The minimum right to be granted at user to manage IIS

2 Nov 2006 5:24 PM

Nospam

Hello,

I've a question about managing IIS in Windows 2003 server. I have create a
user profile to let log on locally at the server with a very low rights.
Actuallly the user belongs to Backup Operators group in order to fully
manage the backup; I also have delegated him to manage some OU in Active
Directory and view Exchange server (Exchange View Only Administrator).
Now the problem: he needs to manage IIS through the IIS Manager, but
launching the manager he got Access is denied when connecting the local
server.

I'm searching the minimum rights to be assigned him

Thanks

Sergio

2 Nov 2006 9:31 PM

David Wang

It depends on what you mean by "manage IIS". Managing an IIS website
can be non-admin. Managing Applications/ApplicationPools/Security
settings will require elevated privileges.

Out of the box, configuring IIS settings requires local System
Administrator.

It is possible to run 3rd party control panels which impersonate a
System Administrator to allow low privileged users to change IIS
configuration.

This changes in IIS7, where a system administrator can delegate to a
low privilege user ability to manage a website.

http://blogs.msdn.com/david.wang/archive/2006/05/09/Thoughts-on-Delegating-IIS-Configuration-and-Administration.aspx

//David
http://w3-4u.blogspot.com
//

Nospam wrote:
Show quoteHide quote

> Hello,
>
> I've a question about managing IIS in Windows 2003 server. I have create a
> user profile to let log on locally at the server with a very low rights.
> Actuallly the user belongs to Backup Operators group in order to fully
> manage the backup; I also have delegated him to manage some OU in Active
> Directory and view Exchange server (Exchange View Only Administrator).
> Now the problem: he needs to manage IIS through the IIS Manager, but
> launching the manager he got Access is denied when connecting the local
> server.
>
> I'm searching the minimum rights to be assigned him
>
> Thanks
>
> Sergio