[英]Use IIS Manager without Admin Rights
I have published a VS project to a folder, and now I want to host it on IIS.我已经将一个 VS 项目发布到一个文件夹中,现在我想将它托管在 IIS 上。 But I can run IIS only with admin privileges.
但我只能以管理员权限运行 IIS。 But I think that is a security issue, when the service run with admin prevs on Windows Server?
但我认为这是一个安全问题,当服务在 Windows Server 上以管理员 prevs 运行时? Is it possible to start IIS Manager without admin rights?!
是否可以在没有管理员权限的情况下启动 IIS 管理器?!
Add: It is a BlazorServer Project i want to host on IIS添加:这是我想在 IIS 上托管的 BlazorServer 项目
Why do you want to grant permission for non-administrator user to access the IIS manager?为什么要授予非管理员用户访问 IIS 管理器的权限? It could be insecure to do this.
这样做可能是不安全的。
If a non-administrator user has full access to IIS Manager alone, can promote himself/herself as administrator.如果非管理员用户单独拥有 IIS 管理器的完全访问权限,则可以将自己提升为管理员。 That's why IIS Manager must be used by an administrator explicitly.
这就是管理员必须明确使用 IIS 管理器的原因。
In client OS, only windows 7 could set the IIS manager permission via IIS management service.在客户端操作系统中,只有 windows 7 可以通过 IIS 管理服务设置 IIS 管理员权限。 So you could not create a non-administration environment with only IIS 8 IIS 10.
因此,您无法创建仅使用 IIS 8 IIS 10 的非管理环境。
In windows server, you could set the remote administration and IIS manager permission like:在 windows 服务器中,您可以设置远程管理和 IIS 管理器权限,例如:
https://docs.microsoft.com/en-us/iis/manage/remote-administration/configuring-remote-administration-and-feature-delegation-in-iis-7 https://docs.microsoft.com/en-us/iis/manage/remote-administration/configuring-remote-administration-and-feature-delegation-in-iis-7
https://blogs.technet.microsoft.com/leesab/2014/07/30/delegating-iis-administration-to-domain-users-non-administrators/ https://blogs.technet.microsoft.com/leesab/2014/07/30/delegating-iis-administration-to-domain-users-non-administrators/
The remote administration via delegation is not granting non-administrator users full access to IIS Manager, which minimizes their capabilities to acquire permissions they shouldn't have.通过委派进行的远程管理不会授予非管理员用户对 IIS 管理器的完全访问权限,这会最大限度地减少他们获取不应拥有的权限的能力。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.