Least privilege user - IoT Device user needs to perform task requiring Windows admin privilege

2018-03-10 10:18:48

Our IoT device runs only our application and the device users can not launch additional apps. The IoT device users and IoT device admins both run under normal (non-admin) accounts with identical privileges.

Device admin users can launch the admin panel and device users can not. My current thought is to have a service running that users with access to the admin panel can call into and the service will perform the admin task on their behalf.

Is there a better way to acomplish this?

MORE DETAILS:

This is a Windows device being set up for single-purpose usage.

The device is interactive, with users that have different roles (same permissions).

normal users can use the device. Device Admins can use the device and acess the admin panel where they can further restrict the firewall settings, add new users, disable USB ports (if desired).

The users log into their accounts on the device using different Windows accounts, rather than application-specific accounts

After lo