前些时间，老板说不想给开发人员本地管理员的权限，但是有的让他们有权设置网站。问我怎么做？放狗的结果是可以实现，但是有一些限制。其限制如图所示：



　　第一是怎么实现？这个网页说得很清楚了。复制一些重点如下：
http://learn.iis.net/page.aspx/159/configuring-remote-administration-and-feature-delegation-in-iis-7/

O、 Prerequisites
    IIS 7.0 on Windows Server® 2008 or IIS 7.5 on Windows Server 2008 R2
    IIS Manager

一、Configuring Remote Connections in IIS Manager

Install the Management Service
The default IIS 7 installation options do not include the Management Service (also referred to as the Web Management Service (WMSVC)), which is required for remote administration. If you have not installed the Management Service, follow the steps in this procedure to install it.

To install the Management Service:

    1，Click Start, type Server Manager in the Search box, and press ENTER to open Server Manager.
    2，In the tree, under Roles, select Web Server (IIS).
    3，Click Add role services, and then select Management Service as shown in the image below.
    4，Click Next and follow the instructions to complete the installation.

二、Enable Remote Connections and Configure Identity Credentials

Enable remote connections so that Windows users and IIS Manager users (configured later in this article) can connect to this computer by using IIS Manager on their computers. By default, the Management Service allows connections only from users that have Windows credentials, but you can configure it to also allow connections from users with IIS Manager credentials. For the purposes of this article, configure the Management Service to allow both credential types as shown in the image below.

Note: The next section in this article explains IIS Manager credentials.    

To enable remote connections and allow connections from Windows users and IIS Manager users:
    １。In IIS Manager, in the Connections pane, click the server node in the tree.
    ２。Double-click Management Service to open the Management Service feature page.
    ３。Select the Enable remote connections check-box.
    ４。Under Identity Credentials, select Windows credentials or IIS Manager credentials.
   ５。In the Actions pane, click Apply to save the changes, and then click Start to start the Management Service.

三、Configure Connection and Logging Settings for the Management Service

四、Configure IP and Domain Restrictions for the Management Service

五、Configuring Users and Permissions for IIS Manager

六、Add an IIS Manager User
To add an IIS Manager user:
    1，In IIS Manager, in the Connections pane, click the server node in the tree.
    2，On the server home page, double-click IIS Manager Users.
    3. On the IIS Manager Users page, in the Actions pane, click Add User.
　 4. In the User name box, type a user name.
    5. In the Password box, type a password and then retype the password in the Confirm password box.
    6. Click OK.

　　　　当我在添加新用户时，系统提示出错：[InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.]

这个需要把下面注册表的值设置为0:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy] "Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "fipsalgorithmpolicy"=dword:00000001

七、Configure IIS Manager Permissions for a Site or an Application
To permit an IIS Manager user to connect to a site or an application:
1. In IIS Manager, in the Connections pane, select the site or application for which you want to configure permissions.
2. On the home page for the site or application, double-click IIS Manager Permissions.
3. On the IIS Manager Permissions page, in the Actions pane, click Allow User.
4. On the Allow User dialog box, select IIS Manager and click Select.
5. On the Users dialog box, select one or more IIS Manager users from the list and then click OK.
6. Click OK to dismiss the Allow User dialog box.

To permit a Windows user to connect to a site or an application:
1. On the IIS Manager Permissions page, in the Actions pane, click Allow User.
2. On the Allow User dialog box, select Windows and then click Select.
3. On the Select User or Group dialog box, type a user name or search for a user account, and then click OK.
4. Click OK to dismiss the Allow User dialog box.

八、Configure Access Control Lists (ACLs) for Content Directories

九、Connect to a Site or an Application in IIS Manager

十、Delegating Features in IIS Manager

十一、Configure Default Delegation States for Features in IIS Manager

十二、Configure Custom Delegation States for Features in a Site or an Application

同时，最好在安装之前运行下面的命令以确保管理授权服务的图标能正确的显示出来。

dism /online /enable-feature /featurename:IIS-WebServerRole
dism /online /enable-feature /featurename:IIS-WebServerManagementTools
dism /online /enable-feature /featurename:IIS-ManagementService
Reg Add HKLM\Software\Microsoft\WebManagement\Server /V EnableRemoteManagement /T REG_DWORD /D 1
net start wmsvc
sc config wmsvc start= auto