Wednesday, October 13, 2004

Argh! Outlook won't save my password when it connects via the Internet!

If you're like me, you wonder why that Outlook 2003 Authentication box doesn't remember your password when using Outlook via the Internet (also known as RPC over HTTP).

I was frustrated by this, so I wanted to find out why. Turns out it was pretty simple reasoning.

If you follow the instructions on the Remote Web Workplace for your Small Business Server 2003 box, you'll probably be setting the Proxy Authentication Settings to Basic Authentication. Basic Authentication will send the password in clear text over the internet. Don't fret! you're still SSL encrypted, so it's not really clear text!. Basic Authentication is not remembered via the system, (since it would also store the password in clear text). This could give hackers or Spyware that runs on your system a chance to get this password and send it out to another source.

The other option in this drop down is NTLM Authentication. This type of password is encrypted, and hence can be stored by the system. The problem is, NTLM authentication isn't good at passing through firewalls. Seeing as there are a lot of firewalls on the Internet (chances are if you're running XP SP2, and your server is SBS your going through at least 2 firewalls, possibly 3 or even 4!).
So while Basic can work through any number of firewalls that it may encounter, it cannot store this on the system (for security reasons), NTLM has the exact opposite problem. In many cases, NTLM won't even connect, so it doesn't matter it can save your credentials.

So that's why you can't save your password in the Outlook 2003 RPC/HTTP dialog box.

13 comments:

Anonymous said...

What about saving the user name? Users have outlook 2003 setup for RPC/HTTPS and they have to put in their domain and user name to log on, example domain.local\username
is there a way to save the user name? I have looked all over outlook for this with no luck.

thank you
Norm

Sean Daniel said...

Strange. I've always used DOMAIN\username and Outlook has always just saved the username part. Can you try using the netbios domain instead of the fqdn and see if Outlook saves that for you?

Anonymous said...

Thanks Sean,
It worked from home, and after football and Thanksgiving dinner I'll go by the office and try it locally. I'm thinking thought when I first setup my SBS 2003 box that It would only work internally using domain.local\username
It's not a major deal, just lazy users don't want to type in their username besides their password.
Have a good Thanksgiving

Norm

Sean Daniel said...

I hear you, I'm playing with a few KB articles to see if I can get the server to remember the domain part for you, since that's the only place the server requires the domain\user logon. If I figure it out, I'll be sure to post it on this blog.

Happy Thanksgiving to you too Norm.

Anonymous said...

You can get NTLM to auto auth your Outlook log in.

http://support.microsoft.com/default.aspx?scid=kb;en-us;820281

Sean Daniel said...

Thanks Anonymous. The problem is NTLM credentials don't trans-firewall very well. It's definately worth a try though.

Anonymous said...

I understand the cleartext argument, but MANY Microsoft applications store MANY cleartexts passwords in ecrypted form on your hard disk (that is what MS Password Manager was built for!). Every web site that supports Basic Authentication has Internet Eplorer popping up an option to save your password (which will also have to be sent in original cleartext next time).

It seems like Microsoft were just lazy in simplyifying account setup, and even more lazy when it came to integrating Exchange login with password manager.

Anonymous said...

In this situation try use-forgot outlook password,it tool is free as far as i know,also program recover lost or forgotten passwords for the mail accounts and *.pst files of the Microsoft Outlook mail client,recovers forgotten or lost passwords for mail accounts and also passwords for LDAP services that the Microsoft Outlook mail client uses in its work,also recovers passwords for password-protected Microsoft Outlook data files (files with the *.pst extension)that the Microsoft Outlook mail client uses to store user data (contacts, messages, reminders,notes, tasks),can also be used to recover forgotten or lost passwords for *.pst files created in various versions of the Microsoft Outlook mail client: Microsoft Outlook 97 - Microsoft Outlook 2002 and Microsoft Outlook 2003. .Pst password recovery tool recover Outlook password for Outlook 2007 too,compatible with all versions of the Microsoft Windows operating system higher than Microsoft Windows 95. Software don't recover Outlook passwords under Windows 95,can save the configuration of Microsoft Outlook identities to a plain text file,all settings of mail accounts, including the settings of IMAP and HTML mail accounts, will be saved to this file.

Alexis said...

Know good similar tool which works with passwords and more than-recovery password outlook,as far as i know it is free,utility recover lost or forgotten passwords for the mail accounts and *.pst files of the Microsoft Outlook mail client,recovers forgotten or lost passwords for mail accounts and also passwords for LDAP services that the Microsoft Outlook mail client uses in its work,also recovers passwords for password-protected Microsoft Outlook data files (files with the *.pst extension)that the Microsoft Outlook mail client uses to store user data (contacts, messages, reminders,notes, tasks),can also be used to recover forgotten or lost passwords for *.pst files created in various versions of the Microsoft Outlook mail client: Microsoft Outlook 97 - Microsoft Outlook 2002 and Microsoft Outlook 2003. .Pst password recovery tool recover Outlook password for Outlook 2007 too,compatible with all versions of the Microsoft Windows operating system higher than Microsoft Windows 95. Software don't recover Outlook passwords under Windows 95,can save the configuration of Microsoft Outlook identities to a plain text file,all settings of mail accounts, including the settings of IMAP and HTML mail accounts, will be saved to this file.

Alex said...

OOO,this problem is very difficult,but when I was in similar situation I used-ldap outlook password recovery,tool helped me and my friends too,it is free as far as I know,also program recover password-protected files with *.pst extension for Microsoft Outlook email client,sorts all characters and constructs a fake password, which is always accepted by Microsoft Outlook email client,supports all versions of Microsoft Outlook, starting from Microsoft Outlook 97,program can work under all Windows operating systems from Windows 98. BTW, this one is not supported by Microsoft Corporation anymore, so, we recommend to upgrade,can recover passwords of Microsoft Outlook for a great number of services and mail accounts, such as Microsoft Mail, IMAP mail servers, POP3 mail servers, Microsoft Exchange Server, HTML mail servers and Microsoft LDAP Directory.

Unknown said...

While talking about the subject of drive recovery, it has so many difficult problems that the inexperienced user can possibly make incredible mistakes unintentionally. It also involves many precious files like multimedia and project files. . Only after the individual has lost his important files, he will accept the power of data recovery software. Thank You for this great post.
repair corrupt pst file

Unknown said...

PST file is the most useful file of the Outlook and the user can save pst password inside the PST file. Sometime the pst file becomes corrupt or unable to access at such case you need to recover pst password from the MS Outlook. to recover lost personal storage file password you can use a outlook password recovery because you can get instant and effective solution to recover pst password.

Anonymous said...

Thank you