- You use a computer that is running Windows Vista or a later version of Windows.
- You use Web Distributed Authoring and Versioning (WebDav) to access a fully qualified domain names (FQDN) site.
If the URL contains periods, the server is assumed to be on the Internet. The periods indicate that you use an FQDN address. Therefore, no credentials are automatically sent to this server unless a proxy is configured and unless this server is indicated for proxy bypass.
Note A server can be indicated for proxy bypass through either the bypass list or the proxy configuration script.
In this situation, you are either denied access or prompted to enter your credentials when the website asks for credentials. Even when this occurs, the security zone settings are ignored.
This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
To resolve this problem, create a registry entry. To do this, follow these steps:
- Click Start, type regedit, and then press Enter.
- Locate and then select the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
- On the Edit menu, point to New, and then click Multi-String Value.
- Type AuthForwardServerList, and then press Enter.
- On the Edit menu, click Modify.
- In the Value data box, type the URL of the server that hosts the web share, and then click OK.
Note You can also type a list of URLs in the Value data box. For more information, see the "Sample URL list" section in this article.
- Exit Registry Editor.
- If you have added the AuthForwardServerList registry entry, be aware that if Basic authentication or Digest authentication is implemented in the network, using the registry entry cannot prevent the prompt for credentials. This behavior is by design for Basic authentication and Digest authentication.
- You must restart the WebClient service after you modify the registry.
Sample URL list
In the Value data box for the new entry, you can enter a list of URLs, such as the following example:
- Any encrypted channel to a child domain of a domain whose name is Contoso.com.
- Any nonsecure channel to a child domain of a domain whose name is dns.live.com.
- Any channel to a server whose name ends in ".microsoft.com."
Things to avoid in the URL list
- Do not add an asterisk (*) character at the end of a URL. This can create a security risk. For example, do not use the following URL:http://*.dns.live.*
- Do not add an asterisk (*) before or after a string. This can cause the WebClient service to send user credentials to additional servers. For example, do not use the following URLs:
In this example, the service also sends user credentials to http://extra_charactersContoso.com.
In this example, the service also sends user credentials to http://Contosoextra_characters.com.
- In the URL list, do not type the UNC name of a host. For example, do not use the following URL:*.contoso.com@SSL
- In the URL list, do not include the share name or the port number to be used. For example, do not use the following URLs:
- Do not use IPv6 in the URL list.
This URL list does not affect the security zone settings. This URL list is used only for the specific purpose of forwarding the credentials to WebDAV servers. The list should be created as restrictively as possible to avoid any security issues. Also, because there is no specific deny list, the credentials are forwarded to all the servers that match this list.
Windows Server 2016, Windows 10, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista
Article ID: 943280 - Last Review: Apr 27, 2017 - Revision: 22