Reputation: 9881
Insufficient Permissions To Start An IIS App Pool - Even when user is part of the administrators group
I am on a Windows 2016 Server / IIS 10 and want to start an app pool using Powershell. This SO post means all that is involved is:
(Get-IISAppPool "name").Recycle()
However now even though the user in question is part of the local Administrators group on the machine I get permission denied:
So while the original post indicates the user should be part of the "IIS Admins" group I cannot find any evidence of that group.
So what have I missed and what should I do so that the particular user has the necessary permissions to be able to start/stop App Pools?
Upvotes: 1
Views: 1977
Answers (2)
Reputation: 36332
As mentioned by Iftimie Tudor, just because a user is in the Administrators group does not mean that everything they do is run with Administrator privileges. You need to run PowerShell as Administrator to be able to manipulate the AppPool, or what I usually do, if I have a script that has to run as Admin to work right, have it check at the beginning of the script if it has Admin rights, and if not relaunch itself as an elevated session.
#region UACElevation
# Elevate UAC if not already running As Administrator
# Get the ID and security principal of the current user account
$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)
# Get the security principal for the Administrator role
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator
# Check to see if we are currently running "as Administrator"
if (!$myWindowsPrincipal.IsInRole($adminRole))
{
# We are not running "as Administrator" - so relaunch as administrator
# Indicate that the process should be elevated
Start-Process PowerShell.exe -Verb RunAs -ArgumentList "-Command",". '$($myInvocation.MyCommand.Definition)'"
# Exit from the current, unelevated, process
exit
}
#endregion UACElevation
Upvotes: 1
Reputation: 1140
What you bump into is not a powershell issue. It is a windows known dark corner: Adding a user to the admin group does NOT imply that it will get full rights. UAC settings will prevent that. There is an excellent blog on that here
Update: It is a folder permission thing that indirectly affects your IIS command
Upvotes: 0
Related Questions
- Set "Start Application Pool Immediately" to true and setting username password when creating app pool with power shell
- Odd issue when using Get-IISAppPool and creating a new app pool in the same session
- Use PowerShell to Create AppPool does not set AppPool Identity
- Ensure that IIS AppPool user is added to windows group
- Running a powershell script from a application pool user elevated priv
- PowerShell run from C# to start/stop IIS application pools has no effect
- How do I create an application pool with specific user in IIS 8.5 using PowerShell?
- How To Run IIS 7 App Pool As Built-In Admin?
- Invoking Powershell via C# in a web application - issues with app pool identity
- Start/Stop App Pool IIS6.0 with Powershell or command line