locked
Adding Administrator user to group "IIS_IUSRS" - Menu entry "Local Users and groups" not existing in Server Manager RRS feed

  • Question

  • Hi,
    I've installed Windows Server 2008 R2 wSP1 64Bit and added the following roles:
    - Active Directory
    - DNS
    - DHCP

    Now I have to install a 3rd party client management software on this server.

    According to the manual I have to go to the Server Manager - "Configuration" - "Local Users and groups" - "Groups" - "IIS_IUSRS" and add the Administrator user either from the domain or the local server.
    The problem is that the menu entry "Local Users and groups" is not existing.
    Based on my understanding the reason is that the server is also the domain controller (=Active Directory), and therefore the menu entry "Local Users and groups" has been removed because the domain becomes local at that point.

    So my questions are:
    Do I still have to add the Administrator user either from the domain or the local server?
    If yes, how and where can this be done exactly?



    Thanks and best regards!


    Tuesday, August 13, 2013 8:52 AM

Answers

  • You should find that group in the ADUC in Active Directory. If you cannot find the group, then you might be hitting the issue mentioned here - http://support.microsoft.com/kb/946139/en-us

    Regards, Vik Singh "If this thread answered your question, please click on "Mark as Answer"

    • Marked as answer by Andy Qi Monday, August 26, 2013 10:15 AM
    Wednesday, August 14, 2013 7:58 AM
  • Hello,

    When the DC promotion occurs, the new Windows Server 2008 built-in accounts are no longer available to IIS 7.0. Any Access Control List (ACL) that uses the built-in accounts will not be able to resolve to a friendly name, but will instead show their raw SID (Security Identifier) values.

    Refer the KB provided by "VIk" to restore the SID.


    Devaraj G | Technical solution architect

    • Marked as answer by Andy Qi Monday, August 26, 2013 10:15 AM
    Wednesday, August 14, 2013 4:40 PM

All replies

  • You should find that group in the ADUC in Active Directory. If you cannot find the group, then you might be hitting the issue mentioned here - http://support.microsoft.com/kb/946139/en-us

    Regards, Vik Singh "If this thread answered your question, please click on "Mark as Answer"

    • Marked as answer by Andy Qi Monday, August 26, 2013 10:15 AM
    Wednesday, August 14, 2013 7:58 AM
  • Hello,

    When the DC promotion occurs, the new Windows Server 2008 built-in accounts are no longer available to IIS 7.0. Any Access Control List (ACL) that uses the built-in accounts will not be able to resolve to a friendly name, but will instead show their raw SID (Security Identifier) values.

    Refer the KB provided by "VIk" to restore the SID.


    Devaraj G | Technical solution architect

    • Marked as answer by Andy Qi Monday, August 26, 2013 10:15 AM
    Wednesday, August 14, 2013 4:40 PM