I'm having one of 'those days'... I just can't work this one out. It's
probably more of an IIS issue than CF though, me thinks, but I've been
looking so much I just can't see it anymore... so it's list help time...
I'm just in the process of setting up a new (replacement) server. It's
running Win2K SP1 (i.e. IIS 5.0) and CF Pro 4.5.1 SP2. The CF service
logs in as LocalSystem. As things stand, the server has no problems
spitting out anonymous CFM or plain old HTML files to browsers (anonymous
access).
That's cool, but I actually also to set up authenticated (by W2K) logins
on the server to certain CFM pages (actually sub-folders containing CF
apps) too.
However, if I remove anonymous access to the site definition in IIS
manager, or if I remove privs for the IUSR_xxxx account from the relevant
site folder, whilst I can then authenticate OK from a browser to access
HTML files, accessing CFM files always bounces the authentication, finally
settling on a 403 (ACL on resource) error.
Here's the kicker: if I add the relevant W2K user account being used to
the local 'administrators' group on the server, it then lets me in and the
CFM pages load just fine.
I though this might be related to 'administrators' by default having 'full
control' on the site folder, but providing those privs to the relevant
user (or their group) directly, even all the way up/down/across/inside/all
over the directory tree, has no apparent effect. I can't see what
'administrators' has permission to that others don't...
I'm assuming user policy details ('log-on locally' etc) are OK because
authenticating HTML works OK. CFUSION/BIN has 'read/execute' for
everyone set...
So: what on earth did I miss and/or screw up??! Anyone any suggestions
where to look?
I get the feeling it's probably something simple I've missed though... ;-)
SB
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
