Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Necessary Permission to Edit IIS 6.0 Settings

Posted on 2009-04-14
5
Medium Priority
?
669 Views
Last Modified: 2012-06-21
I'm trying to grant a user access to make changes to IIS 6.0 without making them an administrator on the machine. There are other services and software on the server that I do not want the user to be able to alter.

My initial plan was to set up the user to remotely edit IIS using the Management snap-in in mmc but I can't seem to find any information on what the minimum required permissions are to make changes to IIS. Does a user HAVE to be an administrator to make IIS changes?

Thanks,
TechSOS
0
Comment
Question by:TechSOS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 10

Expert Comment

by:harperse
ID: 24148298
TechSOS,

It really depends on what you are trying to avoid having them do.  Power Users and Server Operators can both administer IIS.  Depending on your group policy, you may need to add them to Remote Desktop Users to give them console access, if that is desired.  Otherwise, remote MMC will work with those rights.

Best of luck,
harperse
0
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 24154509
They need to be local administrators.
0
 

Author Comment

by:TechSOS
ID: 24167303
We have the system set to only allow admins to Remote Desktop. I don't want to make these new users admin because I don't want them to have Remote Desktop access.

Giving them Power User rights still gives me the "You have been denied access to this machine." message.

It does work if I make them administrators... but I'm trying to avoid that.

Are there any specific permissions I could put on say... the IIS executable or anything that might work?
0
 
LVL 51

Accepted Solution

by:
Ted Bouskill earned 2000 total points
ID: 24171247
No.  This question has been asked many times on this site.  The answer is always, "They must be local administrators"  It's too protect the OS.  A badly configured web application is as dangerous as giving them full remote access.  If you don't trust them to use remote desktop then you shouldn't trust them to change IIS.
0

Featured Post

Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question