Dear collegues!

I have a ASP.NET page authenticating via Integrated Security.
For some reason the behaviour on the client is differing depending
on the OS. I have some clients using WinXP and some using Win2K,
all of them having IE6 with the latest updates and all of them having
'User Authentication' set to 'Prompt for user name and password'
on purpose.

WinXP:
Login Prompt appears, user has to enter valid credentials, otherwise
an error occures. This is the desired and expected behaviour.

Win2K:
Empty Login Prompt appears (looks different then the WinXP
prompt). With invalid credentials the error is thrown, but when the
user leaves all fields blank he is being logged on with the current
windows credentials.

In some applications I have to force the user to enter valid
credentials, that is why I don't need the behavior under Win2K.
If I however change page security settings to Basic Authentication,
I get the expected behavior under Win2K as well. My problem
is that transfering the credentials in clear text is unacceptable and
I want to avoid using SSL since there are quite a few pages
involved.

What is the reason for this behavior and what is a workaround?

best regards

Sascha