Subject: Client Bulk Settings -- Adding Trusted Sites using Group Policy Objects (GPO)
Author: authen
In response to: Client Settings to Trigger SSO
Posted on: 06/02/2010 06:21:54 PM
A Group Policy Object (GPO) can be used to add your website to the trusted intranet zones of all IE clients in a domain. Otherwise, it will be necessary to modify each client's security settings manually.
To add trusted sites using a GPO, Launch Active Directory Users and Computers (ADUC), right click on the domain the clients are in, select Properties > Group Policy > New, type in a name for the GPO (like "IE Security Settings") and then select Edit > User Configuration > Windows Settings > Internet Explorer Maintenance > Security > Security Zones and Content Ratings. Select Import the current security zones and privacy settings > Modify Settings > Trusted Sites > Sites and add your server's websites just as you would on a client. Then wait for the policy to propagate throughout the whole domain.
>
> On 06/02/2010 01:44:24 PM authen wrote:
The above configuration is sufficient to perform NTLM authentication but, by itself, it is probably not sufficient to perform SSO. SSO is when the client's browser automatically authenticates the user without asking for credentials again. There are several conditions required for SSO to occur:
1. The user must be logged into the workstation using their domain credentials.
2. The browser must support NTLM HTTP authentication.
3. The URL used to visit the site must be a fully qualified DNS hostname. A NetBIOS name, the special "localhost" name or an IP address3 may not work as expected.
References: