Is Integrated Windows Authentication just for computers in domains?

[AnnieMS]

Automatic updates downloaded KB970430 to my computer, which would install Extended Protection for Authentication. Per my reading that works with/requires Integrated Windows Authentication and that sounds like it's only used by computers in domains. My network consists of 2 computers linked thru a router - no servers, no domain controllers. Do I need this update?

[MrJinje]

Do I need this update?

http://support.microsoft.com/kb/970430

This article describes a non-security update which implements Extended Protection for Authentication in the HTTP Protocol Stack (http.sys).

It is a non-security update, so no you do not "need" it. This kind of thing can wait until they bundle up the next service pack.

[AnnieMS]

Thanks MrJinje,

What I'm trying to figure out is if this is even an appropriate update for a computer that is not and will never be in a network w/ a windows server or domain controller. From my reading it sounded like both Extended Protection for Authentication and Integrated Windows Authentication are only used by a computer in such a network and not something used when my computer communicates w/ servers when I'm browsing the internet or active in windows file sharing w/ no server.

There seem to be a lot of updates that MS provides thru automatic or windows updates that computers like mine don't need and even some that per the info MS provides when I follow the link shouldn't be installed on my computer. I'm just trying to get a handle on what windows services/components my computer actually uses for networking and security.

[cluberti]

You would only need this update if you were using kerberos tokens and authenticating to a web server that required kerberos authentication and the extended packet data required. If you do not log into sites that require this, you would not necessarily require this update, no.

[AnnieMS]

Thanks cluberti,

I would know if I was authenticating to a web server that required kerberos authentication, right? There would be a necessary setup that involves more than setting up an account w/ a password? From what little I know about kerberos, the authentication usually doesn't involve entering username + password.

So Extended Protection for Authentication & Integrated Windows Authentication are not just used in a network w/ servers running windows server OSs, but also when a computer running win2k or later connects to some type of webserver. From my reading, I haven't figured out if IWA is "transparently" active on my win2k and winxp computers or an inactive protocol that could be used if my computers became part of a domain. But Extended Protection for Authentication sounded like something that would only be used by computers in a domain or maybe a workgroup w/ servers.