No apols, got confused slightly as I jumped straight in and was also applying filters.
The default of allow all, deny all, apply filter did make me think that actually OK drop the filters.
So I have two groups users and administrators and currently both are set to allow all.
Then something occurred to me that was strange and with myself jumping ahead.
At first I forgot to tick SSO and suddenly realised that I never got an authentication box before I ticked SSO.
I have just gone back and unticked SSO and yeah doesn't even revert to basic authentication never mind kerb.
So guess its time to roll out wireshark and have a look see.
Not sure what is happening with SSO ticked or unticked.
Its been a while since I was last playing with wire shark.
What I was expecting was first some kerb principles asking for the proxy
then ntlm doing the same if it failed
then basic authentication.
In the trace nada, nothing ... ??
Prob going to do what I did last time and have the proxy allow all with a medium filter.
In group polices set admins to not use the proxy with users with the proxy.