Solved

Allow a web developer access to iis only

Posted on 2004-09-11
5
193 Views
Last Modified: 2010-05-18
I want to let a web programmer have access to iis on our web server and allow him to do so using terminal services.  How can I allow him access to iis only?  He develops dll files for the sites as well though I don't want to give him admin rights.

I've gotten the login part by switching terminal services to application mode but he can't access iis.

Is there a better way to do this all together?

Thanks in advance!
0
Comment
Question by:zenportafino
  • 2
  • 2
5 Comments
 
LVL 15

Expert Comment

by:Cyber-Dude
ID: 12037696
http://searchwin2000.techtarget.com/searchWin2000/downloads/MCSEWinServAiOch14.pdf

Great article for you. Its free and extremely valuable;

Cyber
0
 
LVL 1

Author Comment

by:zenportafino
ID: 12041229
Is that a site that requires a login?  I'm not getting that link to work.
0
 
LVL 1

Author Comment

by:zenportafino
ID: 12041272
OK I got the article.  It's good information on the basics of RRAS.  This user is in-house so a remote access set up is not necessary.  Sorry if I wasn't clear on that.  I want him to be able to open up remote desktop, point to the web server, login in locally to that web server, and then be able to open iis on it and place/replace dll files, configure all of the tabs in iis, create new virtual directories, all that good stuff.

I've got the logon locally issue part. I'm looking for a way to get him access to just iis. Can I modify the a built in role or set the acl on iis to grant him full control of the program (if possible)?

I don't want to use the administration site that is built in by default.

Thanks Cyber.
0
 
LVL 15

Accepted Solution

by:
Cyber-Dude earned 400 total points
ID: 12041772
OK, the basics you already have (according to the document); now all you have left with is to use one of the following remote control applications: You can use WinVNC (Server/Client),  Terminal services and forth...

I use WinVNC because it is free of charge and you can set a password to a remote desktop thus set a remote environment for the user where it can access resources you wish it would. After implementing the Server's side, its time to implement the client side. Remember, 1. you can set remote access policies as mentioned in the document I sent you... its all there; and 2. Set propper remote environment so that the remote user wont be able to do damage to your machine.

The link to WinVNC:
http://www.realvnc.com/winvnc.html

Cyber
0
 
LVL 1

Expert Comment

by:Ev-
ID: 12050778
If they only need to administer IIS do the following (this is close to what we do here);

Get them to install the IIS 6.0 Manager - these both are availbile from the MS website. http://tinyurl.com/q150.

Once that is done create a "tech" login that is a power user (?) of the server he wishes to admin. Get him to load the IIS6 Manger using "RunAs". You may be able to restrict the tech account to just IIS on the server, I have never looked closely into it.

This way you avoid him TSing onto the box, or even VNC'ing.

If he does need to be an admin to access IIS, at least he is doing it via a snap-in from his desktop, and not remotely controlling the server as one!

See how you go.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question