Grant NON-administrator privileges to IIS 7

security windows-server-2008-r2 iis-7.5

We are implementing a pseudo-Platform as a Service environment. It's a fairly simple set up that parallels Infrastructure as a Service: basically our clients will each have a access to their own servers, we will maintain the OSes while our clients will have limited access to the OS. Due to...reasons we cannot allow the clients full local administrator access to the servers, but they should have full access to the web hosting tools within (IIS, SQL Server etc). I am fully aware of how convoluted this setup is, but these decisions are made way above my head and my voice has been heard and ignored in the matter.

The problem:

Is it possible to give non-local administrators administrative access to IIS manager (The whole IIS Manager, not just delegate the sites)? If so, how?

Thanks!


I think the following article will show you how to configure delegation at the host level. http://www.iis.net/learn/manage/remote-administration/configuring-remote-administration-and-feature-delegation-in-iis-7

This type of functionality would be nice for those who still have to manage legacy IIS too.


Well you have a mess on your hands.

You should really look into a Plesk or something similar,

Based on your statement "but these decisions are made way above my head and my voice has been heard and ignored in the matter." It really sounds like you are trying to make mountains out of mole hills.

With that being said you are going to run into major issues trying to do things the way you have described.

You are really mixing PAAS and IAAS

You really shouldn't allow multiple users to all have admin access to both IIS and SQL for their own websites. You are going to be putting out fires all day when user one overwrites the handler mappers for his version of PHP that kills another users website.

SQL in the same way

And their might be the user that doesn't pay his bill and gets ticked off and decided to destroy what he has access to.

Everyday will be a fight and your customers will feel that. Your company will not be in business for very long.

Offer PAAS use virtualization software, Hyper-V or VMWare.

You control IIS, SQL, they can upload files make changes to their own environments.

Offer IAAS use virtualization software, Hyper-V or VMWare.

Give them their cores and ram and cpu and let them go crazy.

If you cries are still ignored put your resume up on Dice and CareerBuilder.

Related

User in Administrators group has not the same rights as Administrator (Win 2012 R2)
How do sites detect bots behind proxies or company networks
Use nginx upstream group with multiple ports
Can FindInMap return a list?
CentOS 7: df started to hang
Postfix, multi domains and multi certs on one IP
Single Person ISV, What Type of Server Hardware do you Recommend? [closed]
MySQL monitoring tools
Cannot delete an existing service using sc command: The specified service does not exist as an installed service
How do you check the version of a *.ko kernel module in Linux?
Opinions on hosting servers in-house
How do I convert wireshark capture files to text files?