Symptom:
When Windows Authentication is enabled, users are still unable to login into PVWA.
Cause:
The Hardening GPO settings provide only the 'Administrators' group the 'Access this computer from the network' permission.
As part of the PVWA Hardening - the GPO removes all groups but the "Administrators" from the "Access this computer from the network" setting.
As a result, users who aren't Administrators on the PVWA machine can't log in to PVWA with Windows Authentication.
Solution:
Add the 'Domain Users' group to this permission setting in the PVWA Hardening GPO should resolve the issue.
Note:
This setting is required for the PVWA v10 interface:
Enable Windows authentication in the new PVWA interface:
1. Using Notepad (not Notepad++), open the IIS configuration file. By default, this is
%WinDir%\System32\Inetsrv\Config\applicationHost.config.
2. At the end of the file, add the following lines:
<location path="Default Web
Site/PasswordVault/api/auth/windows/logon">
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</location>
3. Restart the IIS server.
Test Windows Authentication in the PVWA:
In the PVWA, in the list of available authentication methods, click Windows; the PVWA will authenticate you with your Windows authentication and will not prompt you for additional authentication.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article