Solved

Necessary Permission to Edit IIS 6.0 Settings

Posted on 2009-04-14
5
660 Views
Last Modified: 2012-06-21
I'm trying to grant a user access to make changes to IIS 6.0 without making them an administrator on the machine. There are other services and software on the server that I do not want the user to be able to alter.

My initial plan was to set up the user to remotely edit IIS using the Management snap-in in mmc but I can't seem to find any information on what the minimum required permissions are to make changes to IIS. Does a user HAVE to be an administrator to make IIS changes?

Thanks,
TechSOS
0
Comment
Question by:TechSOS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 10

Expert Comment

by:harperse
ID: 24148298
TechSOS,

It really depends on what you are trying to avoid having them do.  Power Users and Server Operators can both administer IIS.  Depending on your group policy, you may need to add them to Remote Desktop Users to give them console access, if that is desired.  Otherwise, remote MMC will work with those rights.

Best of luck,
harperse
0
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 24154509
They need to be local administrators.
0
 

Author Comment

by:TechSOS
ID: 24167303
We have the system set to only allow admins to Remote Desktop. I don't want to make these new users admin because I don't want them to have Remote Desktop access.

Giving them Power User rights still gives me the "You have been denied access to this machine." message.

It does work if I make them administrators... but I'm trying to avoid that.

Are there any specific permissions I could put on say... the IIS executable or anything that might work?
0
 
LVL 51

Accepted Solution

by:
Ted Bouskill earned 500 total points
ID: 24171247
No.  This question has been asked many times on this site.  The answer is always, "They must be local administrators"  It's too protect the OS.  A badly configured web application is as dangerous as giving them full remote access.  If you don't trust them to use remote desktop then you shouldn't trust them to change IIS.
0

Featured Post

Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times. After you install the OS you will need to install the fol…
Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question