Introduction:
In some cases the LLAWP process needs to be started as different users. This article discusses if the LLAWP process can be started as below users and how:
- "ApplicationPoolIdentity" (Default)
- Network Service
- LocalSystem
- LocalService
- Custom Account
Question:
Can the LLAWP process be started as Network Service instead of DefaultAdminPool ?
Environment:
Policy server Version: 12.52 sp1 cr4
Policy server OS: Windows 2008 r2
Webagent version: 12.52 sp1 cr4
Webagent OS: Windows 2008 r2
Answer:
The LLAWP process is a child process of the w3wp process (IIS). The identity used to start the w3wp process is used to start the LLAWP process. The Identity which starts the w3wp process is dictated by the Application Pool assigned to the Web Site in IIS.
The LLAWP process can be run as the following users:
-"ApplicationPoolIdentity" (Default)
-Network Service
-LocalSystem
-LocalService
-Custom Account
Below steps need to be followed:
1)Change the Identity of the AppPool in IIS to the user you want the LLAWP to be run as.
2)Grant that user Read & Execute, Read, Write permissions on the following directories:
<C:\Program Files\CA\webagent\win64\bin\IIS>
<C:\Program Files\CA\webagent\win64\config>
<C:\Program Files\CA\webagent\win64\log>
<C:\Program Files\CA\webagent\win32\bin\IIS>
<C:\Program Files\CA\webagent\win32\config>
<C:\Program Files\CA\webagent\win32\log>