Enabling selective authentication on a Win7 host

  • Last Post 13 June 2012
phillipcheetham posted this 11 June 2012

Is it possible to allow users to authenticate to a Windows 7 host?

We have a one-way forest trust relationship set to selective
authentication. Normally, users can authenticate to SharePoint sites on
web front ends that we've enabled "Allowed to Authenticate" to a group in
the trusted domain. The web front ends are running Win2k8R2. However, my
development workstation is running Windows 7 and despite granting the same
permissions, I'm still met with a "The machine you are logging onto is
protected by an authentication firewall" error.

Can I just not do this on this host?


Order By: Standard | Newest | Votes
ZJORZ posted this 13 June 2012

You need to set the perm on the credentials used for the service you are giving access to. For example...file share access would need the perm on the computer object

Met vriendelijke groet / Kind regards,
Jorge de Almeida Pinto

Tel.: +31-(06)-

(Sent from my Windows Phone)


phillipcheetham posted this 13 June 2012

I admit that I probably wasn't very clear in the description. The computer
objects for the web front ends (and the application servers) have "allowed
to authenticate" granted to xtrn-domain\usergroup. This works fine and
after some minor sharepoint tweaks users in that domain can be granted
access to sharepoint sites.

I did the same thing for my development workstation (the computer object
"allows to authenticate" to xtrn-domain\usergroup), but when I test the
connection (command prompt, run as a different user, use xtrn-domain
account), I get the authentication firewall message.

I'm wondering if there's something about Windows 7 that does not allow this
to happen (or there's some basic security differences between Win7 and
Win2k8R2 that I'm overlooking.) I've poked around on the MS and MSDN sites
and wasn't finding anything definitive, so I turned to the experts.