I'm using System.DirectoryServices to list the status of websites running on a server. Currently I'm using impersonation of an admin account for this to run but I'd prefer to have a specific user account with the bare minimum privileges.
Can anyone point me in the right direction?
From the MS documentation, it looks like DirectoryServices just delegates calls to IIS:// directory entries to the IIS ADSI provider. The IIS ADSI Provider docs state that you need to run it as a member of the local administrators group:
When using ADSI to configure IIS, ensure that the user account of the person running the script is a member of the administrators group or use LogonAdmin to run the script under the credentials of an administrator.