How to allow AD group to access and manage IIS sites and pools?

i manage actually a domain with around 34 IIS servers running webapplications.

I would like to get a better user right management in my domain.

For the moment, my users allowed to manage IIS websites and pools are members of the Domain Admins group which is not really secure.

For getting more control i would like to create an AD group containing the users allowed to manage IIS sites and pools ans only let them manage this part of the server.

But, i don’t know how to proceed for allowing this group to acces and manage IIS websites.

I’ve read some article on Technet explaining how to do this manually but i got lot of servers running IIS and lot of users and i cannot do it by hand here it is :

My users access to the management console from RDP connection. They can open the console but they don’t see any website in the left pane.

Can you help me ?

How should the DM manage the discrepancy between the player’s memory and their PC’s memory?

It may happen that, during a session, players don’t remember the name of a NPC that they met (or, more generally, information about something that happened) during the previous session. Obviously, their PC remembers that information. Conversely, a player may have taken notes about a not so important event that happened several years ago (in game). In this case, it is possible that the PC does not remember it.

How should the DM manage the discrepancy between the player’s memory and their PC’s memory? In the case of 5e, should he have the PCs make Intelligence checks?

Can’t manage to load private key on Wireshark [on hold]

To reverse engineer a server, I am using mitmproxy to generate a CA certificate on my Android. I then use an android application to capture the traffic flow between my android and the server. Finally, I import the traffic flow on Wireshark.

All of the packets I am interested in are sent over SSL, so I need the private key of my generated certificate to decrypt the SSL packets.

So I extracted the private key using:

$ openssl pkcs12 -export -nokeys -in 'mitmproxy-ca-cert.pem' -out mitmproxy-ca-cert.p12

With mitmproxy-ca-cert.pem is the certificate name.

When I import the generated private key mitmproxy-ca-cert.p12 on Wireshark I get the following message:

Can’t load private key from /home/yosra/TĂ©lĂ©chargements/mitmproxy-ca-cert.p12: can’t import pem data: The requested data were not available.

Can anyone help me with this? I would appreciate your help.

How would I set up and manage someone else G-suite without a password?

Instead of running my own (low-quality) mail server, I advice my customers to use G-Suite instead and let me do the set up. For this service I charge them. However, every now and then an edit has to be done, such as adding a new domain or creating new users. Although it’s a small task, they ask me to do this.

My only problem with this is privacy. As G-suite doesn’t allow ‘manager accounts’ that don’t have any functionality, besides managing the account, I always have to ask my clients for their password to log in and set-up the service.

I only have 6 clients, so I can’t register for the reseller functionality. Despite that, I was hoping someone could advice me to how to arrange a support functionality for me.

Who has a suggestion how to handle these situations?

How to manage globals and photos in Javascript?

Since I am new to JS, I have some basic questions.

  1. I have many global variables in different js files. Since i don’t want to have collisions, I thought it may be a good idea to create a single js global file, with a list of all global variables used over the program. Is that a good practice ? or am I doing something fundamentally wrong ?

  2. Should I create a “images” folder inside every page folder? some images are similar between pages, some are not. I don’t want to load unnecessary folders to the project, what is the way to do it ?

Is it possible to manage someone else’s Google calendar?

I have many clients with Google Calendar accounts. Recently, Google forces us to generate an API key to do some things. So I need to ask my clients to generate these API keys themselves, but they’re slow to do it, don’t know how to do it et cetera.

I wish I’d help my clients to just give me the power to do it — delegate to me the power to generate these API keys myself. Is this possible? I haven’t found any way to do this.