Gentlebeings...
Bear with me, please, as I am somewhat new to Coldfusion and NT administration.
I began development of our intranet site in VBScript on IIS 4.0, and then we
switched to CF. The VBScript site, named cimnet2d, is still online, and all
users can view it. The new site, named cimnetcf, is totally CFM-based.
Admin-type users can see it, but not non-admin, ordinary users (hereafter
referred to as 'Joe User').
The directory trees for each site have exactly the same ACL permissions set
throughout, and the IIS 4.0 settings are the same. Both directory trees are
configured for Win NT 4.0 NTLM authentication (no anonymous or basic), and
have been given Read access throughout to members of the Authenticated Users
group. I finally realized that Coldfusion itself might have something to do
with the access problem, and tried an experiment.
A very simple file, containing only HTML (no VBScript or CFM code), named
'simple.htm' was placed in the cimnet2d home directory ( which has always
been accessible to Joe User). Log in as Joe User and access it with IE 4.0.
Result: access good. Rename it to simple.asp: access good. BUT, rename to
simple.cfm: no access! Same results in the cimnetcf home directory. The
problem, thus, lies not in the directory permissions for the site or the IIS
authentication settings, but in access to some Coldfusion resource.
The ACL for the \programs\coldfusion directory tree on the server contains
only SYSTEM and the Domain Admins group. Adding a user to the Doman Admins
group gives him access to cimnetcf; not practical for security reasons,
obviously. Windows NT is running the CF Server under the SYSTEM user.
What resource(s) must I make accessible, and to whom, for the CF site to work
for all authenticated users? How, in general, can I effectively integrate CF
with IIS/NT 4.0 security?
Many thanks...
JGB
===========================================================
Jeffrey G. Brown Intranet Webmaster
Milacron, Inc. Voice: 513-841-8655 Fax: 513-841-7345
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
