We have a WC application that was in production on a WinNT4.0 server. It functions over an Intranet so we use Windows Challenge/Response for general client access and also Basic Auth for the admin.asp functions. Anonymous Access is disabled.

After moving the application to a Win2K server, the clients are receiving an NT Challenge for UserID/Password/Domain on every page hit. The initial page is just a standard HTML page. We have Windows Integrated Auth and Basic Auth set for the web site similar to how the WinNT server was.

On the NTFS side, the Everyone account has Read and Execute rights on the relevant folders.

We do not understand why clients are being challenged. When testing, I can succesfully get to all web pages, but, of course, I have rights all over the machine.

Is there something different about Win2k security from WinNT that we have missed or overlooked that would cause this? Or is there some other issue that we have missed?

Thanks,
Bill