Creating IIS Manager Users
The
IIS Manager utility enables you to define which users can connect to
and administer Web sites and Web services. To configure these settings:
1. | Open IIS Manager, and select a server in the left pane.
|
2. | Click
IIS Manager Users in the Management section of the features view. By
default, the IIS installation will not contain any locally defined
users.
|
3. | To
create a new user, first click Open Feature in the Actions pane, and
then click the Add User command in the Actions pane. You will be
prompted to provide a username and to type and confirm a password. (See
Figure 4.)
These settings are defined locally in IIS, so it is not necessary to
use a fully qualified username that is compatible with your domain
design.
|
In
addition to configuring permission through IIS Manager users, you can
use group membership settings to determine which users can connect
remotely. Users who have permission to log on to the local computer and
to use IIS Manager will be able to do so from a remote computer.
Defining IIS Management Permissions
So
far, you have learned how to enable remote management and how to
specify which users can use IIS Manager to administer a Web server.
Next, you will need to decide which permissions remote administrators
will have after they connect. In some cases, you might want to enable a
remote administrator to have full administrative access to the Web
server. In other cases, you will want to restrict access to only
specific Web sites or Web applications. You can configure IIS Manager
Permissions at the Web site and application levels. However, you cannot
configure permissions directly at the server level. This helps ensure
that users are given permissions to modify the settings for only the
specific Web sites and Web applications to which they need access.
To
manage permissions, select a Web site or Web application, and then
click IIS Manager Permissions in the Management section of the Features
View. By default, new IIS Manager users are not given permissions to
connect to a specific Web site or Web application. To enable a new user
to connect at the selected level, first click Open Feature in the
Actions pane, and then click the Allow User command in the Actions
pane. You will be given the opportunity to specify a Windows user or an
IIS Manager user (if IIS Manager credentials are accepted), as shown in
Figure 5.
If you are using the Windows option, you can select an existing user or
group that is defined either in the domain (if the server is a member
of a domain) or locally.
When
users connect to IIS remotely, they will be able to access only those
Web sites and Web applications on which they have been allowed. By
default, permissions from higher-level objects are inherited
automatically by lower-level objects. You can also choose the Deny User
command in the Actions pane to prevent access explicitly to specific
levels.
To simplify
administration of many users, two commands are available when managing
permissions for a Web site. Show All Users will provide a list of all
the users available on the IIS installation. Show Only Site Users will
restrict the display to only users who have access to the site.