The WebClient service provides WebDAV                          (Web Distributed Authoring and Versioning) integration in the                          Explorer shell. It makes it possible to use "web folders" and to                          browse the file systems of web servers (not unlike FTP, but                          better -- adds secure password authentication and file locking)                          within an Explorer window. WebDAV is an extension of the                          HTTP/1.1 protocol.

From my experience, i have not seen any major side-effects on the SharePoint interopability when we disable the webclient service. Although, you might need to check if you are able to do common tasks, such as check out, check in, edit the document and save it back, etc..... If everything works fine, we can have the webclient service disabled and the client apps will continue to use other protocol to access the resources.

Found this which states that with WinXP SP3, it is good idea to have webclient disabled.

I believe, Office has its own WebDav functionality to connect to documents over an URI. And you mentioned that the updates were not installed. But I would recommend you to go ahead with the updates as it has some security enhancements.

Good to see that everything is working as expected in your SharePoint environment.

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question