Go to the table of contents Go to the previous page You are at the end of the document View or print as PDF
Configuring browsers for NTLM identification
Configuring browsers for NTLM identification
Deploying an I Series Appliance | Forcepoint Web Security Cloud
This appendix describes how to configure supported Microsoft Internet Explorer, Google Chrome, and Mozilla Firefox for NTLM transparent identification, either manually or via a Group Policy.
Internet Explorer & Google Chrome
 
Note 
To enable NTLM on a single Internet Explorer browser:
1.
Go to Tools > Internet Options.
2.
Select the Security tab.
3.
Select Local Intranet, then click Sites to open the list of Trusted Sites for the Intranet zone.
4.
For Internet Explorer 8 and above, click Advanced on the window that appears.
5.
6.
Clear the Require server verification box.
7.
Click Close.
8.
9.
Scroll down to the User Authentication section, and ensure Automatic logon only in Intranet zone is selected.
10.
Click OK, and exit Internet Options.
Configuring NTLM via Group Policy
To create an NTLM transparent authentication policy using a Group Policy Object (GPO):
1.
2.
Perform the steps listed in Internet Explorer & Google Chrome to enable NTLM in the Internet Explorer or Chrome browser on the DC.
3.
a.
b.
c.
4.
5.
6.
7.
8.
Navigate to User Configuration > Policies > Windows Settings > Internet Explorer Maintenance > Security > Security Zones and Content Ratings.
9.
Select Import the current security zones and privacy settings.
10.
11.
12.
The changes will take time to replicate though your Active Directory, depending on your setup. This may be from 15 minutes to an hour; if you have a multi-site AD setup, it may take a day or two.
You can then set up a login script that will install the policy when end users log on to their workstations.
This method uses 2 files:
*
*
The login.bat script contains two lines:
@echo off
regedit /s \\path\ntlm.reg
In the ntlm.reg script, replace <Box IP> with the IP address of your appliance:
Windows Registry Editor Version 5.00
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range5]
"*"=dword:00000001
":Range"="<Box IP>"
Mozilla Firefox
Deploying an I Series Appliance | Forcepoint Web Security Cloud
 
Note 
To enable NTLM transparent authentication in Firefox:
1.
Open Firefox, and type about:config in the address bar.
2.
Click I'll be careful, I promise! to open the advanced configuration page.
3.
Type ntlm in the Search field.
4.
Select network.ntlm.send-lm-response and double-click it to toggle it to on.
5.
Double-click network.automatic-ntlm-auth-trusted-uris. In the box that appears, enter the IP address of the B1/B2 bridge interface on your appliance, and click OK.
6.
The Status is changed to user set, and the Value is changed to true.

Go to the table of contents Go to the previous page You are at the end of the document View or print as PDF
Configuring browsers for NTLM identification
Copyright 2022 Forcepoint. All rights reserved.