Solved

Prevent autologin in SharePoint site

Posted on 2010-11-22
9
1,013 Views
Last Modified: 2012-05-10
Hi Everyone,

Currently when accessing the SharePoint 2010 site, the user is automatically logged in according to their Windows domain principal (e.g. DOMAIN\user1).

Is there a way to disable this automatic log-in? e.g. disable the Integrated Windows Authentication (NTLM?) from the SharePoint configuration?

The reason why we want to do this is to mimic the situation where the site is viewed by a user over the Internet. i.e. the user *is not* logged into a Windows domain.

We also want to be able to log-in as different users in order to test the site, including *not* logging in to simulate viewing the "public" site.

Thanks.

0
Comment
Question by:jjoz
  • 5
  • 3
9 Comments
 
LVL 3

Expert Comment

by:Nomoho
ID: 34195682
Hi Jioz,

You must deactivate NTLM in IIS for sharepoint site (sharepoint - 80 for example):
Start menu > run > inetmgr > ok
In the folder Web Sites, right click the IIS web site of your sharepoint application > properties > tab directory security > click on edit authentication and access control > uncheck Integrated Windows Authentication > check another one,

for example digest or basic (caution with this one, you must use an SSL certification on your IIS web site because the password is sent in clear text).
0
 
LVL 1

Author Comment

by:jjoz
ID: 34196016
oh, sounds like this is a security issue if the password is sent as text over the network when I disable the NTLM authentication.
0
 
LVL 38

Accepted Solution

by:
Justin Smith earned 500 total points
ID: 34196019
Stop!

This is controlled through IE settings.  Just place your SharePoint url in the "internet zone".
0
 
LVL 1

Author Comment

by:jjoz
ID: 34196037
ah... so this can be automated from the Active Directory using Group Policy object ?
I was thinking if there is server setting that can be disabled from the CA site.
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 34196041
Yes it can be controlled through GP.   I suggest testing first, obviously.
0
 
LVL 1

Author Comment

by:jjoz
ID: 34214781
ok, thanks for the info, how about using this AAM configuration ? is it the same effect ?
AAM.jpg
0
 
LVL 38

Assisted Solution

by:Justin Smith
Justin Smith earned 500 total points
ID: 34217632
Again, auto-logon is an IE setting.  Not a SharePoint setting.  AAM Zones have nothing to do with it.
0
 
LVL 1

Author Comment

by:jjoz
ID: 34218120
ah ok, so the above setting is useless ?
0
 
LVL 1

Author Closing Comment

by:jjoz
ID: 34273201
thanks man !
0

Join & Write a Comment

Suggested Solutions

The vision: A MegaMenu for a SharePoint portal home page The mission: Make it easy to maintain. Allow rich content and sub headers as well as standard links. Factor in frequent changes without involving developers or a lengthy Dev/Test/Prod rel…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now