Share via


Granting or Denying Access to a Group of Computers

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

A group of computers can be either denied or granted access based upon their network ID and a subnet mask.

For example, if the host computer has an IP address of 172.16.16.1 and a subnet mask of 255.255.0.0, all of the computers in that subnet would have IP addresses that began with 172.16. To select all of the computers in the subnet, enter 172.16.16.1 in the Network ID box and 255.255.0.0 in the Subnet Mask box.

Important

You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /user:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".

Procedures

To grant or deny access to a group of computers

  1. In IIS Manager, double-click the local computer; right-click the Web Sites or FTP Sites folder, an individual Web or FTP site, a virtual directory, or a file; and then click Properties.

    Note

    Configuration settings made at the Web or FTP Sites level are inherited by all of the Web or FTP sites on the server. You can override inheritance by configuring the individual site or site element.

  2. Click the Directory Security or File Security tab, and then do one of the following:

    • For Web sites, in the IP address and domain name restrictions section, click Edit.

    • For FTP sites, continue to the next step.

  3. Click Granted access or Denied access. When you select Denied access, you deny access to all computers and domains, except to those that you specifically grant access. When you select Granted access, you grant access to all computers and domains, except to those that you specifically deny access.

  4. Click Add, and then click Group of computers.

  5. In the Network ID box, type the IP address of the host computer.

  6. In the Subnet mask box, type the subnet ID for the computer you want grant or deny access to, and then click OK three times.