Sun Java System Access Manager Policy Agent 2.2 Guide for Microsoft Internet Information Services 6.0

Configuring Agent for Microsoft IIS 6.0 for a Web Site

Caution – Caution –

Do not perform the task described in this section if you are installing Agent for Microsoft IIS 6.0 to protect Microsoft Office SharePoint or Outlook Web Access. Instead continue the configuration process by implementing the steps in Microsoft Office SharePoint and Outlook Web Access: Configuring the Agent. For all other deployments, continue with this task.

Configure Agent for Microsoft IIS 6.0 for a web site after you have created an agent configuration file. If you have not already created an agent configuration file, create one as explained in Creating Configuration Files: Agent for Microsoft IIS 6.0.

Note –

If you want to configure the agent for multiple web sites, you must create a separate agent configuration file for each web site.

To configure the agent for a web site, follow these steps:

ProcedureTo Configure Agent for Microsoft IIS 6.0 for a Web Site

  1. Change to the directory:

  2. Issue the following command (be aware that the command is case sensitive):

    cscript.exe IIS6admin.vbs -config defaultConfig


    is a VB script that uses the output of the IIS6CreateConfig.vbs script. The output was saved to a configuration file, which for this example is represented by defaultConfig.


    is the option that allows the output to be used to configure the web site to use Agent for Microsoft IIS 6.0.


    represents the agent configuration file created previously as described in To Create Configuration Files: Agent for Microsoft IIS 6.0.

    The script displays messages to indicate the progress of the configuration as shown in the following sample.

    Microsoft (R) Windows Script Host Version 5.6
        Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
        Copyright c 2004 Sun Microsystems, Inc. All rights reserved
        Use is subject to license terms
        Enter the Agent Resource File Name [IIS6Resource.en] :
        Creating the Agent Config Directory
        Creating the File
        Updating the Windows Product Registry
        Loading the IIS 6.0 Agent
        Completed Configuring the IIS 6.0 Agent
  3. Ensure that the authentication method of Microsoft IIS 6.0 Server is set to Anonymous.

  4. Restart the application pool to which the web site belongs.

  5. Restart the web site.

  6. Try accessing the web site (http://fqdn:port/index.html).

    This link should take you to the Access Manager login page. After a successful authentication, if the policy is properly defined, you should be able to view the resource.

    If you want to view the agent log file amAgent, do so at the following location:


    where site-identifier is a number, such as 1, that represents the identifier of the web site for which the agent is being configured.

    Note –

    If you want to configure the agent for multiple web sites, you must follow the above steps for each of the web sites.

Next Steps

The last step of this task addresses verification of the agent installation. See, the section that follows (Verifying a Successful Installation of Policy Agent 2.2) for an expanded explanation on verifying the agent installation.