- You map a network drive to a web share that requires user credentials.
- You configure the drive to use the Reconnect at logon option.
- You enter the user credentials, and then you select the Remember my password check box when you access the drive.
- You restart the computer, or you log off from Windows.
The operation being requested was not performed because the user has not been authenticated
The connection has not been restored
This hotfix applies only to Windows Vista-based systems. However, the registry changes described later in this section apply to all the operating systems in the "Applies To" section. No hotfix is required for systems that are running Windows 7, Windows 8.1, or Windows 10. The registry changes alone fix the problem on these systems.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
943280 You are prompted to enter your credentials when you access an FQDN site by using a Windows Vista-based client computer that has no proxy configured
- Click Start, type regedit in the Start Search box, and then press Enter.
- Locate and then click the following subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
- On the Edit menu, point to New, and then click Multi-String Value.
- Type AuthForwardServerList , and then press Enter.
- On the Edit menu, click Modify.
- In the Value date box, type the URL of the server that hosts the web share, and then click OK.
Note You can also type a list of URLs in the Value date box. For more information, see the "Sample URL list" section.
- Exit Registry Editor.
After this registry entry is created, the WebClient service will read the entry value. If the client computer tries to access a URL that matches any of the expressions in the list, the user credential will be successfully sent to authenticate the user even if no proxy is configured.
Note You must restart the WebClient service after you modify the registry.
Sample URL list
The following is a sample URL list:
This URL list enables the WebClient service to send credentials through the following channels.
Note After you configure this URL list, the credentials will automatically authenticate to the WebDAV servers even if these servers are on the Internet.
- Any encrypted channel to a child domain of a domain whose name is Contoso.com.
- Any nonsecure channel to a child domain of a domain whose name is dns.live.com.
- Any channel to a server whose name ends with ".microsoft.com."
- Any encrypted channel to a host whose IP address is 22.214.171.124.
Things to avoid in the URL list
- Do not add an asterisk (*) at the end of a URL. When you do this, a security risk may result. For example, do not use the following: http://*.dns.live.*
- Do not add an asterisk (*) before or after a string. When you do this, the WebClient service can send user credentials to more servers. For example, do not use the following:
In this example, the service also sends user credentials to http://extra_charactersContoso.com.
In this example, the service also sends user credentials to http://Contosoextra_characters.com.
- Do not type the UNC name of a host in the URL list. For example, do not use the following: *.contoso.com@SSL
- Do not include the share name or the port number to be used in the URL list. For example, do not use the following:
- Do not use IPv6 in the URL list.
Important This URL list has no effect on the security zone settings, and this URL list is used only for the specific purpose of forwarding the credentials to WebDAV servers. Create the list as restrictively as possible to avoid any security issues. Also, notice that there is no specific deny list. Therefore, the credentials are forwarded to all the servers that match this list.
If Basic authentication or Digest authentication is implemented in the network, hotfix 943280 cannot change this behavior. This behavior is by design in Basic authentication mode and in Digest authentication mode.
IIS does not support Windows authentication over the Internet. Therefore, this hotfix applies only to the Intranet scenarios.