How to Manage IIS7 Website Remotely


 


                                         


Step One:  Make sure Management Service has been installed on the IIS7 server


==================================================================


 



 WM1


To install the Management Service:


 



  1. Click Start, type Server Manager in the Search box, and press ENTER to open Server Manager.

  2. In the tree, under Roles, select Web Server (IIS).

  3. Click Add role services, and then select Management Service as shown in the image below.

  4. Click Next and follow the instructions to complete the installation.

 


 


Step Two:  Add IIS Manager User


==================================================================


 



 



 WM2


 



 


 WM3


 


WM4


To add an IIS Manager user:


 



  1. In IIS Manager, in the Connections pane, click the server node in the tree.

  2. On the server home page, double-click IIS Manager Users.

  3. On the IIS Manager Users page, in the Actions pane, click Add User.

  4. In the User name box, type a user name.

  5. In the Password box, type a password and then retype the password in the Confirm password box.

  6. Click OK.

 


 


 


Step Three:  Configure IIS Manager Permissions for a Website


==================================================================


 


To enable remote connections and allow connections from Windows users and IIS Manager users:


 



  1. In IIS Manager, in the Connections pane, click the server node in the tree.

  2. Double-click Management Service to open the Management Service feature page.

  3. Select the Enable remote connections check-box.

  4. Under Identity Credentials, select Windows credentials or IIS Manager credentials.

  5. In the Actions pane, click Apply to save the changes, and then click Start to start the Management Service.

 WM5



 


 


 


To permit a Windows user to connect to a site or an application:


 



  1. On the IIS Manager Permissions page, in the Actions pane, click Allow User.

  2. On the Allow User dialog box, select Windows and then click Select.

  3. On the Select User or Group dialog box, type a user name or search for a user account, and then click OK.

  4. Click OK to dismiss the Allow User dialog box.

 WM6


 


 



 


 WM7



 


 


Step Four:  Configure Delegation for Features in IIS Manager


==================================================================


 


Let’s take “Authentication – Windows” as an example. By default, configuration of IIS Authentication is Read Only:


 


 


 WM8



 


 


To enable the delegation for Authentication-Windows feature:


 



  1. On the IIS Custom Site Delegation page, in the Sites pane, Select “AndyWebsite”.

  2. Select Authentication-Windows.

  3. In the Actions pane, Click Read/Write..

 



 WM9


 


NOTE: This setting is written to ApplicationHost.config


 


<location path=”AndyWebsite” overrideMode=”Allow”>


        <system.webServer>


            <directoryBrowse />


            <handlers />


            <modules />


            <security>


                <requestFiltering>


                    <fileExtensions />


                    <requestLimits>


                        <headerLimits />


                    </requestLimits>


                    <verbs />


                    <hiddenSegments />


                    <alwaysAllowedUrls />


                    <alwaysAllowedQueryStrings />


                    <denyUrlSequences />


                    <denyQueryStringSequences />


                    <filteringRules />


                </requestFiltering>


                <authentication>


                    <windowsAuthentication>


                        <providers />


                        <extendedProtection />


                    </windowsAuthentication>


                </authentication>


            </security>


            <staticContent>


                <clientCache />


            </staticContent>


            <defaultDocument>


                <files />


            </defaultDocument>


            <httpProtocol>


                <customHeaders />


                <redirectHeaders />


            </httpProtocol>


            <caching>


                <profiles />


            </caching>


            <httpErrors />


            <httpRedirect />


            <urlCompression />


        </system.webServer>


    </location>


    <location path=”AndyWebsite” overrideMode=”Deny”>


        <system.webServer>


            <httpLogging />


            <isapiFilters />


            <security>


                <authentication>


                    <anonymousAuthentication />


                    <basicAuthentication />


                    <digestAuthentication />


                </authentication>


                <access />


            </security>


            <asp>


                <session />


                <comPlus />


                <cache />


                <limits />


            </asp>


            <cgi />


        </system.webServer>


</location>


 


 


Step Five:  Verifying Remote Administration on Windows XP client


==================================================================


 


1              Install IIS Manager for Remote Administration from http://www.iis.net/expand/IISManager on the Windows XP machine.


 


 


 


2              Connecting to AndyWebsite on the Windows XP client:


 


a.     Fill in the target IIS server name and the website name:



 


 WM10


 


b.    Fill in the Username and Password of the IIS Manager User:


 


WM11 



 


c.     Fill in the local Connection Name:



 


 WM12


d.    After clicking Finish, you might be asked to install the following assemblies:


 



 


 WM13


e.     Connecting to the target website successfully:


 



 


 


 WM14


 


 


 


 


 


 


 


 


f.     If Customer delegation Authentication-Windows is set as Read Only on the IIS server, this feature can not be changed:


 



 


 WM15


 


 


g.    If Customer delegation Authentication-Windows is set as Read/Write on the IIS server, this feature can be configured:


 


 



 WM16


 


NOTE: This setting is written to web.config of the AndyWebsite:


 


 


<?xml version=”1.0″ encoding=”UTF-8″?>


<configuration>


    <system.webServer>


        <security>


            <authentication>


                <windowsAuthentication enabled=”true” />


            </authentication>


        </security>


    </system.webServer>


</configuration>


 


 



 WM17


 


 


 


Further Information:  “Cannot write configuration file” error while administrating the website remotely


==================================================================


 


You might have the following error message while change the website configuration remotely:


 



 


    WM18


We can use Process Monitor (http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) on the IIS7 server to trace why the write action failed:


 


 WM19



 


As you see, it is due to the LOCAL SERVICE account does not have the write permission to the folder C:\inetpub\wwwroot\AndyWebsite\Web.config. After granting the WRITE permission for the LOCAL SERVICE account, the problem is gone:


 



 WM20


 


 


 



Regards,


 


YongKang Chen 


 

Comments (1)

  1. M says:

    is not possible start or stop application. Is possible ensure this functionality ?

Skip to main content