You can control access to Revit Server Administrator by configuring user or group level permissions in Internet Information Service (IIS) Manager, forcing users to log in and authenticate beforehand.
The following steps give a high level overview of the process, but you should also consult Windows IIS administration best practices and documentation for more detail. Autodesk also recommends that you validate the functionality of Revit Server Administrator before restricting its access.
To set up basic permissions on an instance of Revit Server
- On the Revit Server Host machine, launch the IIS Manager.
- In the Internet Information Services (IIS) Manager, expand the tree node corresponding to the name of the server, and then expand SitesDefault Web Site, and select the RevitServerAdmin node.
- Install Basic and Windows Authentication under Web Server role service. In the middle Features View pane, double-click the Authentication icon.
- Verify that the Basic Authentication and the Windows Authentication are set to Enabled.
- Verify that Anonymous Authentication is set to Disabled.
- Re-select the RevitServerAdmin node.
- In the Features pane, double-click the Authorization Rules icon.
- In the Authorization Rules pane, select and remove the All Users rule to restrict access to all users.
- In the Actions pane, click Add Allow Rule.
- In the Add Allowed Authorization Rule dialog, select either Specified roles or user groups or Specified users, and enter the role/group or user.
Note: Create a group and set each server to use that group for access control. Then it is only necessary to modify the group in a single location.