ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How to set correct permission for non Default Application pool with IIS 7.5 (64 bit) on Windows 2008 R2 platform?


Article ID: 51220


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



6QMR6 Web Agent configuration with IIS 7.5 (64 bit) web server on Windows 2008 R2 platform will set correct permissions for Default Application pool only for SmHost.conf and log directory. For any other application pools configured, the administrator will have to explicitly set permissions on SmHost.conf and the Web Agent log directory.


Once the Web Agent configuration wizard has been run successfully, the administrator will have to explicitly set permissions on SmHost.conf and log directory of webagent for all application pool identities that have been configured.

This can be done as follows:

  • Go to SmHost.conf properties (right click -> Properties)
  • Go to Security Tab
  • Click on Add, then in third text box give Application Pools name as:

IIS AppPool\<AppPool-Name>

In similar way permissions has to be set for "C:\Program Files\CA\webagent\log" directory.

Permissions can also be set by using following command:

For Smhost.conf:

cacls "C:\Program Files\CA\webagent\config\SmHost.conf" /T /E /G "DefaultAppPool":C

For log directory:

cacls "C:\Program Files\CA\webagent\log" /T /E /G "DefaultAppPool":C

Where "DefaultAppPool" is the name of the app pool identity.

This command has to be executed for all the configured app pool identities.


Component: SMIIS