Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Greg.

« Windows Server 2008: What's New / What's Changed Part #10 of 12: Chapter 9 - Security & the Windows Firewall with Advanced Security | Main | Windows Server 2008: What's New / What's Changed Part #12 of 12: Chapter 11 - Other MN&C Features (you might not know about) »

Windows Server 2008: What's New / What's Changed Part #11 of 12: Chapter 10 - IIS 7.0

This snippet from Chapter 10 of my new book Windows Server 2008: What's New / What's Changed is brought to you by SAPIEN Press. Get your copy at http://www.sapienpress.com/Windows_Server_08.asp.

Security & Delegation
When looking at the IIS console you'll notice that credentials for remote management can be based either on Windows credentials or something called IIS Manager Credentials. The addition of a separate credential base is what allows for the delegation of responsibility to non-administrators for the administration of their web sites. Let's take a look at how to set up IIS Manager Credentials.

To create an IIS Manager user, first click on the server name in the Connections box. There in Features View you'll see the list of manageable features. Double-click on IIS Manager Users, then right-click in the next box to create a new IIS Manager User. The users created here pair with two other elements in the Feature list for their permissions. Once you've created your user, navigate to an individual site and double-click the IIS Manager Permissions feature. There, you can add the newly created IIS Manager user to the list of individuals that are allowed to administrate the site.

More after the fold...

Doing this provides an all-on/all-off mechanism for enabling permissions for non-administrative users on a per-site basis. But, what if you want to narrow down the set of permissions even further? For example, what if you want to provide them the ability to manage their site, but you don't want them modifying Directory Browsing capabilities (as this can be a security risk for some sites)?

This is done by delegating specific feature configuration capabilities. Navigate back to the server level and double-click Feature Delegation. Here, we can grant or deny access to individual features for individuals labeled as administrators. Doing so from this screen changes the configuration for the entire web server. If you want to change the configuration for individual web sites, click the Custom web site delegation and select a web site to change.

(Want to read all the posts in this series? Click here.)

Tags:                                                            
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Greg Shields on May 16, 2008 12:30 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-windowsserver.com/type/mt-tb.cgi/443

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Greg Shields' Bio:

Greg Shields, is an independent author, instructor, and IT consultant based in Denver, Colorado, and a co-founder of Concentrated Technology. With nearly 15 years of experience in information technology, Greg has developed extensive experience in systems administration, engineering, and architecture specializing in Microsoft systems management, remote application, and virtualization technologies. Greg is a Contributing Editor for Redmond Magazine, MCPmag.com, and Virtualization Review Magazine and is the author of five books, including Windows Server 2008:  What’s New / What’s Changed. Greg is also a highly sought-after instructor and speaker, speaking regularly at conferences like TechMentor Events, and producing computer-based training curriculum for CBT Nuggets.  Greg is a recipient of Microsoft "Most Valuable Professional" award with a specialization in Windows Terminal Services.