Solved

Prevent autologin in SharePoint site

Posted on 2010-11-22
9
1,016 Views
Last Modified: 2012-05-10
Hi Everyone,

Currently when accessing the SharePoint 2010 site, the user is automatically logged in according to their Windows domain principal (e.g. DOMAIN\user1).

Is there a way to disable this automatic log-in? e.g. disable the Integrated Windows Authentication (NTLM?) from the SharePoint configuration?

The reason why we want to do this is to mimic the situation where the site is viewed by a user over the Internet. i.e. the user *is not* logged into a Windows domain.

We also want to be able to log-in as different users in order to test the site, including *not* logging in to simulate viewing the "public" site.

Thanks.

0
Comment
Question by:jjoz
  • 5
  • 3
9 Comments
 
LVL 3

Expert Comment

by:Nomoho
ID: 34195682
Hi Jioz,

You must deactivate NTLM in IIS for sharepoint site (sharepoint - 80 for example):
Start menu > run > inetmgr > ok
In the folder Web Sites, right click the IIS web site of your sharepoint application > properties > tab directory security > click on edit authentication and access control > uncheck Integrated Windows Authentication > check another one,

for example digest or basic (caution with this one, you must use an SSL certification on your IIS web site because the password is sent in clear text).
0
 
LVL 1

Author Comment

by:jjoz
ID: 34196016
oh, sounds like this is a security issue if the password is sent as text over the network when I disable the NTLM authentication.
0
 
LVL 38

Accepted Solution

by:
Justin Smith earned 500 total points
ID: 34196019
Stop!

This is controlled through IE settings.  Just place your SharePoint url in the "internet zone".
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 1

Author Comment

by:jjoz
ID: 34196037
ah... so this can be automated from the Active Directory using Group Policy object ?
I was thinking if there is server setting that can be disabled from the CA site.
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 34196041
Yes it can be controlled through GP.   I suggest testing first, obviously.
0
 
LVL 1

Author Comment

by:jjoz
ID: 34214781
ok, thanks for the info, how about using this AAM configuration ? is it the same effect ?
AAM.jpg
0
 
LVL 38

Assisted Solution

by:Justin Smith
Justin Smith earned 500 total points
ID: 34217632
Again, auto-logon is an IE setting.  Not a SharePoint setting.  AAM Zones have nothing to do with it.
0
 
LVL 1

Author Comment

by:jjoz
ID: 34218120
ah ok, so the above setting is useless ?
0
 
LVL 1

Author Closing Comment

by:jjoz
ID: 34273201
thanks man !
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
In case you ever have to remove a faulty web part from a page , add the following to the end of the page url ?contents=1
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question