Starting LLAWP process under different user identities.
search cancel

Starting LLAWP process under different user identities.

book

Article ID: 40179

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Introduction: 

In some cases the LLAWP process needs to be started as different users. This article discusses if the LLAWP process can be started as below users and how:

 - "ApplicationPoolIdentity" (Default) 

- Network Service 

- LocalSystem 

- LocalService 

- Custom Account 

Environment

Applies to the Web Agent for IIS versions 12.52 or 12.8

Resolution

The LLAWP process is a child process of the w3wp process (IIS). The identity used to start the w3wp process is used to start the LLAWP process. The Identity which starts the w3wp process is dictated by the Application Pool assigned to the Web Site in IIS.

 

 The LLAWP process can be run as the following users:

 

 -"ApplicationPoolIdentity" (Default) 

 -Network Service 

 -LocalSystem 

 -LocalService 

 -Custom Account 

Below steps need to be followed:

 

1)Change the Identity of the AppPool in IIS to the user you want the LLAWP to be run as.

2)Grant that user Read & Execute, Read, Write permissions on the following directories if they exist depending on the Web Agent version:

<C:\Program Files\CA\webagent\win64\bin\IIS> 

<C:\Program Files\CA\webagent\win64\config> 

<C:\Program Files\CA\webagent\win64\log> 

<C:\Program Files\CA\webagent\win32\bin\IIS> 

<C:\Program Files\CA\webagent\win32\config> 

<C:\Program Files\CA\webagent\win32\log>