Granting and Denying Access to Computers

You can configure your Web server to grant or deny specific computers, groups of computers, or domains access to Web sites, directories, or files. For example, if your intranet server is connected to the Internet, you can prevent Internet users from accessing your Web server by granting access only to members of your intranet, and explicitly denying access to outside users.

Important

 

To grant access to computers, groups of computers, or domains
  1. In the IIS snap-in, select a Web site, directory, or file, and open its property sheets.
  2. Select the appropriate Directory Security or File Security property sheet. Under IP Address and Domain Name Restrictions, click Edit.
  3. In the IP Address and Domain Name Restrictions dialog box, select the Denied Access option. When you select this option, you deny access to all computers and domains, except those that you specifically grant access to.
  4. Click Add.
  5. In the Grant Access On dialog box, select Single Computer, Group of Computers, or Domain Name options. For more information about these options, click Help.
  6. Click the DNS Lookup button to search for computers or domains by name, rather than by IP address. Type in a name, then click OK to close both dialog boxes.

 

To deny access to computers, groups of computers, or domains
  1. In the IIS snap-in, select a Web site, directory, or file, and open its property sheets.
  2. Select the appropriate Directory Security or File Security property sheet. Under IP Address and Domain Name Restrictions, click Edit.
  3. In the IP Address and Domain Name Restrictions dialog box, select the Granted Access option. When you select this option, you grant access to all computers and domains, except those that you specifically deny access to.
  4. Click Add.
  5. In the Deny Access On dialog box, select Single Computer, Group of Computers, or Domain Name options. For more information about these options, click the Help button.
  6. Click the DNS Lookup button to search for computers or domains by name, rather than by IP address. IIS will search on the current domain for the computer, and if found, will enter its IP address in the IP address text box. Click OK to close both dialog boxes.

Notes

Using the Network ID and Subnet Mask

A group of computers can be either denied or granted access based upon their network ID and a subnet mask. The network ID is the IP address of a host computer, usually a router for the subnet, or subnetwork. The subnet mask determines which part of the IP address is a subnet ID, and which part is a host ID. All computers in a subnet have the same subnet ID but their own host ID. By specifying a network ID and a subnet mask, you can select a group of computers.

For example, if the host computer has an IP address of 172.16.16.1 and a subnet mask of 255.255.0.0, all of the computers in that subnet would have IP addresses that began with 172.16. To select all of the computers in the subnet, enter 172.16.16.1 in the Network ID text box and 255.255.0.0 in the Subnet Mask text box. For more information, see the Windows 2000 Server Resource Kit or a reference on TCP/IP protocols.


© 1997-1999 Microsoft Corporation. All rights reserved.