Automatic logon from IE using FQDN

[NetEng1]

We have a Silverlight based internal website (IIS7.5) that uses Report Services from SQL Server 2008 R2. Clients are using IE8. We are using SSL/HTTPs to connect the clients to the website and the Report Server. Both services are running on a single Windows 2008 server using windows integrated authentication. The certificate for SSL is a self-signed one produced by IIS and the Report server uses the same one. We imported the certificate in IE8 to the "Trusted Root Certification Authorities" to eliminate the certificate error page. The certificate requires the Fully Qualified Domain Name ie. server.domain.com, so when using the FQDN, we no longer get the error page. However, Internet Explorer seems to take any address with a dot in it as an external address and requires the clients to reauthenticate when connecting to the report server. (not sure why) If I use just the server name and not the FDQN, then it does not require the client to reauthenticate, but you get the certificate error message.
I have found one way to get around this, which is to go into IE's option --> Internet Options --> Security ---> Trusted Zone ---> Custom Level ---> User Authentication and select "Automatic logon with current user name and password". This seemed to fix my problem. However, I am concerned that the security guys will not like it as this is a zone wide configuration. Is there another way to do this that would only apply to the report server connections and not all servers listed in the trusted site list?

Continue reading...