System administrators use IIS Manager to host and manage their web applications in IIS. In the majority of the companies I worked with, administrators use a local or domain account that has local admin rights to use IIS Manager. How about non-admin accounts? Can a non-administrator account use IIS Manager?
The answer is YES depending on what you want to manage and how you want to access IIS Manager.
If you login to Windows Server with a non-admin account and open IIS Manager, you can only manage
Non-admin accounts can’t manage application pools locally. This is by-design.
If you open IIS Manager in another server and connect it to your actual server, you can manage
- Application pools
In the next section, I will briefly explain how to manage websites and applications locally with a non-admin account.
Manage IIS websites and applications locally with a non-admin account
The steps below are for a website. You can use similar steps for applications.
- Go to IIS Manager
- Click the website. Open “IIS Manager Permissions”
- Click “Allow User”. Add your domain or local users (In the screenshot below, I used IISTEAM domain)
- Log off administrator. Log in with non-admin user
- Go to IIS Manager
- Select “File > Connect to Site”
- Enter “localhost” as a server name and enter your site name. Click “Next”
- Enter username and password (a user from IIS Manager Permissions). Click “Finish”
- The website will show up in IIS Manager
For managing application pools with a non-admin user remotely, add users to IIS Manager Permissions just like we did above. Additionally, go to “IIS Manager > Management Service” and enable it. After this, you can open IIS Manager in another server and add this server as a new connection. Here is a good blog post about this.
After connecting to IIS Manager, you may see that some bindings are missing. Check this post out for the root cause and solution: Missing bindings in IIS (net.tcp, net.pipe, net.msmq, msmq.formatname)