Follow the below steps to allow the user to manage IIS (Internet Information Services) without the local administrator rights:
1) First Login with the local administrator rights.
2) Than to Control Panel and then Add/Remove Programs and then Windows Components. Then, install IIS components.(with i386)
3) After installing IIS, you have to Download “IIS Resource Kit Tools” from the below given link
IIS Resource Kit Tools (http://www.microsoft.com/downloads/en/details.aspx?FamilyId=56FC92EE-A71A-4C73-B628-ADE629C89499&displaylang=en)
4) After Download "IIS Resource Kit Tool" , Install it.
5) Now you have to open file "Metabase Explorer” from the below given path
C:\Program Files\IIS Resources\Metabase Explorer
6) In “IIS Metabase Explorer” window, right click on the computer name and select the “Permissions” tab
7) Now Add the user to whom you want to provide IIS access and give permission as "Read".
8) Now right click on the "LM" node and click on permission
9)If any Security Warning dialog box appears, then just click on NO.
10) Now in Permission , add the user give him with "Read"
11)Than, expand “LM” node and then right click on “W3SVC” node and select Permissions.add the user and give him with "Full" Permissions
12) Now Expand "W3SVC"
13) Right Click on "Filters" and "Info" and select Permission and add the user with "Full" permissions
14) Now ext the Metabase Explorer.
15) You need to logoff now.
16) Now login with the user account to whom you have provided access rights and try to Manage IIS Manage Console.
It will work perfect
This way you can use IIS without providing the user's with Local System Administrator Rights.
Thanks
Raju Gunnal
Thank a lot Raju, i was looking this solution for many days as in my organization i have to allow users with full IIS rights without giving them local admin rights , your solution solved my problem.
ReplyDeletethanks a lot
Raju, I've tried this and I still can't get user that is not local admin to manage IIS (for example create website). The user can see nodes in IIS, but not the contents of them. I've checked permissions in Metabase Explorer 3 times. Am I missing something else?
ReplyDeleteHI,
ReplyDeleteCan you try by giving the full rights instead of "Read" at steps no. 10 and check once
10) Now in Permission , add the user give him with "Full"
any solution you have
Deletedoes this solution also work with IIS7.5 in windows server 2008 R2?
ReplyDeleteDoes this solution also work with IIS7.5 in windows server 2008 R2?
ReplyDeleteI have tried this as well. Created a local test user @ windows server 2003 IIS 6.0 system, made it member of the 'users' group and 'remote desktop users'. Gave it all the full control permissions on every possible key in the metabase as well as full control permissions on the 2 metabase files. It does not work I get access denied when finishing the create website wizard and unexpected error 0x800c800 when trying to create application in home directory tab. I stopped further testing.
ReplyDeleteFor local accounts try "builtin\accountname"
ReplyDeleteHello,
ReplyDeleteI have managed to get this to work to start and stop web sites. However, the user receives error 'Warning: You have been denied access to this machine' but he is now able to start and stop web sites!
How do we get rid of this error?
Thanks, Michael.
Hi Raju, Excellent post...it was very useful..Can you help us to implement the same restrictions for windows 7. The above solution only works for Windows XP.
ReplyDeleteThanks in Advance.
Can we do this script to save our time to configure machine to machine.
ReplyDeleteThe step 6 is not clear , what do you mean by right click on the computer name ?
ReplyDeletefor windows 7 &8????
ReplyDeleteDoes it work with windows 10 also ??
ReplyDeleteI do same step but when we logon in to server and open IIS noting Site and Application is showing
ReplyDelete