Today I responded to a customer who has an internal intranet. The customer has no issues accessing the intranet page from IE7, IE8, or IE9 - However when upgrading to Internet Explorer 10, the users are now getting prompted for username and password using windows authentication even though the user account the user is logged in with has access to the website hosted on Internet Information Services (IIS).
The following screenshot shows the logon authentication prompt presented from Internet Explorer 10 when attempting to access the organisations internal intranet.
![]()
Internet Explorer 10 by default allows credentials to automatically pass through to all "intranet" pages, however "internet" pages do not pass through credentials for security reasons. To see if Internet Explorer is treating the page as an "intranet" page or "internet" page, right click on the page error message (depending if you typed your credentials in or not) and click properties.
![]()
In the properties section of the page it will display what zone is currently configured. As you see below, Internet Explorer is treating the "intranet" page for this customer as an "internet" page and hence the user is getting prompted.
![]()
Now one fix for this problem is to simply go to Internet Options, Internet, Custom Level and set the User Authentication --> Logon to "Automatically logon with current user name and password". Whilst this will solve the problem it will lead to credentials of the current logged in user to pass over the Internet, not such a good idea!
![]()
A better fix is to configure your "intranet" page which is being treated as an "internet" page as an "intranet" page within Internet Explorer. This can be done by going to Internet Options, Local Intranet, Sites, Advanced.
![]()
In the advanced page add your local intranet page.
![]()
![]()
In this policy setting enter the intranet address you want to add to the Local Intranet settings as we did manually above along with a value. The values are represented as follows:
1 = Intranet zone
2 = Trusted Sites zone
3 = Internet zone
4 = Restricted Sites zone
As we want to add the site to the Intranet Zone we enter a value of 1.
![]()
Upon the next Group Policy refresh, all workstations will now no longer get prompted when attempting to access the Intranet page.
Hope this blog post has been helpful for people experiencing the same problem.
The following screenshot shows the logon authentication prompt presented from Internet Explorer 10 when attempting to access the organisations internal intranet.
Internet Explorer 10 by default allows credentials to automatically pass through to all "intranet" pages, however "internet" pages do not pass through credentials for security reasons. To see if Internet Explorer is treating the page as an "intranet" page or "internet" page, right click on the page error message (depending if you typed your credentials in or not) and click properties.
In the properties section of the page it will display what zone is currently configured. As you see below, Internet Explorer is treating the "intranet" page for this customer as an "internet" page and hence the user is getting prompted.
Now one fix for this problem is to simply go to Internet Options, Internet, Custom Level and set the User Authentication --> Logon to "Automatically logon with current user name and password". Whilst this will solve the problem it will lead to credentials of the current logged in user to pass over the Internet, not such a good idea!
A better fix is to configure your "intranet" page which is being treated as an "internet" page as an "intranet" page within Internet Explorer. This can be done by going to Internet Options, Local Intranet, Sites, Advanced.
In the advanced page add your local intranet page.
Problem fixed - Internet Explorer will no longer prompt for Authentication when accessing the local Intranet.
Applying fix to all computers
Now you want to apply this configuration to all computers on your domain. This can be done using Group Policy using the "Site to Zone Assignment List" group policy setting. This setting is located under:
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site to Zone Assignment List
1 = Intranet zone
2 = Trusted Sites zone
3 = Internet zone
4 = Restricted Sites zone
As we want to add the site to the Intranet Zone we enter a value of 1.
Upon the next Group Policy refresh, all workstations will now no longer get prompted when attempting to access the Intranet page.
Hope this blog post has been helpful for people experiencing the same problem.