-2

How can I give a user full access to IIS without being Local Administrator, using command line?

I would like to have a BAT-script on a machine, which asks for "DOMAIN\username" as input, then gives that user all necessary access to IIS (locally only).

The script itself will be executed by an domain admin using "Run As" from the context menu.

I have read around a bit, and so far it seems appcmd.exe can not be run unless you are a member of the administrators group, but I hope there is a way around.

Baguette
  • 1
  • 2

1 Answers1

0

You can't. Users need the correct privileges to perform tasks if they are to perform them; the way in which this is implemented is groups. To administer IIS, you need to have administrator privileges on the IIS server. The process of granting this access is adding a user to the administrators group, as this is how windows manages access rights.

That said, typically the domain admins group is a member of the local administrators group on all domain-joined workstations, so it's not clear why there would be much need to do anything here.

Falcon Momot
  • 25,244
  • 15
  • 63
  • 92