Three Steps :
- Activate WeDav (under the IIS feature) on all frontend servers.
- Activate the Web Client on the client machine that needs the access to the SharePoint document library.
- Resolve the request to login and bypass the prompt window for authentication on the client/batch server.
step 1:
- Open server manager
- Select the features option on the left navigation
- Select add Features on the right rail.
- select the wedav under the IIS tab
Step 2:
- Open server manager
- Select the features option on the left navigation
- Select add Features on the right rail.
- Check the Desktop Experience feature under User Interfaces and Infrastructure.
- You will be prompted to restart ( outage is sometime required and should be take into account on production environments).
- Make sure the WebClient service started or start it manually.
- Testing from a client : Use network mapping to map a path to SharePoint Document library folder from your client make sure you have the right permission to access the library, if you are planning to use the mapping for a process make sure the process is running with an account that have access to the document library.
Duration : 20 min
Outage is required
UAT with test case (step 7 ) is required
Notes :
- You can’t change the security on the mapped path and share it.
- Make sure the service account you use have permission to the target SharePoint document library.
- When mapping the path use the account of the schedule agent, if you plan to run a scheduled process.
Access document library using UNC path with SSL
Make sure WebDAV is enabled under IIS features on the front end servers.
Make sure the web client is enabled on the client server ( the one you want to map the drive to SharePoint)
use the following format: \\sitedomain.com@ssl\subsite\
Step 3
when you try to use the UNC format and being prompted for password it could be because the domain is not a local intranet site, for example :
http://intranet/subsite or UNC \\intranet\subsite will be considered by the webclient as and intrernal website that does not need to be prompted for authentication.
while
http://mycompany.com/subsite or UNC \\mycompany.com\subsite will be considered by the webclient as external or unsafe zone which will trigger the prompt for credentials.
to resolve this known issue follow these steps :
- Click Start, type regedit, and then press Enter.
- Locate and then select the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
- On the Edit menu, point to New, and then click Multi-String Value.
- Type AuthForwardServerList, and then press Enter.
- On the Edit menu, click Modify.
- In the Value data box, type the URL of the server that hosts the web share, and then click OK.Note You can also type a list of URLs in the Value data box. For more information, see the “Sample URL list” section in this article.
- Exit Registry Editor.
Notes
- If you have added the AuthForwardServerList registry entry, be aware that if Basic authentication or Digest authentication is implemented in the network, using the registry entry cannot prevent the prompt for credentials. This behavior is by design for Basic authentication and Digest authentication.
- You must restart the WebClient service after you modify the registry.
Sample URL list
In the Value data box for the new entry, you can enter a list of URLs, such as the following example:
https://*.Contoso.com http://*.dns.live.com *.microsoft.com
*** Update – very important! if the web client stop working automatically you will need to check the server group policies in some cases you will need to move the server to AD OU that will support Web Client which in some organization may be flagged as a potential security risk.
Reference :
Prompt for credentials when you access WebDav-based FQDN sites in Windows
https://support.microsoft.com/en-US/help/943280/prompt-for-credentials-when-you-access-webdav-based-fqdn-sites-in-wind