Feature Requets: Provide a way to allow non-admin users to recycle application pool

Question

I need to allow a non admin user to recycle an application pool (using appcmd in my case). I know there is no way at the moment to do that and the user must be an administrator to recycle the pool but that is an overkill just for being able to do this task. I was thinking that if IIS allows setting allowed users for various actions in the local security policy editor somewhere that would be the best but any other solution would be fine as long as I do not have to make the user an admin

Answer 1

Hi @Dani Avni,

Normally, locally on the server we cannot delegate the app pool recycling settings. App pool is a child element of the system.applicationHost element, and unlike settings in <system.webServer>, settings in the <system.applicationHost> element cannot be delegated.

There is a way to allow users to remotely recycle an application pool and without giving this user administration privileges on the IIS machine. Unfortunately, an application pool recycle does need to be run as an administrator, however by using msdeploy we can set the recycleApp provider to be delegated and run under elevated admin privileges. Then by using either a local standard user account or an IIS Manager account, we can call the recycleApp provider from a remote machine and with the elevated recycleApp provider, remotely recycle the app pools for which the user is granted permissions in IIS.

Please refer to this article: IIS 7 Delegate Remote Application Pool Recycling for Non Administrator

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the email notification for this thread.

Best regards,

Yurong Dai