How to Manage IIS7 Website Remotely
Step One: Make sure Management Service has been installed on the IIS7 server
==================================================================
To install the Management Service:
- Click Start, type Server Manager in the Search box, and press ENTER to open Server Manager.
- In the tree, under Roles, select Web Server (IIS).
- Click Add role services, and then select Management Service as shown in the image below.
- Click Next and follow the instructions to complete the installation.
Step Two: Add IIS Manager User
==================================================================
To add an IIS Manager user:
- In IIS Manager, in the Connections pane, click the server node in the tree.
- On the server home page, double-click IIS Manager Users.
- On the IIS Manager Users page, in the Actions pane, click Add User.
- In the User name box, type a user name.
- In the Password box, type a password and then retype the password in the Confirm password box.
- Click OK.
Step Three: Configure IIS Manager Permissions for a Website
==================================================================
To enable remote connections and allow connections from Windows users and IIS Manager users:
- In IIS Manager, in the Connections pane, click the server node in the tree.
- Double-click Management Service to open the Management Service feature page.
- Select the Enable remote connections check-box.
- Under Identity Credentials, select Windows credentials or IIS Manager credentials.
- In the Actions pane, click Apply to save the changes, and then click Start to start the Management Service.
To permit a Windows user to connect to a site or an application:
- On the IIS Manager Permissions page, in the Actions pane, click Allow User.
- On the Allow User dialog box, select Windows and then click Select.
- On the Select User or Group dialog box, type a user name or search for a user account, and then click OK.
- Click OK to dismiss the Allow User dialog box.
Step Four: Configure Delegation for Features in IIS Manager
==================================================================
Let’s take “Authentication - Windows” as an example. By default, configuration of IIS Authentication is Read Only:
To enable the delegation for Authentication-Windows feature:
- On the IIS Custom Site Delegation page, in the Sites pane, Select “AndyWebsite”.
- Select Authentication-Windows.
- In the Actions pane, Click Read/Write..
NOTE: This setting is written to ApplicationHost.config
<location path="AndyWebsite" overrideMode="Allow">
<system.webServer>
<directoryBrowse />
<handlers />
<modules />
<security>
<requestFiltering>
<fileExtensions />
<requestLimits>
<headerLimits />
</requestLimits>
<verbs />
<hiddenSegments />
<alwaysAllowedUrls />
<alwaysAllowedQueryStrings />
<denyUrlSequences />
<denyQueryStringSequences />
<filteringRules />
</requestFiltering>
<authentication>
<windowsAuthentication>
<providers />
<extendedProtection />
</windowsAuthentication>
</authentication>
</security>
<staticContent>
<clientCache />
</staticContent>
<defaultDocument>
<files />
</defaultDocument>
<httpProtocol>
<customHeaders />
<redirectHeaders />
</httpProtocol>
<caching>
<profiles />
</caching>
<httpErrors />
<httpRedirect />
<urlCompression />
</system.webServer>
</location>
<location path="AndyWebsite" overrideMode="Deny">
<system.webServer>
<httpLogging />
<isapiFilters />
<security>
<authentication>
<anonymousAuthentication />
<basicAuthentication />
<digestAuthentication />
</authentication>
<access />
</security>
<asp>
<session />
<comPlus />
<cache />
<limits />
</asp>
<cgi />
</system.webServer>
</location>
Step Five: Verifying Remote Administration on Windows XP client
==================================================================
1 Install IIS Manager for Remote Administration from https://www.iis.net/expand/IISManager on the Windows XP machine.
2 Connecting to AndyWebsite on the Windows XP client:
a. Fill in the target IIS server name and the website name:
b. Fill in the Username and Password of the IIS Manager User:
c. Fill in the local Connection Name:
d. After clicking Finish, you might be asked to install the following assemblies:
e. Connecting to the target website successfully:
f. If Customer delegation Authentication-Windows is set as Read Only on the IIS server, this feature can not be changed:
g. If Customer delegation Authentication-Windows is set as Read/Write on the IIS server, this feature can be configured:
NOTE: This setting is written to web.config of the AndyWebsite:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</configuration>
Further Information: “Cannot write configuration file” error while administrating the website remotely
==================================================================
You might have the following error message while change the website configuration remotely:
We can use Process Monitor (https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) on the IIS7 server to trace why the write action failed:
As you see, it is due to the LOCAL SERVICE account does not have the write permission to the folder C:\inetpub\wwwroot\AndyWebsite\Web.config. After granting the WRITE permission for the LOCAL SERVICE account, the problem is gone:
Regards,
YongKang Chen