Solved

Allow a web developer access to iis only

Posted on 2004-09-11
5
196 Views
Last Modified: 2010-05-18
I want to let a web programmer have access to iis on our web server and allow him to do so using terminal services.  How can I allow him access to iis only?  He develops dll files for the sites as well though I don't want to give him admin rights.

I've gotten the login part by switching terminal services to application mode but he can't access iis.

Is there a better way to do this all together?

Thanks in advance!
0
Comment
Question by:zenportafino
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 15

Expert Comment

by:Cyber-Dude
ID: 12037696
http://searchwin2000.techtarget.com/searchWin2000/downloads/MCSEWinServAiOch14.pdf

Great article for you. Its free and extremely valuable;

Cyber
0
 
LVL 1

Author Comment

by:zenportafino
ID: 12041229
Is that a site that requires a login?  I'm not getting that link to work.
0
 
LVL 1

Author Comment

by:zenportafino
ID: 12041272
OK I got the article.  It's good information on the basics of RRAS.  This user is in-house so a remote access set up is not necessary.  Sorry if I wasn't clear on that.  I want him to be able to open up remote desktop, point to the web server, login in locally to that web server, and then be able to open iis on it and place/replace dll files, configure all of the tabs in iis, create new virtual directories, all that good stuff.

I've got the logon locally issue part. I'm looking for a way to get him access to just iis. Can I modify the a built in role or set the acl on iis to grant him full control of the program (if possible)?

I don't want to use the administration site that is built in by default.

Thanks Cyber.
0
 
LVL 15

Accepted Solution

by:
Cyber-Dude earned 400 total points
ID: 12041772
OK, the basics you already have (according to the document); now all you have left with is to use one of the following remote control applications: You can use WinVNC (Server/Client),  Terminal services and forth...

I use WinVNC because it is free of charge and you can set a password to a remote desktop thus set a remote environment for the user where it can access resources you wish it would. After implementing the Server's side, its time to implement the client side. Remember, 1. you can set remote access policies as mentioned in the document I sent you... its all there; and 2. Set propper remote environment so that the remote user wont be able to do damage to your machine.

The link to WinVNC:
http://www.realvnc.com/winvnc.html

Cyber
0
 
LVL 1

Expert Comment

by:Ev-
ID: 12050778
If they only need to administer IIS do the following (this is close to what we do here);

Get them to install the IIS 6.0 Manager - these both are availbile from the MS website. http://tinyurl.com/q150.

Once that is done create a "tech" login that is a power user (?) of the server he wishes to admin. Get him to load the IIS6 Manger using "RunAs". You may be able to restrict the tech account to just IIS on the server, I have never looked closely into it.

This way you avoid him TSing onto the box, or even VNC'ing.

If he does need to be an admin to access IIS, at least he is doing it via a snap-in from his desktop, and not remotely controlling the server as one!

See how you go.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month7 days, 2 hours left to enroll

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question