Geek Answers Handbook

Running ColdFusion as a specific user

On this page , it talks about Windows NT, 2000, XP, and 2003. Fortunately, I have a Windows 7 machine.

The very first line says:

In the User Manager for Domains, create a local user for the ColdFusion login service.

I don’t see "User Manager for Domains", so they simply mean "Add a new user"?

If this means that I can use my own user account as a ColdFusion user, or do I need to create a new account only for ColdFusion?

+7
source share
4 answers

If you create a domain account, it must be created in the domain - using the user manager for domains connected to your domain controllers. If this is what you need, then the sys administrator should help.

If you are running a β€œlocal” user in Windows 7, I always end up looking for a suitable user manager view before I get it right :) Here are the steps I use:

  • Search from the beginning and opening of "user accounts" cpl.
  • Click Manage User Accounts
  • Go to the Advanced tab
  • Click the "advanced" icon.

This leads me to a mmc-like user view, which I'm used to, where I can add a user, change membership, set passwords, etc.

Hope this helps :)

+4
source

You can use your own username, or you can create one to launch CF. Creating a user to run CF might replicate your production environment more closely (speculation), so if a production, for example, is written to a UNC path, the coldfusion user should have access. You could mimic it locally.

+2
source

You can use either a local account for the OS where ColdFusion is running, or a domain account if the OS is connected to a domain. In your case, you can simply create a local user on your Windows 7 operating system and start the ColdFusion application service as that user. The user account will have access to the ColdFusion installation folder, as well as read access to the feed.

The whole idea is to start the ColdFusion service as a user with the minimum privileges necessary to process requests and prevent access to other resources in case of data breach or remote code execution (for example, someone uses the download form and manages to get their own CF- the code to run on your server, it is not very, but it can be somewhat limited by starting the CF service under a user account with limited access).

As already mentioned, if CF needs access to other network resources, the user account must also be granted access to these resources (either using a domain account or with a local account with the same username and password for the remote system).

+2
source

It just happened on Windows 2008 R2 with CF 10. The trick was to change the ownership of the c: \ windows and c: \ windows \ system32 directories, as described here.

change ownership of trustedInstaller

+1
source

More articles:


All Articles