使用没有管理员权限的 IIS 管理器

Question

I have published a VS project to a folder, and now I want to host it on IIS. But I can run IIS only with admin privileges. But I think that is a security issue, when the service run with admin prevs on Windows Server? Is it possible to start IIS Manager without admin rights?!

Add: It is a BlazorServer Project i want to host on IIS

Answer 1

Why do you want to grant permission for non-administrator user to access the IIS manager? It could be insecure to do this.

If a non-administrator user has full access to IIS Manager alone, can promote himself/herself as administrator. That's why IIS Manager must be used by an administrator explicitly.

In client OS, only windows 7 could set the IIS manager permission via IIS management service. So you could not create a non-administration environment with only IIS 8 IIS 10.

In windows server, you could set the remote administration and IIS manager permission like:

https://docs.microsoft.com/en-us/iis/manage/remote-administration/configuring-remote-administration-and-feature-delegation-in-iis-7

https://blogs.technet.microsoft.com/leesab/2014/07/30/delegating-iis-administration-to-domain-users-non-administrators/

The remote administration via delegation is not granting non-administrator users full access to IIS Manager, which minimizes their capabilities to acquire permissions they shouldn't have.