We have an Intranet site that is accessible both from our LAN and the
Internet, using NT Challenge/Response authentication (set in IIS 4).

Users who have installed XP on their home machines have been unable to
access the Intranet. Before, it would prompt them for their username,
password, and domain. Now, it gives them no prompt and takes themn straight
to an "access denied" page.

I strongly suspect this is an issue with the Internet Connection Firewall,
as one user was able to access the site after disabling the firewall. Does
anyone know of a way to modify the ICF to allow NTLM access over the
Internet?

Hi Clinton,

1. In Internet Explorer, click Internet Options on the Tools menu.

2. Click the Advanced tab, click to select the "Enable Integrated
Windows Authentication (requires restart)" check box, and then click OK.

3. Restart Internet Explorer.

Thanks for using Microsoft News Group!

Sincerely,

Steven Liu

Online Support Professional



This posting is provided ¡°AS IS¡± with no warranties, and confers no
rights.
--------------------
| From: "Clinton Smith" >
| Subject: Internet Connection Firewall and NTLM
| Date: Thu, 24 Apr 2003 16:40:48 -0400
| Lines: 14
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: >
| Newsgroups: microsoft.public.windowsxp.security_admin
| NNTP-Posting-Host: 66.213.109.25
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP10.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.windowsxp.security_admin:56296
| X-Tomcat-NG: microsoft.public.windowsxp.security_admin
|
| We have an Intranet site that is accessible both from our LAN and the
| Internet, using NT Challenge/Response authentication (set in IIS 4).
|
| Users who have installed XP on their home machines have been unable to
| access the Intranet. Before, it would prompt them for their username,
| password, and domain. Now, it gives them no prompt and takes themn
straight
| to an "access denied" page.
|
| I strongly suspect this is an issue with the Internet Connection Firewall,
| as one user was able to access the site after disabling the firewall.
Does
| anyone know of a way to modify the ICF to allow NTLM access over the
| Internet?
|
|
|

Clinton,

You need to open tcp and udp ports 445 and possibly also tcp 135 on the
firewall. May I add that this is a very BAD desig (both for your servers
and for the clients). Consider setting up a VPN or use WebDAV over SSL +
encrypted files with IIS 6.0 on Windows Server 2003.

Regards,

George.

"Clinton Smith" > wrote in message
...
> We have an Intranet site that is accessible both from our LAN and the
> Internet, using NT Challenge/Response authentication (set in IIS 4).
>
> Users who have installed XP on their home machines have been unable to
> access the Intranet. Before, it would prompt them for their username,
> password, and domain. Now, it gives them no prompt and takes themn
straight
> to an "access denied" page.
>
> I strongly suspect this is an issue with the Internet Connection Firewall,
> as one user was able to access the site after disabling the firewall.
Does
> anyone know of a way to modify the ICF to allow NTLM access over the
> Internet?
>
>