Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

WSS Security

  Asked By: Stephanie    Date: Jan 05    Category: Sharepoint    Views: 760

There have been two threads similar to my problem, but no one offered a

I have a WSS site up and running, IIS on one server, SQL Server on
another, inside the same domain.

When the admin account (member of the Domain Admin Group) logs onto the
site and accesses a office document, they get the NT log on, despite IE
being configured to automatically logon with username and password.

Additionally, when the admin adds a user, that user is added to the
site collection (This is confirmed, because they show up in the manage
users list with the right site group), but when the user enters the
site, they are prompted for the authentication 3 times and then refused
access, despite providing the right username and password.



11 Answers Found

Answer #1    Answered By: Gopal Jamakhandi     Answered On: Jan 05

My guess is that if the log  in box pops up 3 times  and you can hit
ok or cancel to bypass it, it is probably a picture or dataview
webpart that is from another area/site. I have seen this when users
link to a picture on a different WSS Site. If you look at the bottom
left hand corner of your browser you should see an error and
possibly the name of the file that it can't display. Let me know if
this helps.

Answer #2    Answered By: Dameon Dejesus     Answered On: Jan 05

The site  collection was just created, there weren't any custom web
parts, pictures, dataviews or documents in the site yet. It also
doesn't answer why the admin  can't open documents without being
hassled by the nt login

My sense is that the problem  is between IIS and SQL Server, because
I get the Error 401 401.1 Unauthorized: Logon Failed, despite the
fact that they are listed as a member  of the users list, but not a
member of SQL Server security. When I access the site as an admin,
who is also a member of the SQL Server admin group, i can access the

Answer #3    Answered By: Tejaswani Barve     Answered On: Jan 05

Try adding the server  to Trusted sites and make sure the browser is
configured to Automatically logon  with current username  and password  and not
Automatic logon in intranet zone only.

Answer #4    Answered By: Harshita Padwal     Answered On: Jan 05

This also happens if something on the filesystem (NTFS) cannot be accessed.. i have uploaded the pdf16.gif once and it worked fine for "local administrators" but when any other end user  tried they had to cancel 3 times  to see the page.

to resolve that issue, the easiest is to re-apply the permissions (to children) at the 60 folder.

Answer #5    Answered By: Jennifer Jones     Answered On: Jan 05

Then your service account  doesnt have the correct permissions on the database?

Security Administrators
Database Creators

is that there?

Answer #6    Answered By: Annie Norris     Answered On: Jan 05

I found this post:

If you download from Microsoft Windows SharePoint Services w/ SP2,
during the install the default security  configuration is Kerboros.
I didn't do the install, but I believe that the person that did,
choose Kerboros and does not have a KDC running. I will check this
tomorrow when i have access to the servers.

If this were the case then the end-user would not be able to
authenticate against sharepoint because kerboros is not enabled.
The admin  would because they have admin rights to the box and sql
server, but when the admin opens a office  documents from a document
library, it attempts to authenticate against the KDC. Since there
is no KDC, then no access


Answer #7    Answered By: Chadd Hahn     Answered On: Jan 05

most definitely.. there is something that you need to do in order to make sharepoint "kerberized". its all in the SP2 patch notes

Answer #8    Answered By: Cheryl Kelley     Answered On: Jan 05

Is there a way to remove the local Administrators group  from seeing all the
Sharepoint content? I thought I read somewhere that last fall's service pack was
suppose to include that capability.

Answer #9    Answered By: Sharonda Mcfarland     Answered On: Jan 05

See the following knowledge base article
http://support.microsoft.com/kb/892295. The hotfix is included in WSS SP2,
but you need to enable it via stsadm.

Answer #10    Answered By: Damon Garner     Answered On: Jan 05

I do have a question though. If I run
this command:

stsadm -o setproperty -propertyname denymachineadminaccess -
propertyvalue 1

the local Administrators group  will still be able to access
Sharepoint Central Administration and do administrative activities
according to the article.

But they will not have access to all the sites, correct? Also,
anyone in the group assigned to the Sharepoint Administrators group
will have access to all sites, correct?

Answer #11    Answered By: Christop Mcfadden     Answered On: Jan 05

look at the release notes for WSS sp2. you will see the command to
disable it.

Didn't find what you were looking for? Find more on WSS Security Or get search suggestion and latest updates.