IPrism and Windows 7

Update: Ron Kaplan from St. Bernard contacted me about this article on 8/19/09.  He indicated that the Iprism appliance would officially support Windows 7 in Q4 of 09.  He agreed to post the below workaround for older versions of Iprism in their knowledgebase.  That link is available here.

For months, I’ve been plagued at work running Windows 7 with the IPrism Internet appliance (web filter).  Every time I would hit a web page in the morning on Windows 7, Windows would pop up a dialog box asking for authentication.  It would not accept my credentials, so I would end up hitting the ESC key a bunch of times so I could hit the IPrism applicance main page and log into there.  This would last for 60 minutes and I would have to repeat this throughout the day.

I stumbled across this fix by accident…it seems that IPrism uses NTLM and not Kerberos for authentication.  I even contacted their tech support and they did not clue me in on this.  The default for Windows 7 seems to strictly use Kerberos above all else.   The following steps seem to fix it:

Click Start

Click Control Panel

Click Administrative Tools

Double-Click Local Security Policy

In the left pane, click the triangle next to Local Policy

In the left pane, click Security Options

In the right pane near the bottom, double-click “Network security: LAN manager authentication level”

Click the drop-down box, and click “Send LM & NTLM – use NTLMv2 session security if negotiated”

Click OK

– Soli Deo Gloria