Local IIS without local admin privileges

Lukic, Dejan 0 Reputation points
2023-05-24T13:16:36.4666667+00:00

Is it possible to run local IIS (on the developer's machine) without being a local admin?

when the latest security measures were applied we all lost local admin privileges.

Internet Information Services
ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,288 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Yurong Dai-MSFT 2,786 Reputation points Microsoft Vendor
    2023-05-25T06:06:09.2133333+00:00

    Hi @Lukic, Dejan,

    You can use feature delegation, this allows you to delegate management of IIS to domain users (non-administrators).

    Feature delegation has four parts. 

    • Enable Remote Connections through Management service.
    • Adding the AD user(s)/group(s) to the separate sites listed in IIS, using IIS Manager Permissions
    • Delegating the IIS features to the above users to be able to use, this is set using feature Delegation. 
    • Connecting to IIS as a non-administrator

    For detailed steps, please refer to this blog: Delegating IIS administration to Domain Users (non-administrators)

    But you can't manage any application pools, So here is the next blog: How to use Web Deploy for administration of Application Pools by Non Administrators.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the email notification for this thread.

    Best regards,

    Yurong Dai

    0 comments
  2. Lex Li (Microsoft) 4,742 Reputation points Microsoft Employee
    2023-06-03T05:58:06.5166667+00:00

    For decades the answer never changed.

    If your web app developers need to use full IIS, then they must be local administrators on the machine. They also need to run VS as administrator so as to debug web apps on IIS.

    They might switch to IIS Express under some conditions, but that's different from full IIS in many ways, https://halfblood.pro/web-application-differences-in-visual-studio-and-iis-60fec7e311b3

    0 comments
  3. Bruce (SqlWork.com) 56,926 Reputation points
    2023-06-05T15:51:58.1433333+00:00

    there is no practical way to use IIS for development without admin permissions. This is why visual studio comes with IIS express.

    IIS express runs under the user account, and thus allows configuration and debugging.

    IIS can only be configured with the admin account. also to debug without admin, the app pool must be the users account. while in theory an admin script can create all this, if the developer changed their password, they can not update IIS with the new password. they also find that IIS locks out their account due to having the wrong password.

    0 comments