Access to Internet Services Manager (HTML) Is Restricted to Localhost

Article translations Article translations
Article ID: 254355
This article was previously published under Q254355
This article has been archived. It is offered "as is" and will no longer be updated.
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx
For more information about IIS 7.0, visit the following Microsoft Web site:
http://www.iis.net/default.aspx?tabid=1
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx
Expand all | Collapse all

Symptoms

When a user attempts to remotely connect to the IISADMIN virtual directory (or possibly some other administrative share) of either the default Web site or the Administrative Web site on an Internet Information Services Server 4.0 or Internet Information Services 5.0 server, the connection fails, and the following error message appears in the browser:
Access to Internet Services Manager (HTML) is restricted to Localhost

Cause

The reason for this error is that permissions for that virtual directory, by default, restrict access to only those persons actually logged on to the local computer, not people connecting across the network.

Resolution

Permissions to this folder (or any administrative virtual directory) should not be adjusted without great care because they can allow a high degree of control over the Web Server.

NOTE: You are strongly discouraged from changing these attributes because of the security implications.

You can use this procedure too allow or change access to the IISADMIN directory:
  1. Right-click the folder and select Properties.
  2. On the Directory Security tab, click the Edit button for IP Address and Domain Name Restrictions.
  3. Adjust the settings to match your security needs.

More information

Another way that you can delegate permissions is to make a copy of the IISADMIN Web site and place it into the directory structure of the Web sites that are being hosted on this server. This allows the administrator to delegate control to some other person. Again, the Directory Security must be amended to open up access beyond the local computer.

Properties

Article ID: 254355 - Last Review: October 26, 2013 - Revision: 4.0
Keywords: 
kbnosurvey kbarchive kbprb KB254355

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com