Windows server 2016 - non admin user run powershell as administrator

Question

Hi all,
My environment : Windows server 2016 standard with OpenSSH service running , a local user "gitlab" , user gitlab can ssh to server successfully.
I want user gitlab can do
Stop-WebAppPool -Name "mywebapppool" -Passthru
Start-WebAppPool -Name "mywebapppool" -Passthru
I granted user gitlab permission for managing IIS by using "IIS Manager permissions"
I added user gitlab into local Administrators group
It works.
Is there any other way that I don't have to add user gitlab into local Administrators group ?
I want user gitlab can run some WebAdministration cmdlet (or some .ps1 file) as administrator privilege
Please give me some advice, thank you very much.

Answer 1

Hello JackChoung

What I would recommend you in this case is the use of JEA:

Just Enough Administration (JEA) is a security technology that enables delegated administration for anything managed by PowerShell. With JEA, you can:

Reduce the number of administrators on your machines using virtual accounts or group-managed service accounts to perform privileged actions on behalf of regular users.
Limit what users can do by specifying which cmdlets, functions, and external commands they can run.
Better understand what your users are doing with transcripts and logs that show you exactly which commands a user executed during their session.

You can find more information about JEA, requisites and capabilities and usage here: https://learn.microsoft.com/en-us/powershell/scripting/learn/remoting/jea/overview?view=powershell-5.1

-------------------------------------------------------------------------------------------------------------------------------------

--If the reply is helpful, please Upvote and Accept as answer--

Answer 2

Have a look at this: overview