Today I was tasked with making it easier for employees to get to our Intranet site. There are a couple of public computers in the break room that employees can use to browse the net on their breaks.
These computers are not really computers in any sense. They are more like dumb terminals. They can store a certain amount of data in non-volatile storage so this limits much of what I can do.
The task was to provide an icon on the desktop that the employees could click on and it would open up the Intranet site in the browser and make sure they are automatically logged in. The logging in would not be so hard in a normal corprate network situation as the user that is logged into Windows would have their credentials passed into SharePoint. This was not the case as these computers are not attached to the domain and not on the corporate network.
I figured the best way to accomplish this task was to create a batch file. I knew it was pretty easy to open a program in a batch file so I began with:
start iexplore.exe http://intranet
This would open up the Intranet site in Internet Explorer. Now I just need to pass in the user credentials so the user is not prompted for a login and password.
I began searching on the web and found some posts that suggested using /user:domain\username password so that it looks like this:
start iexplore.exe http://intranet /user:domain\username password
This did not change the user at all and it still caused the prompts. I then found a post by David Klein on using impersonation batch files for testing web applications. He had very similar conditions - Integrated Windows Authentication and an Intranet site that he wanted to open as a different user. His suggestion is short, simple, and works like a charm:
runas /user:domain\username /savecred "%ProgramFiles%/Internet Explorer/iexplore.exe http://intranet"
This will cause the machine to prompt for the password the first time it is ran but after that it stores it (until the computer is rebooted). This is also fairly secure even if it is a batch file that anyone can view in Notepad since the command does not contain any passwords.
The only downside to this is that if the computers are rebooted or the power goes out, you will need to re-enter the password the first time.
Hey Mike,
ReplyDeleteGreat stuff... I just wish my users weren't afraid of batch files.
I have IWA, and my biggest problem is getting any of my users to understand they need to prepend their account name with our domain name and a backslash.
A batch file might help me here.
Using the "runas" impersonation method first prompts the user for their password in the command prompt. This is the cred to start IE7, and that works, but then I get an IWA prompt. I'm sure if I put the server URL into the user's IE setting and properly configured the Intranet Zone settings, it would log them right in...
Yeap, works like a charm. I see massive potential!
Thanks,
Wef