[igor7]

Hi, everybody!!
I am unable to find method in the web to open a windows authenticated intranet website from vbs script. I'm using simple vbs script code (see bellow) to open this forum website:

Code:

Set wshShell = WScript.CreateObject ("WSCript.shell") 
Set IE = CreateObject("InternetExplorer.Application") 
IE.visible = 1 
 
IE.navigate(http://www.petri.co.il/forums/forumdisplay.php?f=18)

In my work place we have an intranet web site that require domain authentication. That means I need to provide, user id, password & domain while opening the particular web site.

Some times I need to open this site hundred times during work day and it simply drive my nuts ... I want to be able open this site using vbs script while my domain credentials will be provided automatically (of course for personal use only).

[Virtual]

Not sure with a script but do you know there is a way of doing through Group Policy and Internet Explorer?

If you go to Tools, Internet Options.

Click on the 'security tab' and then highlight 'Local Intranet'. Click on 'Sites' and then 'advanced' and add your intranet web url in to there.

Next, click on 'custom settings' at the bottom whilst ensuring 'local intranet' is still highlighted. Scroll to the botom and make sure there is a dot in 'Automatic logon with current username and password, under the logon section.

[vonPryz]

Have you enabled integrated Windows authentication? Tools -> Advanced -> Enable Integrated Windows Authentication (Under the security padlock icon).

If the intranet site is made the proper way, it supports integrated authentication and no manual logons are needed at all. Ask the intranet maintenance people if this is the case.

-vP

[igor7]

Thank you guys for the replays, but I don't think that IE configuration problem... I think IIS configured to promt username/password for each connection to this web site.
I'm in vacation now till the end of this week, so I can't try what you advised. But even it can be configured trough IE settings it doesn't help me much, because in my work place I use multiple computer station to log in into company network, so I prefer to use username/password prompt rather configure each station I use. That's why I'm searching for the script.

[Virtual]

Quote:

Originally Posted by igor7

Thank you guys for the replays, but I don't think that IE configuration problem... I think IIS configured to promt username/password for each connection to this web site.
I'm in vacation now till the end of this week, so I can't try what you advised. But even it can be configured trough IE settings it doesn't help me much, because in my work place I use multiple computer station to log in into company network, so I prefer to use username/password prompt rather configure each station I use. That's why I'm searching for the script.

Fair enough. I have a WSS 3 site running on IIS at one of my clients. They connect via the intranet and the login is automatic, no prompting, as it uses the currently logged on user. I roll out the setting through Group Policy, so there is no administrative overhead.

As you say, your looking for a way to script it, so hopefully someone can assist with that.

[vonPryz]

Quote:

Originally Posted by igor7

I think IIS configured to promt username/password for each connection to this web site.

The problem you describe is exactly what integrated logon is supposed to solve. You don't type your password each time when accessing network shares or launching Outlook, do you?

-vP

[igor7]

Quote:

Originally Posted by vonPryz

The problem you describe is exactly what integrated logon is supposed to solve. You don't type your password each time when accessing network shares or launching Outlook, do you?

Yes, I not typing my domain credentials to access any network resources and I agree with fact that IE can be configured to prompt username & password or automatic logon... I don’t have access to ISS configuration so I not sure with authentication method is used (btw here is explanation about this).
But still as I said I'm use many computer station to log on into company network environment so I prefer have an script rather then configure each station

[Virtual]

Quote:

Originally Posted by igor7

Yes, I not typing my domain credentials to access any network resources and I agree with fact that IE can be configured to prompt username & password or automatic logon... I don’t have access to ISS configuration so I not sure with authentication method is used (btw here is explanation about this).
But still as I said I'm use many computer station to log on into company network environment so I prefer have an script rather then configure each station

As I have stated, the processis automated through Group Policy, so every domain machine you log onto, you will not be prompted.

Somebody must know a way of scripting this for you, so hopefully should respond. With a script, you still need to either roll that out through Group Policy or manually run it each time.

[igor7]

OK, guys. I did some reverse engineering staff and finally I've find solution for my problem! First of all I understand that this is not IIS configuration problem. IIS configured to use Integrated Windows Authentication, so each AD network resource should be accessed without providing username/password. In my case username/password prompt appears because the site I trying to access placed on server in other (trusted) domain. How I know this? Well, when I followed to Virtual advice:

Quote:

Tools >> Internet Options >> Click on the 'security tab' and then highlight 'Local Intranet'. Click on 'Sites' >> 'advanced' >> add your intranet web url in to there. Next, click on 'custom settings' at the bottom whilst ensuring 'local intranet' is still highlighted. Scroll to the bottom and make sure there is a dot in 'Automatic logon with current username and password, under the logon section.

and than open the particular web site, before it opens (without username/password prompt) the following message is appears:

Code:

 
This page is accessing information that is not under its control.
This poses a security risk. Do you want to continue?

I searched the web for understand the reason why this message is appears and find explanation in msdn site:

Quote:

This is how cross-domain security fundamentally works. It's far from a perfect system, but it's simple. Since there is no way to specify which pages trust other pages to access their data, Internet Explorer simply says that if two pages are not in the same domain, they cannot communicate. More precisely, Zone Manager (found on the security tab in Internet Settings) does allow the user to say that a page may access another page, but as you point out, most people leave it set on prompt. You can suggest users add the page to the trusted site zone, or merely say Yes to the dialog box...

So, as we see the way to avoid security notification message is add the web site to trusted sites zone. I did so and when next time I opened this site it doesn't prompt me for username/password! But still this solution doesn't meet my needs... I don't want to configure IE on each computer manually before accessing this particular web site. To be honest it can be configured trough registry or with a *.reg file. I found Internet Explorer security zones registry entries for advanced users site with perfect explanation about IE zones and authentication methods. But since I've promised to our users "script this issue", I keep my promise and wrote the vbs script based on example from Scripting Guy website. Here is the code:

Code:

On Error Resume Next
Const HKEY_CURRENT_USER = &H80000001
strComputer = "."
Set objReg=GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _
& "ZoneMap\Domains\mysite.com"
objReg.CreateKey HKEY_CURRENT_USER, strKeyPath
strValueName = "http"
dwValue = 2
objReg.SetDWORDValue HKEY_CURRENT_USER, strKeyPath, strValueName, dwValue
 
Dim objShell, RegLocate, RegLocate1
Set objShell = WScript.CreateObject("WScript.Shell")
On Error Resume Next
RegLocate = "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1A00"
objShell.RegWrite RegLocate,"00000","REG_DWORD"
 
Set wshShell = WScript.CreateObject ("WSCript.shell") 
Set IE = CreateObject("InternetExplorer.Application") 
IE.visible = 1 
IE.navigate(http://www.mysite.com)

That's all! Thank you guys for help! May be this information will help to somebody else...

P.S. Tools -> Advanced -> Enable Integrated Windows Authentication (Under the security padlock icon). - is checked by default in IE 6 and 7.

[J0K3R]

could always make sure the username and passwords are stored here C:\Windows\System32\rundll32.exe keymgr.dll, KRShowKeyMgr

thats is how i stopped a sharepoint page from asking me to authenticate to it all the time