This has previously been discussed in the thread: http://world.episerver.com/Modules/Forum/Pages/Thread.aspx?id=54009

However, the problem is on-going for us and would like to bring the issue up again to see if others have experienced it; and whether there is a known solution.

We have [mostly] successfully upgraded 7 sites from CMS6 to CMS6R2. The exception is with our intranet site where some editor functions through TinyMCE are crippled. These include but may not be limited to:

Insert/edit link (the full page browsing version - with the globe included with the link icon)
Dynamic content
File browser buttons from the insert image icon

The clear difference between our intranet site and the other sites is that the intranet uses windows authentication while all the others use sqlserver

A comment in the previous post appears to be related to the authentication model. The suggested fix:

Could try this, which partner sent in for a similar problem (windows auth) adding
<authorization>
<deny users="?" />
</authorization>

in <location path="util"> [of web.config]

Applying this fix progresses the problem a little. While the missing functionality/buttons appear when edit mode is reached, initial browsing to the front-end site presents an authentication modal to the user. I am confused as to what is happening as <deny users="?" /> is supposed to deny anonymous users - but all our users are already authenticated via windows authentication model.

Any suggestions and clarification of the TinyMCE invocations would be appreciated.