Well! I'm going down the rabbit hold of unreality here ... I experimented, and havent got any closer to a solution: - With all groups removed, I could _not_ get to the .cfm file (as expected) - With only Administrators group, I could get to the .cfm file, and it noted I was logged in with my regular account not my privileged Administrators account. - With IUSR account set to DENY, I could get to the .cfm file. - Removed SYSTEM account, which ColdFusion uses, and could still get in.
Its looking more and more like theres something screwy with IE and the PIV card login (PIV is our gov't chipped smart card for auto login). - IE still lets me in even after a full IE reset and SSL clear state and close all IE instances then reopen. This problem exists only with IE (Firefox is okay). I've tried IE reset, clear SSL state. Thanks for the ideas Russ. Chris On Mon, Oct 22, 2012 at 6:11 PM, Russ Michaels <[email protected]> wrote: > > in IIS the directory security should have only 1 box checked "integrated > windows authentication". > This is all I have set on our servers to deny anonymous access to the > cfadmin for example and it works.. > > You could try also specifically DENYING the internet > guest account (IUSR_<machine name>) > > > On Mon, Oct 22, 2012 at 10:50 PM, Chris <[email protected]> wrote: > >> >> Hi Russ, >> >> The folder's permissions are: >> >> Administrators (Full control) - my regular account is not >> privileged, and I have a privileged account that does let me in >> through this group. >> System (Full) - CF runs as the Local System account >> WorkstationAdmin (Modify) - domain account, the only group that >> should have access. I'm not in this group. >> >> The folder has Anonymous Login disabled, and Windows Authentication >> enabled. >> The server has an SSL certificate, and we are accessing through https. >> >> >> Interesting comments about CF bypassing folder permissions -- I >> thought first the HTTP request had to access the file through the web >> server, and then the web server would send the file to CF for >> processing. >> >> Many thanks! >> Chris >> >> >> On Fri, Oct 19, 2012 at 6:29 PM, Russ Michaels <[email protected]> >> wrote: >> > >> > What are the actual permissions you have on the folder? >> > >> > Regards >> > Russ Michaels >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352979 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
