Starting LLAWP process under different user identities.
search cancel

Starting LLAWP process under different user identities.


Article ID: 40179


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



In some cases the LLAWP process needs to be started as different users. This article discusses if the LLAWP process can be started as below users and how:


- "ApplicationPoolIdentity" (Default) 

- Network Service 

- LocalSystem 

- LocalService 

- Custom Account 



Can the LLAWP process be started as Network Service instead of DefaultAdminPool ?



Policy server Version: 12.52 sp1 cr4

Policy server OS: Windows 2008 r2

Webagent version: 12.52 sp1 cr4

Webagent OS: Windows 2008 r2



The LLAWP process is a child process of the w3wp process (IIS). The identity used to start the w3wp process is used to start the LLAWP process. The Identity which starts the w3wp process is dictated by the Application Pool assigned to the Web Site in IIS.


 The LLAWP process can be run as the following users:


 -"ApplicationPoolIdentity" (Default) 

 -Network Service 



 -Custom Account 

Below steps need to be followed:


1)Change the Identity of the AppPool in IIS to the user you want the LLAWP to be run as.

2)Grant that user Read & Execute, Read, Write permissions on the following directories:

<C:\Program Files\CA\webagent\win64\bin\IIS> 

<C:\Program Files\CA\webagent\win64\config> 

<C:\Program Files\CA\webagent\win64\log> 

<C:\Program Files\CA\webagent\win32\bin\IIS> 

<C:\Program Files\CA\webagent\win32\config> 

<C:\Program Files\CA\webagent\win32\log> 


Component: SMIIS