> I am trying to get ColdFusion MX to run under a specific > user account. As long as that user is a memeber of the > administrator group, it seems to run fine. In CF5 you had > to set specific access rights on the registry and the file > system as described in KB 11859, however we cannot find out > how to set those rights in MX. > > Does anyone have any idea which specific rights on registry > and/or user rights for the Win2K user account are necessary > to run the service under non-administrative user account? > Are there any drawbacks with this approach? Generally we > like to run services with as little rights as necessary > under secure live-environments.
It's been my experience that this is easier to set up with CF MX than with previous versions of CF. I've done this more than once already. I'm currently running CF MX with a user account which is a member of the Users group, and nothing else changed about the account except that I had to grant it the "Log on as a service" right. I could probably tighten this a little more, but haven't tried yet. On the filesystem, I allowed this account RWXD on the contents of \CFusionMX (I suspect this could be tightened considerably in places) and read rights to the web root directory (I'm using CF MX through IIS). I didn't have to change any registry rights, and I don't think CF MX uses the registry for anything any more, by default, except for client variables - and I turned that off already. If you did want to use client variables in the registry, I think the new key is HKLM\SOFTWARE\Macromedia\coldfusion\currentversion\clients. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
