Automatic login, Intranet vs Trusted Zone authentication issues

[Jack Kohn]

Situation: We have MS Project Pro on our MetaFrame server so our PM's
can access their projects remotely.

We have a number of external sites in the Trusted Zone for which we do
*not* want to use the setting "Automatically logon using current
username and password".

Unfortunately, MS Project forces the Project server to be in the
"Trusted Zone." So our PM's windows credentials don't get
automatically passed through to the Project Server.

Our workarounds for this seem to be:
A) relax security settings for the "Trusted zone" to allow
automatic login;
B) force users to login separately to the Project Server; or
C) ask users to modify their zone security settings when they
want to use Project.

None of these seem acceptable:
A) is not acceptable: we do not want to pass our internal
network credentials to any trusted site that happens to ask for them.
B) is no good: PM's are complaining about the extra login.
C) is not acceptable: We don't *want* users to modify zone
security settings, for obvious reasons.

It seems like it would solve our problems if we could just have our MS
Project server in the Intranet zone, but the system doesn't work that
way.

We do not want to set up Project server for external access via the
Internet. We don't need that feature / exposure, and it brings
additional administration overhead.

Anyone have any ideas?

Thanks.

-jmk
Jack Kohn

 

[William Raymond [MVP]]

Hi Jack,

I understand your frustration, but I think you are basically going to have
to choose one of the options you layed out. However, there is one other
minor work-around.

You could set trusted sites to not require a login. Then, you can have
users save their username/password locally. For example, in Windows XP Pro:

1) Start->Control Panel->User Accounts
2) Select the account that will login to Project Server
3) Under "Related Tasks", click Manage My network Passwords.
4) Add the Server name for Project Server, the username and the password.

This is just a work-around and probably not what you are looking for, but at
least the user should not have to perform a login. This will also allow you
to access Project Server via the Project Professional client (because
Project Pro does not support a challenge/request option so the password must
be saved).

-Bill

 

[Jack Kohn]

Bill -

Thanks for the suggestion for a workaround. However, I'm not sure the
MetaFrame server will allow this sort of username/password caching, or
if it will be practical in our domain environment.

All input's good for a brainstorm, though. Thanks again.

-jmk

Hi Jack,

I understand your frustration, but I think you are basically going to have
to choose one of the options you layed out. However, there is one other
minor work-around.

You could set trusted sites to not require a login. Then, you can have
users save their username/password locally. For example, in Windows XP Pro:

1) Start->Control Panel->User Accounts
2) Select the account that will login to Project Server
3) Under "Related Tasks", click Manage My network Passwords.
4) Add the Server name for Project Server, the username and the password.

This is just a work-around and probably not what you are looking for, but at
least the user should not have to perform a login. This will also allow you
to access Project Server via the Project Professional client (because
Project Pro does not support a challenge/request option so the password must
be saved).

-Bill

in message

 

[Gary L. Chefetz [MVP]]

Jack:

Bill's workaround will not work with Citrix. The only other thing you could
do is to use different session profiles depending on the user's intent to
use MOPS or not. In the future, please post your questions to
microsoft.public.project.server as this one is closing down. Thanks.

 

[Jack Kohn]

Hi, Gary -

That's an interesting idea. We haven't been doing a lot of profile
customization under Citrix, but we're upgrading and this could be an
option for us. Thanks for the tip.

Thanks also for the reminder about this newsgroup going away. I'll
move it to my "Obsolete" desk in Agent.

-jmk

 

[William Raymond [MVP]]

Hi Gary,

Good point. Sorry about any confusion. -Bill