Setting the Scope for the Application

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

A scope is a subdivision within an application that separates selected resources from other resources that are used by the application. Scopes can help to prevent unintended resource sharing, as well as to support auditing and delegation.

Important

You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".

Procedures

To set the scope for the application

  1. If Authorization Manager is not already open, click Start, click Run, type

    Azman.msc

    and then click OK.

  2. In the console tree, right-click IIS 6.0 URL Authorization and then click New Scope.

  3. In Name, type the following text exactly as it appears below:

    WebApp

    and then click OK. If you do not type this text exactly as it appears, IIS URL authorization fails without sending a warning message.

  4. In the console tree, double-click IIS 6.0 URL Authorization, double-click Definitions, right-click Role Definitions, and then click New Role Definition.

  5. In New Role Definition, in Name, type the following text exactly as it appears below:

    Viewer

    and then click Properties.

    If you do not type this text exactly as it appears, IIS URL authorization fails without sending a warning message.

  6. Click the Definition tab, click Add, and then click the Operations tab.

  7. Select the AccessURL checkbox and then click OK twice.

  8. In the console tree, under IIS 6.0 URL Authorization, under WebApp, right-click Role Assignments, and then click Assign Roles.

  9. Select the Viewer checkbox and then click OK.

  10. In the details pane, right-click the role assignment you created above, and then click Assign Windows Users and Groups.

  11. In Enter the object names to select (examples), type your user name, and then click OK.

  • For more information about Authorization Manager, see Help and Support Center in Windows Server 2003.