How to: Restrict Access to WebAccess or specific Applications in IIS Manager

Version 6


    Service Desk: All Versions

    Review Date:


    Can you restrict Access to Web Desk?

    For example you might want to restrict access to a WebAccess Application whilst still developing the Application so that no one can log in to it by mistake



    There is an option to deny access to WebDesk in IIS Manager and you can then open specific IP addresses to be the only ones with access.

    Please see below for IIS 6 and IIS 7


    IIS 6:

    You do this by going to your IIS Manager, Expand "Web Sites" and "Default Web Site".

    Right click on "WebDesk" and go to "Properties".
    Go to the "Directory Security" tab and in the "IP address and domain name restrictions" click "Edit".


    Tick "Denied Access". This will deny everyone to get to WebDesk.
    You can then click "Add", use the "Single Computer" option and add in the specific IP Address of the Computer you would like to be able to access Web Desk.


    Please remember to delete the specific IP addresses when setting this back to "Granted Access" for everyone, or these specific IP Addresses will be denied access.





    IIS 7:

    Highlight the relevant "Web Desk" Application.

    Select to see the Features View.

    Double click on the "IP Address and Domain Restrictions" option in the IIS Group.


    To add a full Deny on this WebAccess, click the "Edit Feature Settings" from the Actions Panel and select "Deny" in the "Access for unspecific clients" option.

    (If you do not have the "IP Address and Domain Restrictions" option, please see below in how to add this)






    To open specific IP Addresses:

    If you want to Allow or Deny Specific IP Addresses, click on the "Add Allow Entry" or "Add Deny Entry" in the "IP Address and Domain Restrictions area.

    Type in the relevant IP Address and click OK.






    How to add the "IP Address and Domain Restrictions" option in IIS Manager:

    Open your Server Manager and highlight Roles in your tree:


    Scroll down to "Web Server (IIS)" section.

    In the "Role Services" list, you will see everything that has been installed.


    Find "IP and Domain Restrictions" and check the Status of this. If this is "Not Installed" click on the "Add Role Services" on the right hand side.



    In the Select Role Services list, scroll down to the Security Section and tick the "IP and Domain Restrictions" option.

    Click Next and follow through the instructions to install this.



    Reopen your IIS Manager and you will now have the "IP Address and Domain Restrictions" option.