Limited interactive rights on Windows 2003 standalone server
Posted on 2010-04-08
I have a standalone server with local accounts setup for some staff to do the following:
- Access via Remote Desktop
- Create/Delete IIS sites
- Stop and start IIS
- Stop and Start certain services like the WWW and Adobe Coldfusion or JREE services.
- Copy code to and from the Inetpub folder structure.
At the moment all the users that need to be able to do the above are in the local Administrators group, but since we've run into issues with some cowboys installing WinZip and all kinds on servers, I need to tighten this quite heavily but not cripple what they need to be able to do. As long as they can't run any dodgy scripts, install applications, etc.
Any clear instructions? I've had a rummage around the web and trawled some forums, but haven't found anything that helps me really.