Granting or Denying Access to a Computer
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1
Use the following procedure to grant or deny access to a specific computer.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /user:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".
Procedures
To grant or deny access to a computer
In IIS Manager, double-click the local computer; right-click the Web Sites or FTP Sites folder, an individual Web or FTP site, a virtual directory, or a file; and then click Properties.
Note
Configuration settings made at the Web or FTP Sites level are inherited by all of the Web or FTP sites on the server. You can override inheritance by configuring the individual site or site element.
Click the Directory Security or File Security tab, and then do one of the following:
For Web sites, in the IP address and domain name restrictions section, click Edit.
For FTP sites, continue to the next step.
Click Granted access or Denied access. When you select Denied access, you deny access to all computers and domains, except to those that you specifically grant access. When you select Granted access, you grant access to all computers and domains, except to those that you specifically deny access.
Click Add, and then click Single computer.
Click DNS Lookup to search for computers or domains by name, rather than by IP address.
Type the DNS name for the computer. IIS searches on the current domain for the computer, and if found, enters its IP address in the IP address box.
The following information is important to remember when using the DNS Lookup feature:
It causes a performance decrease on your server while it is looking up DNS addresses.
A user accessing your Web server through a proxy server appears to have the IP address of the proxy server.
Some user server access problems can be corrected by entering the "*.domainname.com" syntax, rather than the "domainname.com" syntax.
Click OK three times.
Related Information
For more information about IP address restrictions, see Setting IP Address and Domain Name Restrictions.
For more information about subnet masks, see "Subnet masks" in the Windows Server 2003 Help and Support Center.