Delegation Settings

So far, we've discussed remote management of IIS 8.0 using IIS Manager. Now it's time to look at the granular control available to you for remote administrator access.

Note
IIS 8.0 does not have the capability to control access per user, per site. Each site can be adjusted to suit your needs, but all users that have permission to manage that site will have the same level of access.

IIS 8.0 enables you to control two types of remote access:

  • IIS manager features—Available rights are No Visibility, Read Only, and Read/Write.
  • Web.config access—Available rights are Read Only and Read/Write.

Remote access through IIS Manager and web.config can be micromanaged to the finest detail by allowing every setting to be set on a per-site or per-application basis. Management access can be granted for whole sections, elements, collections, attributes, and even individual items within a collection. Additionally, access can be set so that “everything is granted except” or “only grant specific settings.” If planned correctly, even the most complex lockdown requirement can be accommodated in IIS 8.0.

Note
It's important to note in this section that only a small part of managing delegation is available from IIS Manager. Most of the fine-tuning adjustments must be made directly in applicationHost.config and administration.config files, or with one of the command-line or development methods.

Delegation of Sections

Delegation at this level can get confusing because ...

Get Professional Microsoft IIS 8 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial