Would you like to learn how to configure the IIS server to allow the access only for members of a specific group? In this tutorial, we are going to configure the IIS authorization feature to allow only a specific group of users to access a directory.

• Windows 2012 R2
• Windows 2016
• Windows 2019

In our example, the IIS server is hosting the website WWW.GAMEKING.TIPS.

In our example, the IIS server name is TECH-DC01.

The NTLM authentication is now called WINDOWS authentication.

Equipment list

The following section presents the list of equipment used to create this tutorial.

As an Amazon Associate, I earn from qualifying purchases.

Windows Tutorial:

On this page, we offer quick access to a list of Windows tutorials.

Tutorial IIS – Authorization configuration

On the server manager, enable these IIS security features:

• URL authorization.
• Windows Authentication.

IIS - Authorization

Start the application named: IIS Manager.

Start IIS Windows

On the IIS Manager application, access your website and select the directory that you want to protect.

On the right part of the screen, access the option named: Authentication.

IIS - Configure Authentication

Disable the Anonymous authentication on the selected directory.

IIS - Disable the anonymous authentication

Enable the Windows authentication on the selected directory.

IIS - Enable NTLM authentication

In our example, we configured the IIS server to use the NTLM type of authentication.

In our example, we configured the IIS server to require authentication to access a directory.

As an administrator, create a local user account.

Copy to Clipboard

Create a local group.

Copy to Clipboard

Add members to the group.

Copy to Clipboard

In our example, we created a local user account named GOHAN.

In our example, we created a local group named IIS-ALLOW.

In our example, we added the user GOHAN to the group named IIS-ALLOW.

On the IIS Manager application, access your website and select the directory that you want to protect.

On the right part of the screen, access the option named: Authorization rules.

IIS - Authorization configuration

Remove any inherited or existent rule.

Add a new authorization rule on the selected directory.

IIS - Add authorizarion rule

To allow access only to a specific group of users, perform the following configuration:

• Specified roles or user groups – Yes.
• Enter the name of the group of users.

Click on the OK button.

IIS - Add authorization rule

Optionally, you may configure Active Directory groups as members of the local group.

IIS Authorization - Active Directory group

To test the installation, open the Chrome browser and try to access the protected directory.

In our example, the following URL was entered in the Browser:

• http://www.gameking.tips/protected

The IIS server will require you to perform the user authentication.

IIS - Basic authentication configuration

Only members of the specified group will be authorized to access the IIS server directory.

Congratulations! You configured the authorization feature on the IIS server.