This article was previously published under Q225234
This article has been archived. It is offered "as is" and will no longer be updated.
When you open an Office 2000 document or follow a hyperlink to an Office 2000 document in a Web browser, you may be prompted to enter a password. If you click Cancel or type the user name and password, the document opens as read-only.
NOTE: You may need to type the user name and password multiple times before the document is opened in the Web browser.
These symptoms occur for the following reasons:
The Web server is using Windows NT Challenge/Response or Basic authentication, or both.
Office 2000 documents are opened in a Web browser as read-write.
When you open an Office 97 document or follow a hyperlink to an Office 97 document in a Web browser, you do not experience this behavior. Office 97 documents are opened as read-only in Web browsers.
To resolve this problem, obtain Microsoft Office 2000 Service Release 1/1a (SR-1/SR-1a).
To obtain SR-1/SR-1a, click the article number below to view the article in the Microsoft Knowledge Base:
245025 OFF2000: How to Obtain and Install Microsoft Office 2000 Service Release 1/1a (SR-1/SR-1a)
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was corrected in Microsoft Office 2000 SR-1/SR-1a.
With Windows NT Challenge/Response authentication turned on, most browsers prompt the user for a user name and password, and submit these details with another request for the same resource.
The Windows NT Challenge/Response authentication provides encryption of the user name and password. When a Web user is authenticated using the Windows NT Challenge/Response mechanism, the Web server does not actually receive a copy of the user's password in clear text format. Instead, an encrypted copy of the password is received, which is then passed on to the domain controller for verification. This can cause a problem if there is any ASP logic that requires access to a resource on another Windows NT computer. The remote computer will initially challenge for proof of identification. Because a copy of the user's password is not being sent, the appropriate messages can not be generated.
For more information about Internet server security, please see the following white paper: