I have programmers using a one of our servers, and they need rights to everything so they can administer the IIS portion of the server. That's fine. However, one of the programmers likes to change the admin password so when I go to login to the server to change some settings I can't. How would I give one of them access to do everything BUT change the password of admin. (Or change passwords at all) Please let me know as the situation is getting worse. Thanks

Tell them that they do not have the right to change any passwords. Maybe pick one as a lead and if they change again Fire one of them. People usally respond well when playing around might cost them a meal ticket

he's probably doing it because he doesn't want anyone to mess around with his "perfect" settings. However, if he doesn't have the authority, then he should be warned. Make it a company/department policy. Personally, I would be wary of people who change passwords...they might have an ulterior (sp) motive. If he really thought that it was important for no one else to have access, then he should explain why that is so.

If the DC is a Win2k box then you can go to: 'Administrative Tools' and select 'Active Directory Users and Computers'. Click the 'Users' object and double-click your user account and select the 'Security' tab. Filter his Change Password permission out or specicallly deny it. Done.

Make them a new user like "IIS admins" and only give them the access IIS. I dont think they would need full admin rights to access IIS of any version. Then you have the power to enable or disable their access and not mess with your own.

Read up on the Active Directory feature "Delegation"