One of the many great features of IIS 8 is Remote Administration. It is not enabled by default but once configured this feature will allow you to maintain your web site using the IIS Manager gui without having to login to the server.  IIS Remote Administration is also available with Windows Server 2008 and IIS 7.

Install the Management Service

Windows Server 2012 and IIS 8 provides two methods to install the management service. The first method is to use Server Manager and and click on the Add Roles and Features Wizard.

Server Manager Dashboard

After opening the Add Roles and Features Wizard, scroll down to the Web Server (IIS) role and then expand the tree for Management Tools. Click on Management Service and then click Next to finish the wizard.

Add Roles and Features Wizard

The installation will take a few moments to complete. Once it has finished the Server Manager will display Management Service under the IIS Roles and Features.

IIS Roles and Features

The 2nd method for installing the management service is to use the Web Platform Installer (WPI).  You can launch the WPI from within the IIS Manager by clicking on Get New Web Platform Components.

Internet Information Services Manager

After the Web Platform Installer opens up, filter the list of products by using the keyword IIS and sorting the Name column. Scroll through the the list and find IIS Management Service. Click the Add button and then then complete the wizard.  There will be a momentary wait while  the WPI wizard completes the installation.  You will see a confirmation page once it completes. If you go to the Server Manager as shown above you can also confirm that it has been successfully installed.

Web Platform Installer 4.5

 

 

Configuring the IIS 8 Management Service

Once you have successfully installed the remote management service on the server, it first needs to be enabled, and then user permissions need to be assigned. Using IIS Manager, click on the server name, then, as shown in the picture below,  scroll down to the Management group. This  is where you can manage Feature Delegation, IIS Manager Users,  IIS Manager Permissions, and maintain the Management Service settings. Click on the Management Service icon to enable the service and configure the remote administration settings.

Remote Administration Settings

Click the checkbox next to Enable remote connections to enable the service.  Next select  whether or not you want to allow users to access the server using Windows credentials only or allow users with Windows credentials and IIS Manager credentials. Select the IP address you will be using for the service and the default port 8172.  A default SSL certificate is available to be used for security or you can add your own personal certificate. To provide even greater security you can enable IP address restrictions.  Be sure to click Start after making your changes.  These settings can be changed anytime later on but you’ll need to stop the management service first before doing so.

Windows Credentials and IIS Manager Credentials

 

Allow Users Access the Site Remotely

Now that the management service has been configured and is running, you can assign user permissions. The user permissions are assigned at the site level. Select the site you want to allow remote access to and in the Features View click IIS Manager Permissions.

IIS Manager Permissions

Under Actions click Allow User.

IIS Manager Allow Permissions

Enter the username or click Select to browse for a list of users on the server and then click Ok. In this walk-though we’ll add a Windows user named ftpuser1.

Select User Permissions

The server configuration is complete at this point. We have enabled Remote Administration and allowed a Windows user to remotely connect to IIS 8.  Now the only remaining step is to install IIS Manager for Remote Administration on your PC.

 

Configure Client Settings on Your PC

Run the Web Platform Installer (WPI) on your PC to install IIS Manager for Remote Administration.

IIS Management Console need to be install before IIS Remote Adminstration.

go to the control panel, choose programs and features. On the right choose turn windows features on or off, once the small window finishes loading one of the nodes will be Internet Information Services. You will find IIS Management Console Under Web Management Tools. Ensure it is checked. If not, check it and click ok. Then do whatever else it asks

http://www.iis.net/downloads/microsoft/iis-manager

IIS Manager for Remote Administration

Now that IIS Manager has been installed on your PC you can try connecting to your web site.  From within IIS Manager just right-click on the globe icon under Connections. Select Connect to a Site.

IIS Manager Connect to a Site

You will be prompted to enter the server address where your site is being hosted as well as the site name.

Specify Site Connection Details

On the next screen you’ll enter the username and password to authenticate.

Provide Credentials

You can change the name of the connection or just click Finish.  Your site will be displayed in IIS Manager.

Created a new connection successfully

You can tell that you’ve connected to the remote site securely by looking at the bottom right corner of the window.

IIS Manager

Summary

In this walk-through I covered installing and configuring IIS 8 Remote Administration on Windows Server 2012 and then using the Web Platform Installer, we installed IIS Manager for Remote Administration on your PC. 

IIS Manager user only can manage specific web site in IIS while system Administrator manage iis at server level.

if you want to allow someone to manage overroll IIS without system admin privilege, you can deny the admin logon through RDP.

 

To deny a user or a group logon via RDP, explicitly set the "Deny logon through Remote Desktop Services" privilege. To do this access a group policy editor (either local to the server or from a OU) and set this privilege:


1. Start | Run | Gpedit.msc if editing the local policy or chose the appropriate policy and edit it.

2. Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment.

3. Find and double click "Deny logon through Remote Desktop Services"

4. Add the user and / or the group that you would like to dny access.

5. Click ok.

6. Either run gpupdate /force /target:computer or wait for the next policy refresh for this setting to take effect.

Felix 發表在 痞客邦 PIXNET 留言(0) 人氣()