How to set correct permission for non Default Application pool with IIS 7.5 (64 bit) on Windows 2008 R2 platform?

book

Article ID: 51220

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description

6QMR6 Web Agent configuration with IIS 7.5 (64 bit) web server on Windows 2008 R2 platform will set correct permissions for Default Application pool only for SmHost.conf and log directory. For any other application pools configured, the administrator will have to explicitly set permissions on SmHost.conf and the Web Agent log directory.

Solution

Once the Web Agent configuration wizard has been run successfully, the administrator will have to explicitly set permissions on SmHost.conf and log directory of webagent for all application pool identities that have been configured.

This can be done as follows:

  • Go to SmHost.conf properties (right click -> Properties)
  • Go to Security Tab
  • Click on Add, then in third text box give Application Pools name as:


IIS AppPool\<AppPool-Name>

In similar way permissions has to be set for "C:\Program Files\CA\webagent\log" directory.

Permissions can also be set by using following command:

For Smhost.conf:

cacls "C:\Program Files\CA\webagent\config\SmHost.conf" /T /E /G "DefaultAppPool":C

For log directory:

cacls "C:\Program Files\CA\webagent\log" /T /E /G "DefaultAppPool":C

Where "DefaultAppPool" is the name of the app pool identity.

This command has to be executed for all the configured app pool identities.

Environment

Release:
Component: SMIIS