Restart Server from ASP.NET application when AppPool is ran under LocalSystem or LocalService account

Question

Is it possible to restart server from ASP.NET application that is hosted by LocalSystem or LocalService account? This is working when I create custom administrative account

Answer 1

You could have your code impersonate a specific account when making that call or stand up a web service with one account. I recommend the web service, worst case is you update one app pool. You could also lock down the web service internally to only your applications.

A small C# Class for impersonating a User

Answer 2

You can always start the process with a different identity that can restart the server:

var info = new ProcessStartInfo("shutdown.exe", "/r /t 0");
info.UserName = "accountWithAdminPermissions";
//A not-so-secure use of SecureString
var secureString = new SecureString();
var password = "abc123";
foreach (var letter in password)
{
    secureString.AppendChar(letter);
}
info.Password = secureString;
var restart = new Process();
restart.StartInfo = info;
restart.Start();

---

If you just want to give a non-Administrative account the permission to restart the server:

1. Open secpol.msc.
2. Navigate to Local Policies\User Rights Assignment.
3. Find Shutdown The System.
4. Add the account.

This might be a good way of using an account for least privilege. That way you don't have to use a really big hammer like an account in the Administrator group.

Shutdown.exe (I believe) always requires Administrator permissions. You can refer to this MSDN post on restarting the server without shutdown.exe.