5. Administering IIS 8 Administrator and User Security
Administrative permissions for IIS 8
servers, websites, directory, applications and pages can be granted to
Active Directory and to local Windows users. In addition, IIS specific
accounts can be added and used for administration purposes. The use of
Active Directory accounts is usually recommended as it is easier to
manage and scales well when more than one or two IIS servers are used.
Account and security management within IIS 8 requires installation of
the Management Service role service.
6. Creating an IIS 8 User Account
In some situations, you might need to provide
management capabilities and not want to use an Active Directory or
Windows account. Examples of this scenario are often related to vendor
support of an application. In this case, an IIS 8 user account is used.
This IIS-only, non-Windows user can then be delegated permissions to
manage components of the IIS infrastructure.
Follow these steps to enable support for IIS user accounts:
1. In IIS Manager, navigate to the Connections pane and select the IIS server.
2. Open the Management Service feature, which is located in the Central Details pane.
3. In the Identity Credentials section, select Windows Credentials or IIS Manager credentials.
4. Click Apply in the Action pane.
Follow these steps to create an IIS 8 user account:
1. In IIS Manager, navigate to the Connections pane and select the IIS server.
2. Open the IIS Manager Users feature, which is located in the Central Details pane.
3. On the IIS Manager Users feature page, click the Add User task, which is located in the Actions pane.
4. In the Add User dialog box, enter the new user account name and password, and then click OK.
For ongoing user account management,
after the user account is created, use the additional tasks on the
Actions pane to change the password, disable, or remove the account.
7. Assigning Permissions to an IIS 8 User Account
The next step in the user-creation process is
to assign the appropriate permissions to the newly created user
account. This process allows the user to configure delegated features
for a specific website or application. Follow these steps to authorize
a user account to connect to a site or an application:
1. In IIS Manager, navigate to the Connections pane, expand the IIS server, and then expand the Sites node.
2. Specify the site to
which the user account will be granted authorization, and then open the
IIS Manager Permissions feature, which is located in the Central
Details pane.
3. On the IIS Manager Permissions feature page, click the Allow User task, which is located in the Actions pane.
4. In the Allow User
dialog box, first select the IIS Manager option, then enter the account
that was created in the previous steps, and then click OK.
Note
If the IIS Manager option is not available in
the Allow User dialog box, the Management Service is not set to accept
connections from IIS users. To do so, use the Management Service page
to enable remote connections as outlined previously.