You are prompted for credentials when you try to access an Exchange Server 2003 computer by using Outlook Web Access on a Windows Server 2003-based computer

Assume that you are using Microsoft Internet Explorer on a Microsoft Windows Server 2003-based computer. When you use Outlook Web Access on the Windows Server 2003-based computer to access a Microsoft Exchange Server 2003 public folder, you may be prompted to type your credentials. This behavior occurs even when you are logged on as an Exchange administrator. After you type your credentials, you can access the public folder.

This behavior occurs because the Internet Explorer Enhanced Security Configuration is enabled on the Windows Server 2003-based computer. (By default, the Internet Explorer Enhanced Security Configuration is enabled.) Users who try to access Exchange Server 2003 by using Outlook Web Access must type their domain name and their password even if the user is an authenticated user for the trusted domain where the Exchange Server 2003 computer is located.

Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

If you do not want users to type their domain name and their password when they use Outlook Web Access, you must remove the Internet Explorer Enhanced Security Configuration component. To do this, follow these steps.

Note You must follow these steps on the Windows Server 2003-based computer that has the Internet Explorer Enhanced Security Configuration enabled.

1. Click Start, point to Settings, and then click Control Panel.
2. In Control Panel, double-click Add or Remove Programs. In the Add or Remove Programs dialog box, click Add/Remove Windows Components, Select Internet Explorer Enhanced Security Configuration, and then click Details.
3. In the Internet Explorer Enhanced Security Configuration dialog box, click to clear both the For administrator groups, and For all other user groups options, and then click OK.
4. Click Next to remove the Internet Explorer Enhanced Security Configuration component for Windows Server 2003.

Additionally, before you access Exchange Server 2003 with Outlook Web Access, you must add the Exchange Server 2003 Outlook Web Access Web site to the Trusted Sites list in Internet Explorer on the Windows Server 2003-based computer. To do this, follow these steps:

1. Start Internet Explorer.
2. On the Tools menu, click Internet Options.
3. In the Internet Options dialog box, click the Security tab, click Local Intranet, and then click Sites.
4. In the Local Intranet dialog box, click Advanced.
5. In the Add this Web sites to the zone box, type the URL of the Web site for Outlook Web Access, and then click OK to save the changes, and then click OK two more times.

This behavior is by design.

You can download the Managing Internet Explorer Enhanced Security Configuration white paper when you visit the following Microsoft Web site: