|
Home > Archive > IIS Server Security > February 2004 > Giving developer rights to access IIS 5.0
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Giving developer rights to access IIS 5.0
|
|
|
| We have a junior program developer who is creating .net web applications, we have IIS installed on his XP for him to test the applications. Currently he is set as power user/debug user/VS developer. We do not want to set him as local administrator, but i
t seems like that is only way he could access IIS from MMC. I might of missed a KB article or some of the threads on this forum regards to this issue. If you have any suggestions or solutions would be deeply appreciated. Thank you.
| |
| Tom Kaminski [MVP] 2004-02-26, 9:34 am |
| "rlim" <anonymous@discussions.microsoft.com> wrote in message
news:4471AF99-1BDB-40B2-8C70-D7C21B2BF4A7@microsoft.com...
> We have a junior program developer who is creating .net web applications,
we have IIS installed on his XP for him to test the applications. Currently
he is set as power user/debug user/VS developer. We do not want to set him
as local administrator, but it seems like that is only way he could access
IIS from MMC. I might of missed a KB article or some of the threads on this
forum regards to this issue. If you have any suggestions or solutions would
be deeply appreciated. Thank you.
A user needs to be in the local Administrators group in order to access IIS.
--
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsser...ty/centers/iis/
| |
| Jeff Cochran 2004-02-26, 10:34 am |
| On Wed, 25 Feb 2004 13:36:09 -0800, "rlim"
<anonymous@discussions.microsoft.com> wrote:
>We have a junior program developer who is creating .net web applications, we have IIS installed on his XP for him to test the applications. Currently he is set as power user/debug user/VS developer. We do not want to set him as local administrator, but
it seems like that is only way he could access IIS from MMC.
That's correct.
Jeff
| |
| John Alderson 2004-02-26, 11:34 am |
| "rlim" <anonymous@discussions.microsoft.com> wrote in message
news:4471AF99-1BDB-40B2-8C70-D7C21B2BF4A7@microsoft.com...
> We have a junior program developer who is creating .net web applications,
we have IIS installed on his XP for him to test the applications. Currently
he is set as power user/debug user/VS developer. We do not want to set him
as local administrator, but it seems like that is only way he could access
IIS from MMC. I might of missed a KB article or some of the threads on this
forum regards to this issue. If you have any suggestions or solutions would
be deeply appreciated. Thank you.
-------------------------
rlim,
The documented answer to this from Microsoft is "you must be an
Administrator". However, like you and many others, I have had a strong
desire to maintain some semblance of operational sanity with IIS servers.
To satisfy that need, I've put together a set of configurations that you can
use to grant limited IIS Administrator privileges without making these folks
full-fledged Administrators of the Operating System.
See my website at http://www.johnalderson.com - choose "IIS" from the left
hand menu then choose "IIS Operators".
Or, use this link for a non-framed direct link =>
http://www.johnalderson.com/IIS/iisoperators.htm
This technique will allow folks to add and modify virtual directories and
even websites, depending on what metabase level you make ACL changes. I
have used this method in production environments with success. That said,
the methods are certainly not perfect but I welcome feedback and/or
scenarios to research.
John Alderson
| |
| Bernard 2004-02-27, 2:34 am |
| Yes, you can play around with MetaACLs to grant related access permissions.
--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"John Alderson" <jalderson.nodata@adelphia.net> wrote in message
news:#bT7BII$DHA.268@TK2MSFTNGP10.phx.gbl...
> "rlim" <anonymous@discussions.microsoft.com> wrote in message
> news:4471AF99-1BDB-40B2-8C70-D7C21B2BF4A7@microsoft.com...
applications,[color=darkred]
> we have IIS installed on his XP for him to test the applications.
Currently
> he is set as power user/debug user/VS developer. We do not want to set
him
> as local administrator, but it seems like that is only way he could access
> IIS from MMC. I might of missed a KB article or some of the threads on
this
> forum regards to this issue. If you have any suggestions or solutions
would
> be deeply appreciated. Thank you.
> -------------------------
> rlim,
>
> The documented answer to this from Microsoft is "you must be an
> Administrator". However, like you and many others, I have had a strong
> desire to maintain some semblance of operational sanity with IIS servers.
> To satisfy that need, I've put together a set of configurations that you
can
> use to grant limited IIS Administrator privileges without making these
folks
> full-fledged Administrators of the Operating System.
>
> See my website at http://www.johnalderson.com - choose "IIS" from the left
> hand menu then choose "IIS Operators".
>
> Or, use this link for a non-framed direct link =>
> http://www.johnalderson.com/IIS/iisoperators.htm
>
> This technique will allow folks to add and modify virtual directories and
> even websites, depending on what metabase level you make ACL changes. I
> have used this method in production environments with success. That said,
> the methods are certainly not perfect but I welcome feedback and/or
> scenarios to research.
>
> John Alderson
>
|
|
|
|
|