Project Server 2003 and Enhanced Security Configuration

[Jim Puls]

I'm setting up Project Server 2003 and Project Pro 2003 in a test
environment. I seem to be having an issue when the Internet Explorer
Enhanced Security Configuration is enabled on the server.

If I make the <servername>/projectserver URL part of the Local
intranet zone on the client, I don't get asked for credentials, but
Project Pro reports that it wants the page to be part of the Trusted
sites zone.

If I make the <servername>/projectserver URL part of the Trusted sites
zone, I get asked for credentials via a popup browsing to the site -
even using a Windows logon.

I notice that the Local intranet zone is marked as a "Medium-Low"
security zone by default, but that the Trusted sites zone is
classified as a "Medium" security zone. Making the Trusted sites zone
a "Low" security zone fixes things. Or, if I disable the Enhanced
Security Configuration on the server and make the URL trusted, all
seems to work ok, both PWA and Project Pro.

What is the correct way to set security with Enhanced Security
Configuration turned on? As this is an IE setting, it's on a
per-client basis, so it would be a good thing to get right!

Thanks,

- Jim

 

[Gary L. Chefetz]

Jim:

All the documentation I've seen says to disable the enhanced security
feature and/or set the Trusted Sites zone to low.

--

Gary Chefetz [MVP]
http://www.msprojectexperts.com
"We wrote the book on Project Server"

*** Remember to look for line breaks in links posted to the news group, use
cut and paste for these.

 

[Kevin Flanagan]

I agree with Gary. We set our trusted sites zone to low
and have not had any further problems. We left the
enhanced security feature enabled to allow the server
protection from possible hacks.

Kevin

 

[Jim Puls]

Kevin and Gary - Thanks for the suggestions!
- Jim