How to Manage IIS7 Website Remotely



Step One:  Make sure Management Service has been installed on the IIS7 server




To install the Management Service:


  1. Click Start, type Server Manager in the Search box, and press ENTER to open Server Manager.

  2. In the tree, under Roles, select Web Server (IIS).

  3. Click Add role services, and then select Management Service as shown in the image below.

  4. Click Next and follow the instructions to complete the installation.



Step Two:  Add IIS Manager User










To add an IIS Manager user:


  1. In IIS Manager, in the Connections pane, click the server node in the tree.

  2. On the server home page, double-click IIS Manager Users.

  3. On the IIS Manager Users page, in the Actions pane, click Add User.

  4. In the User name box, type a user name.

  5. In the Password box, type a password and then retype the password in the Confirm password box.

  6. Click OK.




Step Three:  Configure IIS Manager Permissions for a Website



To enable remote connections and allow connections from Windows users and IIS Manager users:


  1. In IIS Manager, in the Connections pane, click the server node in the tree.

  2. Double-click Management Service to open the Management Service feature page.

  3. Select the Enable remote connections check-box.

  4. Under Identity Credentials, select Windows credentials or IIS Manager credentials.

  5. In the Actions pane, click Apply to save the changes, and then click Start to start the Management Service.





To permit a Windows user to connect to a site or an application:


  1. On the IIS Manager Permissions page, in the Actions pane, click Allow User.

  2. On the Allow User dialog box, select Windows and then click Select.

  3. On the Select User or Group dialog box, type a user name or search for a user account, and then click OK.

  4. Click OK to dismiss the Allow User dialog box.








Step Four:  Configure Delegation for Features in IIS Manager



Let’s take “Authentication - Windows” as an example. By default, configuration of IIS Authentication is Read Only:






To enable the delegation for Authentication-Windows feature:


  1. On the IIS Custom Site Delegation page, in the Sites pane, Select “AndyWebsite”.

  2. Select Authentication-Windows.

  3. In the Actions pane, Click Read/Write..




NOTE: This setting is written to ApplicationHost.config


<location path="AndyWebsite" overrideMode="Allow">


            <directoryBrowse />

            <handlers />

            <modules />



                    <fileExtensions />


                        <headerLimits />


                    <verbs />

                    <hiddenSegments />

                    <alwaysAllowedUrls />

                    <alwaysAllowedQueryStrings />

                    <denyUrlSequences />

                    <denyQueryStringSequences />

                    <filteringRules />




                        <providers />

                        <extendedProtection />





                <clientCache />



                <files />



                <customHeaders />

                <redirectHeaders />



                <profiles />


            <httpErrors />

            <httpRedirect />

            <urlCompression />



    <location path="AndyWebsite" overrideMode="Deny">


            <httpLogging />

            <isapiFilters />



                    <anonymousAuthentication />

                    <basicAuthentication />

                    <digestAuthentication />


                <access />



                <session />

                <comPlus />

                <cache />

                <limits />


            <cgi />





Step Five:  Verifying Remote Administration on Windows XP client



1              Install IIS Manager for Remote Administration from on the Windows XP machine.




2              Connecting to AndyWebsite on the Windows XP client:


a.     Fill in the target IIS server name and the website name:




b.    Fill in the Username and Password of the IIS Manager User:




c.     Fill in the local Connection Name:



d.    After clicking Finish, you might be asked to install the following assemblies:




e.     Connecting to the target website successfully:













f.     If Customer delegation Authentication-Windows is set as Read Only on the IIS server, this feature can not be changed:






g.    If Customer delegation Authentication-Windows is set as Read/Write on the IIS server, this feature can be configured:





NOTE: This setting is written to web.config of the AndyWebsite:



<?xml version="1.0" encoding="UTF-8"?>





                <windowsAuthentication enabled="true" />











Further Information:  “Cannot write configuration file” error while administrating the website remotely



You might have the following error message while change the website configuration remotely:




We can use Process Monitor ( on the IIS7 server to trace why the write action failed:




As you see, it is due to the LOCAL SERVICE account does not have the write permission to the folder C:\inetpub\wwwroot\AndyWebsite\Web.config. After granting the WRITE permission for the LOCAL SERVICE account, the problem is gone:








YongKang Chen 


Comments (1)

  1. M says:

    is not possible start or stop application. Is possible ensure this functionality ?

Skip to main content