laptop user working off-line accessing secured website

Hi,

User with laptop, laptop part of domain. User logs on with domain
credentials whether laptop is connected to the company network or not.
Windows set to provide log on credentials to "secure website(s)"

When connected to the company network the user can access a secured website
which requires to log on with domain credentials.
When not connected the user is denied access to the website.

If we set IE7 to ask for the credentials and enter correct domain\user with
the password everything works.

Is this a bug in Windows XP Pro SP2, is it a feature? ;-)
If it's a bug will it be fixed in SP3?

Bonno Bloksma

Re: laptop user working off-line accessing secured website

On Jan 25, 10:46=A0am, "Bonno Bloksma" wrote:
> Hi,
>
> User with laptop, laptop part of domain. User logs on with domain
> credentials whether laptop is connected to the company network or not.
> Windows set to provide log on credentials to "secure website(s)"
>
> When connected to the company network the user can access a secured websit=
e
> which requires to log on with domain credentials.
> When not connected the user is denied access to the website.
>
> If we set IE7 to ask for the credentials and enter correct domain\user wit=
h
> the password everything works.
>
> Is this a bug in Windows XP Pro SP2, is it a feature? ;-)
> If it's a bug will it be fixed in SP3?
>
> Bonno Bloksma

It is a feature of Windows Server which allows you to set a cached
number of domain logins. If this is set to anything higher than 0,
then it will allow users to logon without domain authentication. So,
a person may gain access to the computer, having never authenticated
with the domain, hence the problem you are experiencing with the
secured web site.

Re: laptop user working off-line accessing secured website

On Jan 25, 11:18=A0am, Joe4500 wrote:
> On Jan 25, 10:46=A0am, "Bonno Bloksma" wrote:
>
>
>
>
>
> > Hi,
>
> > User with laptop, laptop part of domain. User logs on with domain
> > credentials whether laptop is connected to the company network or not.
> > Windows set to provide log on credentials to "secure website(s)"
>
> > When connected to the company network the user can access a secured webs=
ite
> > which requires to log on with domain credentials.
> > When not connected the user is denied access to the website.
>
> > If we set IE7 to ask for the credentials and enter correct domain\user w=
ith
> > the password everything works.
>
> > Is this a bug in Windows XP Pro SP2, is it a feature? ;-)
> > If it's a bug will it be fixed in SP3?
>
> > Bonno Bloksma
>
> It is a feature of Windows Server which allows you to set a cached
> number of domain logins. =A0If this is set to anything higher than 0,
> then it will allow users to logon without domain authentication. =A0So,
> a person may gain access to the computer, having never authenticated
> with the domain, hence the problem you are experiencing with the
> secured web site.- Hide quoted text -
>
> - Show quoted text -

The default is 10.

Re: laptop user working off-line accessing secured website

Hi,

> > User with laptop, laptop part of domain. User logs on with domain
> credentials whether laptop is connected to the company network or not.
> Windows set to provide log on credentials to "secure website(s)"
>
> When connected to the company network the user can access a secured
> website
> which requires to log on with domain credentials.
> When not connected the user is denied access to the website.
>
> If we set IE7 to ask for the credentials and enter correct domain\user
> with
> the password everything works.
>
> Is this a bug in Windows XP Pro SP2, is it a feature? ;-)
> If it's a bug will it be fixed in SP3?
>
> > Bonno Bloksma

> It is a feature of Windows Server which allows you to set a cached
> number of domain logins. If this is set to anything higher than 0,
> then it will allow users to logon without domain authentication. So,
> a person may gain access to the computer, having never authenticated
> with the domain, hence the problem you are experiencing with the
> secured web site.

If I understand your explanation correctly the laptop wil use the cached
credentials to let the user log on, but it will not provide those same
credentials to the IIS server.
So eventhough the laptop is allowing the user to logon with cached
credentials, I need to set this at the IIS server as well?
Any link to a relevant part of the IIS documentation or a link to a kb
article where I can read more about this?

Bonno

Re: laptop user working off-line accessing secured website

On Jan 28, 5:39=A0am, "Bonno Bloksma" wrote:
> Hi,
>
>
>
>
>
> > > User with laptop, laptop part of domain. User logs on with domain
> > credentials whether laptop is connected to the company network or not.
> > Windows set to provide log on credentials to "secure website(s)"
>
> > When connected to the company network the user can access a secured
> > website
> > which requires to log on with domain credentials.
> > When not connected the user is denied access to the website.
>
> > If we set IE7 to ask for the credentials and enter correct domain\user
> > with
> > the password everything works.
>
> > Is this a bug in Windows XP Pro SP2, is it a feature? ;-)
> > If it's a bug will it be fixed in SP3?
>
> > > Bonno Bloksma
> > It is a feature of Windows Server which allows you to set a cached
> > number of domain logins. =A0If this is set to anything higher than 0,
> > then it will allow users to logon without domain authentication. =A0So,
> > a person may gain access to the computer, having never authenticated
> > with the domain, hence the problem you are experiencing with the
> > secured web site.
>
> If I understand your explanation correctly the laptop wil use the cached
> credentials to let the user log on, but it will not provide those same
> credentials to the IIS server.
> So eventhough the laptop is allowing the user to logon with cached
> credentials, I need to set this at the IIS server as well?
> Any link to a relevant part of the IIS documentation or a link to a kb
> article where I can read more about this?
>
> Bonno- Hide quoted text -
>
> - Show quoted text -

This is exactly correct. The credentials are not passed onto the IIS
server on purpose as a security measure. I don't think this
capability exists, but I am not 100% positive.