Reinstalling ColdFusion and some Quirky Permissions Issues

According to the lockdown guide, it's best practices to create a new Identity for the application pools. So we created one. We could have used the Built-in Account "ApplicationPoolIdentity" but that would have been too easy.

The potential ramifications (I say potential because I can not verify all are accurate) include:

  • IUSR not automatically added as a user to the ColdFusion websites. You have to give IUSR access to your sites; otherwise, they will not work
  • YOUR_APP_POOL_ID will have to have read (and maybe more) access to the web sites, and these are apparently not automatically added either.
  • YOUR_ACCOUNT_CF_RUNS_UNDER will also have to have read (and maybe more) access to the web sites, and these are apparently not automatically added either.

None of these accounts were automatically added to CF 11 when we reinstalled it. I had to go to Windows Explorer, right click, go to properties, then permissions, and add these users.

Because we were reinstalling, and because we have Enterprise, I took advantage of the ColdFusion Archives. This allowed me to save all the configuration values so that I did not have to re add them.