cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Manage IIS locally with a non-admin account
By
Nedim
Published Nov 13 2019 10:14 AM 73.6K Views
Nedim
Microsoft
‎Nov 13 2019 10:14 AM

Manage IIS locally with a non-admin account

‎Nov 13 2019 10:14 AM

Administrators mostly use a local or domain account that has local admin rights to manage IIS. How about non-administrator accounts? Can a non-administrator account use IIS Manager?

The answer is YES but it also depends on what you manage and how you access IIS Manager.

If you login to the server with a non-admin account and go to IIS Manager, you can only manage

  • Websites
  • Applications

By design, non-admin accounts can’t manage application pools locally.

 

The following steps are for a website. You can use similar steps for applications.

  1. Open IIS Manager
  2. Click the website
  3. Double click “IIS Manager Permissions
  4. Click “Allow User”. Add your domain or local users (I used IISTEAM domain – see the screenshot)
  5. Log off administrator
  6. Log back in with a non-admin user
  7. Open IIS Manager
  8. Select “File > Connect to Site
  9. Enter “localhost” as a server name. Enter your site name. Click “Next
  10. Enter username and password (a user from IIS Manager Permissions list). Click “Finish
  11. The website will show up in IIS Manager

clipboard_image_0.png

Step 3 – IIS Manager Permissions

clipboard_image_1.png

Step 7 – Connecting a remote site

 

For managing application pools with a non-admin user remotely, add users to IIS Manager Permissions (just like we did above). Then go to “IIS Manager > Management Service” and enable it. After this change, you can open IIS Manager in another server and add this server as a new connection (blog post).

 

You can also use manage.iis.net or Windows Admin Center to manage IIS websites remotely.

 

0 Likes
Like
4 Comments
rvmishra
Copper Contributor
‎Oct 18 2020 06:50 AM
‎Oct 18 2020 06:50 AM

Hello @Nedim 

We have recently set up a Windows Server 2016 where I need to allow IIS Manager access to a Windows user

who is not a member of the "Administrators" Group

 

I have tried following your article above but the user still gets an error when after specifying the site details

 

Anything you can suggest would be a big help

In fact, the user needs to have IIS Manager access for multiple sites (asp.net) configured in-parallel

 

Regards

0 Likes
Like
Nedim
Microsoft
‎Oct 23 2020 06:22 PM
‎Oct 23 2020 06:22 PM

Hi @rvmishra , 

 

I have recently updated this post as there have been changes in this topic. There is currently no convenient way for non-admins to manage application pools. This is on purpose. We think it’s a security risk to allow non-admins to stop websites.

 

Using manage.iis.net was a workaround but this website has been recently retired (Even when it was active, it required admin intervention for setup and every time browser cache is cleared).

 

We have a tool called Windows Admin Center. This tool is developed to help admins manage servers remotely (Not just IIS but it can manage other components as well). If you set up this tool with admin credentials, non-admin users can later continue using it to manage sites. However, I don’t recommend this tool for this scenario because of the following reasons.

 

  1. Admin credentials should be used to set it up for every user/machine (We are simply using browser to save password)
  2. Every time the machine is restarted, the credentials should be entered again
  3. The non-admin user will have more permissions than just managing IIS. They can manage users/groups, storage, etc.

In summary; it’s not recommended to use non-admin accounts to manage application pools.

0 Likes
Like
HawkMan
Copper Contributor
‎Mar 03 2022 09:49 AM
‎Mar 03 2022 09:49 AM

Is it possible to allow non-admins to view IIs only including Application Pools to see if they are running or not?

0 Likes
Like
js_js
Copper Contributor
‎Jan 30 2024 10:19 AM
‎Jan 30 2024 10:19 AM

Hello, this tutorial does not work because although the user is added to the website, he cannot see the website and/or connect to the server.
I am using Windows Server 2019.
I am using IIS 10.

I am trying to connect to localhost IIS using account which is in group Users and has been added via IIS Manager Permissions (icon - two guys with globe).

The folder where the app is deployed is located on the user's folder and has IIS_IUSRS assigned and administrator can run the app fine via IIS.

Also, when trying to connect to the localhost IIS, I can select:
a) connect to server, when I enter localhost, I am requested to enter username and password but I need to connect using local Windows authentication and there is no option for that
b) connect to website, which is the same but I have to enter web app name extra.

Why the user cannot connect to the localhost server?

0 Likes
Like
Version history
Last update:
‎Sep 04 2020 04:00 PM
Updated by: