You may be unexpectedly prompted to log on when you open an HTML e-mail message in Outlook or in Outlook Express (834282)


The information in this article applies to:

  • Microsoft Internet Explorer 6.0
  • Microsoft Internet Explorer 5.5
  • Microsoft Internet Explorer 5.01
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SYMPTOMS

When you open an HTML-formatted e-mail message in Microsoft Outlook or in Microsoft Outlook Express, you may be unexpectedly prompted with a logon dialog box.

CAUSE

This behavior occurs in the following scenario:
  1. You have installed on your computer the update that is described in the following Microsoft Knowledge Base article:

    832894 MS04-004: Cumulative security update for Internet Explorer

  2. You connect to the Internet through a proxy server, and you are using Integrated Windows authentication.
  3. You open an HTML-formatted e-mail message that links to a URL that contains a user name and a password. For example, the URL uses a syntax that is similar to the following:

    http://UserName:Password@http://ServerName/FileName.ext

This behavior occurs because Outlook and Outlook Express try to authenticate the links by using the user name and the password that are in the link. The link is typically a URL to an image file that is located on a remote computer. Typically, the user name and the password that Outlook and Outlook Express send to the proxy server will not be validated. Instead, a logon dialog box is displayed.
For additional information about this behavior, click the following article number to view the article in the Microsoft Knowledge Base:

834489 A security update is available that modifies the default behavior of Internet Explorer for handling user information in HTTP and in HTTPS URLs

WORKAROUND

To work around this behavior for Outlook Express, add msimn.exe as a DWORD value in the FEATURE_HTTP_USERNAME_PASSWORD_DISABLE subkey. Set this DWORD value to 1. For Outlook, add outlook.exe as a DWORD value instead of msimn.exe. To do this, follow these steps.

Note This workaround assumes that you have installed the MS04-004 Cumulative security update for Internet Explorer (832894) on your computer.Warning If you use Registry Editor incorrectly, you may cause serious problems that may require that you reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate the following subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE

  3. Right-click FEATURE_HTTP_USERNAME_PASSWORD_DISABLE, point to New, and then click the DWORD value.
  4. Type msimn.exe if you use Outlook Express, or type outlook.exe if you use Outlook. Press ENTER.
  5. Right-click msimn.exe, and then click Modify.
  6. Type 1, and then click OK.
  7. Quit Registry Editor.
Modification Type:MinorLast Reviewed:9/14/2006
Keywords:kbtshoot kbprb KB834282 kbAudITPRO kbAudEndUser
©2004 Microsoft Corporation. All rights reserved.