Installation GuidesSOA Agent for Web Servers GuideConfigure the SOA Agent to Work on an IIS Web ServerHow to Configure a SOA Security Manager Web Agent on IIS 7.5 › Grant the Application Pool Identities Permissions for the SOA Security Manager SmHost.conf File and Log Directory

Previous Topic: Add Handler Mappings to the IIS 7.5 Web Sites you want to Protect with SOA Security Manager

Next Topic: Verify Settings for 64-Bit Windows Server 2008 Systems
Grant the Application Pool Identities Permissions for the SOA Security Manager SmHost.conf File and Log Directory

All the application pool identities on IIS 7.5 web servers need permissions for the following SOA Security Manager items on the computer hosting the IIS web server:

To grant the application pools permissions for the SmHost.conf file and Log directory from Windows Explorer

  1. Navigate to (but do not open) the following file: 
    web_agent_home\config\SmHost.conf
  2. Right-click the previous file, and then select Properties.

    The SmHost.conf Properties dialog appears.

  3. Click the Security tab.
  4. In the Group or User Names pane, verify that SYSTEM is selected, and then click Edit.

    Note: If the User Account Control dialog appears, click Continue.

    The Permissions for SmHost.conf dialog appears.

  5. Click Add.

    The Select Users, Computers, or Groups dialog appears.

  6. Do the following steps:
    1. Click Locations.

      The Locations dialog appears.

    2. Click the name of your computer (in the top of the list), and then click OK.

      The Locations dialog closes and the name of your computer appears in the From this location: field.

    3. In the Enter the Object names to select field, enter the name of your application pool using the following format: 
      IIS AppPool\Application_Pool_Name

      For example, to add the default application pool, enter the following:

      IIS AppPool\DefaultAppPool
    4. Click Check Names, and then click OK.

      The Select Users, Computers, or Groups dialog closes. The Permissions for SmHost.conf appears with the Application Pool selected.

  7. Under the Allow list, select the following check boxes:
  8. Click OK.

    The Permissions for SmHost.conf dialog closes.

  9. Click OK.

    The SmHost.conf Properties dialog closes.

  10. Navigate to (but do not open) the following directory: 
    web_agent_home\log
  11. Right-click the previous directory, and then select Properties.

    Note: If the User Account Control dialog appears, click Continue.

  12. Repeat Steps 3 through 9.

    The application pool identities are granted permissions for the SOA Security Manager SmHost.conf file and Log directory.

To grant the application pools permissions for the SmHost.conf file and Log directory from the command line

  1. Open the Windows Command Prompt.
  2. Enter the following commands for each configured application pool identity:
    1. To grant permissions for the SmHost.conf file, type the following command and hit Enter: 
      cacls "web_agent_home\config\SmHost.conf" /T /E /G "Application_Pool_Name":C
    2. To grant permissions for the Log directory, type the following and hit Enter: 
      cacls "web_agent_home\log" /T /E /G "Application_Pool_Name":C