?
Solved

Prevent autologin in SharePoint site

Posted on 2010-11-22
9
Medium Priority
?
1,019 Views
Last Modified: 2012-05-10
Hi Everyone,

Currently when accessing the SharePoint 2010 site, the user is automatically logged in according to their Windows domain principal (e.g. DOMAIN\user1).

Is there a way to disable this automatic log-in? e.g. disable the Integrated Windows Authentication (NTLM?) from the SharePoint configuration?

The reason why we want to do this is to mimic the situation where the site is viewed by a user over the Internet. i.e. the user *is not* logged into a Windows domain.

We also want to be able to log-in as different users in order to test the site, including *not* logging in to simulate viewing the "public" site.

Thanks.

0
Comment
Question by:jjoz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 3

Expert Comment

by:Nomoho
ID: 34195682
Hi Jioz,

You must deactivate NTLM in IIS for sharepoint site (sharepoint - 80 for example):
Start menu > run > inetmgr > ok
In the folder Web Sites, right click the IIS web site of your sharepoint application > properties > tab directory security > click on edit authentication and access control > uncheck Integrated Windows Authentication > check another one,

for example digest or basic (caution with this one, you must use an SSL certification on your IIS web site because the password is sent in clear text).
0
 
LVL 1

Author Comment

by:jjoz
ID: 34196016
oh, sounds like this is a security issue if the password is sent as text over the network when I disable the NTLM authentication.
0
 
LVL 38

Accepted Solution

by:
Justin Smith earned 2000 total points
ID: 34196019
Stop!

This is controlled through IE settings.  Just place your SharePoint url in the "internet zone".
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 1

Author Comment

by:jjoz
ID: 34196037
ah... so this can be automated from the Active Directory using Group Policy object ?
I was thinking if there is server setting that can be disabled from the CA site.
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 34196041
Yes it can be controlled through GP.   I suggest testing first, obviously.
0
 
LVL 1

Author Comment

by:jjoz
ID: 34214781
ok, thanks for the info, how about using this AAM configuration ? is it the same effect ?
AAM.jpg
0
 
LVL 38

Assisted Solution

by:Justin Smith
Justin Smith earned 2000 total points
ID: 34217632
Again, auto-logon is an IE setting.  Not a SharePoint setting.  AAM Zones have nothing to do with it.
0
 
LVL 1

Author Comment

by:jjoz
ID: 34218120
ah ok, so the above setting is useless ?
0
 
LVL 1

Author Closing Comment

by:jjoz
ID: 34273201
thanks man !
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question