Administrators mostly use a local or domain account that has local admin rights to manage IIS. How about non-administrator accounts? Can a non-administrator account use IIS Manager?
The answer is YES but it also depends on what you manage and how you access IIS Manager.
If you login to the server with a non-admin account and go to IIS Manager, you can only manage
- Websites
- Applications
By design, non-admin accounts can’t manage application pools locally.
The following steps are for a website. You can use similar steps for applications.
- Open IIS Manager
- Click the website
- Double click “IIS Manager Permissions”
- Click “Allow User”. Add your domain or local users (I used IISTEAM domain – see the screenshot)
- Log off administrator
- Log back in with a non-admin user
- Open IIS Manager
- Select “File > Connect to Site”
- Enter “localhost” as a server name. Enter your site name. Click “Next”
- Enter username and password (a user from IIS Manager Permissions list). Click “Finish”
- The website will show up in IIS Manager
Step 3 – IIS Manager Permissions
Step 7 – Connecting a remote site
For managing application pools with a non-admin user remotely, add users to IIS Manager Permissions (just like we did above). Then go to “IIS Manager > Management Service” and enable it. After this change, you can open IIS Manager in another server and add this server as a new connection (blog post).
You can also use manage.iis.net or Windows Admin Center to manage IIS websites remotely.