|
Posted by Roger Abell [MVP] on February 20, 2007, 8:21 pm
Please log in for more thread options I would suggest that you post to one of the Sharepoint newsgroups
as the granting of access to all sites on the Sharepoint server at the
site admin level must be due to some misconfig of the Sharepoint
roles. Just how that plays out with an account getting that level of
access when authentication is behind the scene with integrated
authentication, but is not the access level obtained when credentials
must be explicitly provided upon prompt is, frankly, rather hard to
fathom, at least assuming the same account is what ends up being
authenticated in both cases.
In the meantime you might consider using the IE adm template
settings via GPO to force the Internet options config on systems.
Roger
> Roger,
>
> Sorry I didn't answer your other points,
>
>> So, if a machine local account logs into an x64 XP it gets prompted
>> when attempting access to any of those Sharepoint webs, but if ANY
>> domain account logs in then it can access ANY of the Sharepoint webs
>> even though some of them are restricted so they should not allow that
>> domain account. Correct summary?
>
>>> Yes this is correct, however without changing the settings that I
>>> discribed in my first reply, they don't get prompted, they have full
>>> access and that is not a good thing at all. All they have to do is be a
>>> member of the Domain within where the Sharepoint sites reside and they
>>> get access, period, to both Top level portals and sub sites they are not
>>> setup in.<<
>
> To prevent those who will never have a need to access these site I have
> gone
> one step further, I have placed the Sharepoint URLS within a Restricted
> Zone,
> and have set the User Authenication/Logon to "Anonymous logon". This
> thoughs
> then into a You are not authorized page since the SS portals deny this
> type
> of logon.
>
>
> "Roger Abell [MVP]" wrote:
>
>> >I have a mixed environment with x86 and x64 XP systems. All have the
>> >updates
>> > required and most access Sharepoint 2003 portals. Anonymous Access is
>> > not
>> > allowed, Windows Authentication is required, however have found that
>> > none
>> > of
>> > the x64 clients are prompted for user credentials (DOMAIN\username and
>> > password) while all x86 clients are. All are required to login to the
>> > domain
>> > to gain access, but after that the x64 clients do not need to
>> > re-validate
>> > to
>> > gain access to the Sharepoint sites, even if they are not setup as
>> > vaild
>> > users to those sites.
>> >
>> > Any and all ideas as to how to prevent this would be very very much
>> > appreciated.
>> >
>>
>> Well, I thought I had a likely cause, until I got to your statement
>> > even if they are not setup as vaild users to those sites
>> I was thinking to explain this by differences in the Internet options
>> security settings and/or zone recognition differences between the
>> machines, specifically as those impact whether Windows authentication
>> is allowed in the IE settings.
>>
>> So, if a machine local account logs into an x64 XP it gets prompted
>> when attempting access to any of those Sharepoint webs, but if ANY
>> domain account logs in then it can access ANY of the Sharepoint webs
>> even though some of them are restricted so they should not allow that
>> domain account. Correct summary?
>>
>> If only specific domain accounts show this, while logged in as one,
>> have you checked for cached network credentials ? in the properties
>> of the account in control panel ?
>>
>> Roger
>>
>>
>>
| 
XML Sitemap