Tool to allow non-privileged users to carry out limited tasks on servers

Karen Jones
Karen Jones used Ask the Experts™
on
We have web servers in our production environment.  Sometimes as part of troubleshooting, a web server may need to have the IIS app pool recycled or a particular Windows service restarted. Currently only ops staff can do this because they have full admin rights and can remote into the server.

Is there a tool that we could use to allow other staff to perform these limited functions, without giving them remote desktop access and full admin rights to the web servers?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Krzysztof KubiakSenior Windows Server Intel Administrator

Commented:
Hi
There are probably plenty but one tool I was able to see in action for Desktop/Laptops and can be used for servers is Cyberarc EPM
Krzysztof KubiakSenior Windows Server Intel Administrator

Commented:
Windows server doesn't have yet something direct to control Access Management but you can read through that

https://blog.netwrix.com/2018/08/30/privileged-access-management-in-windows-server/

Maybe the usage of Jump Boxes and disabling direct rdp to servers will suit you but I thing it's overcomplicating the infrastructure. The Benefit do is you dont nee dto pay extra money for 3rd party products.

Search for tool called EPM or Privileage Management here should be plenty out there to test. We are happy with Cyberarc as it can really take out from you over complicated infrastructure and drill down to executables you allow a user to run on a server.
Sean BravenerSenior Information Technology Consultant

Commented:
powershell is another option.  this can be run on remote machines without allowing RDP access to those same machines.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial