Restrict access to IIS site via AD group

Recently I have had to restrict access to an IIS site to users who are in a specific AD group – in my case Domain Admins (but it can be any group you want). This is how you do it….


Here are the steps I took to be able to do this:

1. Configure your IIS site to use Windows Authentication. To configure Windows authentication:

  1. Start Internet Information Services (IIS)
  2. Click on your website or application
  3. From the right-hand pane, double click Authentication
  4. Enable: Windows Authentication
  5. Disable: Anonymous Authentication

2. Add the following into your application’s web.config file (if you don’t have one, create it):



3. Test and marvel at how easy it is 🙂

More Info

If you would like some more info in regards to IIS authentication check out these MSDN articles:

And that is how to restrict access to an IIS site.

Let me know if you got any questions or more info in the comments below.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.