Security Setup for DNS / IIS

[Matt]

Hi,
I'm trying to setup so my web guys only have access to DNS and IIS on
the web servers and so they don't have to terminal service into the
machines (like they do now). It's not really that huge of a deal that
they can't see the event logs/etc, I basically just want to get them off
having to terminal service in. My Question: What do I need to do to
allow them to be able to MMC into IIS and DNS as well?

 

[Jim Singh]

You can use/install the adminpak.msi file on their computers and ask them to
use the iis and dns from there. The adminpak.msi file is located under the
sysroot\system32\ directory on the server.

-Jim

 

[Matt]

Right,
What group do they need to be in though?

You can use/install the adminpak.msi file on their computers and ask them to
use the iis and dns from there. The adminpak.msi file is located under the
sysroot\system32\ directory on the server.

-Jim

 

[Jim Singh]

If the users want to just see the information in the DNS and IIS consoles
they need not to be in any sepecial groups except the users group. If they
require to modify the information in the DNS i.e. adding zones,
configuration changes etc. then they need admin level privileges.

-Jim

 

[Matt]

Jim,
What if I want them to be able to administer DNS/IIS however I don't
really want them wandering around other things??

 

[Jim Singh]

Matt -
you can delegate the authority to your users to just administer the DNS
and IIS through ADUC - right click the OU where users are residing and and
choose "delegate authority". From here you can pick what you want your users
to see/administrate.

-Jim