> I created a new user on my file server named 'ColdFusion'. > The only group that will allow me to restart the ColdFusion > Application Server is the 'Domain Admin' group. If I use > any other group I get an error. > > How unsecure is the 'Domain Admin' group regarding your > previous comments.
Membership in the "Domain Admin" group indicates that an account has administrative rights on every server within the Windows domain. There's no reason you should need to run the CF service as a user within this group. If your CF server is compromised, any exploit code run by the server will be able to do anything to any server within the domain. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
