What does AuthForwardServerList do?

windows windows-7 webdav zimbra ntlm
8,777

I recently came across this and wanted to provide an answer, even though the question is dated. My answer comes from TechNet KB 943280.

After the AuthForwardServerList registry key is created, the WebClient service will read the entry value. If the client computer tries to access a URL that matches any of the expressions in the list, the user credential will be sent successfully to authenticate the user, even if no proxy is configured.

This function was provided as a hotfix for Windows Vista and was built into Windows 7 because of [in my opinion] a big flaw in how the Win HTTP service works. The Win HTTP service ignores IE's built-in zone-checking mechanism that would look to see if a site is in the local intranet zone and then automatically send credentials to that intranet site. Instead, Win HTTP evaluates the URL as follows:

  • "If the URL contains no period in the server’s name, such as in the following example, the server is assumed to be on a local intranet site." http://sharepoint/davshare
  • "If the URL contains periods, the server is assumed to be on the Internet. The periods indicate that you use an FQDN address. Therefore, no credentials are automatically sent to this server unless a proxy is configured and unless this server is indicated for proxy bypass."

This is either a silly oversight or ridiculously lazy. There would be no issue, no hotfix, and no AuthForwardServerList key if the Win HTTP service simply referenced IE's security zones.

Share:
8,777

Related videos on Youtube

Jawad
Author by

Jawad

Java EE consultant by day. Android and iOS programmer by night. Founder @Appsropos: http://www.appsropos.com

Updated on September 18, 2022

Comments

  • Jawad
    Jawad almost 2 years

    A bit of context, we have several Windows 7 clients connected to an LDAP backed Samba PDC. We also have a Zimbra 8 server that authenticates off the same LDAP. When users logon to the Windows 7 clients, a batch script maps number of network drivers on the Samba server. All this is working well.

    Now I would like to map each user's Zimbra's Briefcase folder when the user logs in using WebDAV. We added: net use Z: https://mail.ourserver.com/dav/user/Briefcase /u:user to our batch script, however, it only works after the user has manually entered their password into the open command prompt.

    Obviously, what I want to be able to do here is mount the drive using the Windows login credentials, and without prompting for the password a second time after they have already logged in. Using net use Z: https://our.server.com/dav/user/Briefcase /u:user password works, but we do not have access to the user's plain text password and is therefore not an option.

    I came across the AuthForwardServerList registry key mentioned in this KB article, that is supposed to solve a similar problem when connecting to SharePoint servers over WebDAV. I tried adding the registry key with the value https://*.ourserver.com and various combinations of it, restarted the machine, but this seems to have no effect. net use still prompts for the password, and so does the "Map Network Drive" option in Windows Explorer.

    So my question is, how does AuthForwardServerList actually work? Does it only work with Windows servers, does the server have to support NTLM, or will any work with any WebDAV server using BasicAuth? Does it only work with IE and not with Windows Explorer?

    Alternatively, is there any way I can access the password the user just used to login to the machine, and somehow pass it to the script? The script is dynamically generated on the samba server and executed on the client, so even if the password can be captured in plain text on the server, it would be possible to append it to the script.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

"The folder you entered does not appear to be valid" while mapping a remote webdav URL
Windows 7, HTTPS WebDav: Asks for password twice and fails. Any workarounds?
Is it possible to configure a virtual network interface on Windows7?
Multiple Workspaces in Windows with Two Monitors
How To Automatically Logon To Windows 7 using a Password
Tomcat 7 as windows service not accessible from other systems
Cannot login to SQL Server 2008, in Windows 7 x64
How to use Robocopy to copy files with TimeStamp in command line
How do I set Windows Environment variables permanently?
Copying a file remotely from Ubuntu to Windows 7