the thing is that IE cannot get past permissions, unless you have it running as administrator or some other privileged user and that user has permissions on the server running CF. create a user called COLDFUSION and run cf as that user instead of system and see if that helps. You will need to give that user full permissions on the COLDFUSION install folder and the website root, and system temp folders.
On Tue, Oct 23, 2012 at 3:31 PM, Chris <[email protected]> wrote: > > Well! I'm going down the rabbit hold of unreality here ... > > I experimented, and havent got any closer to a solution: > - With all groups removed, I could _not_ get to the .cfm file (as > expected) > - With only Administrators group, I could get to the .cfm file, and > it > noted I was logged in with my regular account not my privileged > Administrators account. > - With IUSR account set to DENY, I could get to the .cfm file. > - Removed SYSTEM account, which ColdFusion uses, and could still get > in. > > Its looking more and more like theres something screwy with IE and > the PIV card login (PIV is our gov't chipped smart card for auto > login). > - IE still lets me in even after a full IE reset and SSL clear state > and close all IE instances then reopen. > > > This problem exists only with IE (Firefox is okay). I've tried IE > reset, clear SSL state. > > > Thanks for the ideas Russ. > > Chris > > > > On Mon, Oct 22, 2012 at 6:11 PM, Russ Michaels <[email protected]> > wrote: > > > > in IIS the directory security should have only 1 box checked "integrated > > windows authentication". > > This is all I have set on our servers to deny anonymous access to the > > cfadmin for example and it works.. > > > > You could try also specifically DENYING the internet > > guest account (IUSR_<machine name>) > > > > > > On Mon, Oct 22, 2012 at 10:50 PM, Chris <[email protected]> wrote: > > > >> > >> Hi Russ, > >> > >> The folder's permissions are: > >> > >> Administrators (Full control) - my regular account is not > >> privileged, and I have a privileged account that does let me in > >> through this group. > >> System (Full) - CF runs as the Local System account > >> WorkstationAdmin (Modify) - domain account, the only group that > >> should have access. I'm not in this group. > >> > >> The folder has Anonymous Login disabled, and Windows Authentication > >> enabled. > >> The server has an SSL certificate, and we are accessing through https. > >> > >> > >> Interesting comments about CF bypassing folder permissions -- I > >> thought first the HTTP request had to access the file through the web > >> server, and then the web server would send the file to CF for > >> processing. > >> > >> Many thanks! > >> Chris > >> > >> > >> On Fri, Oct 19, 2012 at 6:29 PM, Russ Michaels <[email protected]> > >> wrote: > >> > > >> > What are the actual permissions you have on the folder? > >> > > >> > Regards > >> > Russ Michaels > >> > >> > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352982 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
