Integrated Windows Authentication in IIS 6.0
Applies To: Windows Server 2003 R2, Windows Server 2003 with SP1
Integrated Windows authentication (formerly called NTLM, and also referred to as Windows NT Challenge/Response authentication) is a secure form of authentication because the user name and password are hashed before being sent across the network. When you enable Integrated Windows authentication, the user's browser proves its knowledge of the password through a cryptographic exchange with your Web server, involving hashing.
Integrated Windows authentication is disabled by default if you install Windows Server 2003 Service Pack 1 (SP1) as part of a slipstream installation of a Windows Server 2003 operating system. If you install Windows Server 2003 SP1 by itself as an upgrade to a Windows Server 2003 operating system, the setting for Integrated Windows authentication is unchanged from its Windows Server 2003 setting. Integrated Windows authentication is enabled by default for Windows Server 2003 operating systems.
This section includes the following information:
Configuring Integrated Windows Authentication in IIS 6.0: Describes how to configure Integrated Windows authentication.
Configuring Constrained Delegation for Kerberos: Describes how to configure constrained delegation when using Kerberos as the authentication method.
Forcing NTLM Authentication: Describes how to force Integrated Windows authentication to use NTLM instead of Kerberos.