IIS Home @ it-notebook.org

Web Site Operators was removed from IIS 6.0

(Kristofer Gafvert, April 25, 2005)


In IIS 5.0, there were something called Web Site Operators[1]. A web site operator could change and reconfigure the web site. He/she could set web site access permissions, enable logging, change the default document footer and a few other things. Although the idea of delegated administration is good, the implementation of it in IIS 5.0 was not that good. So it was removed from IIS 6.0.

Delegate administration in IIS 6.0

So, since there is nothing built-into IIS 6.0 to delegate administration, we need to use a third-party tool. There are plenty of so called Control Panels for IIS Administration, and they are usually web based (if that is good or bad depends...). Some of them are very customizable, and can be used to delegate administration to others.

Develop your own administration application

If you were to develop your own administration application, there are (basically) two ways to do it. Either you impersonate an administrator account (which has full access to the metabase and the webserver), or you take advantage of AdminACL[2,3,4] and use separate accounts. And of course, the latter is the way to go!

Applies to [?]

IIS 6.0


[1] 298969, Web Site Operator Capabilities and Limitations
[2] AdminACL in MSDN
[3] Metabase Security
[4] 267904, Metaacl.exe modifying metabase permissions for the IIS Admin Objects
Useful downloads for IIS (including control panels)
Configuring 'website operator' in IIS 6.0
818073, You cannot configure Web and FTP site operators by using Internet Services Manager