Plesk config to leave Coldfusion 11 alone

[StevenW]

I recently updated servers and noticed that Coldfusion 11 is not longer supported by plesk, dissapointing, but I can understand that its not used enough for plesk's attention. OK.

If plesk is going to no longer support it, how can I get it to leave Coldfusion alone and to stop applying permissions to the X:\Coldfusion11 folder?

If I have to connect Coldfusion to each IIS site, thats no big deal, but just want to make sure that I am safe from plesk breaking things.

Thanks
Steve

 

[StevenW]

For anyone wanting to run Coldfusion 11 on Windows 2012, iis8 with plesk 12, this is what I found to get it working.

1) Server came with plesk 11.5 already installed, so I upgraded to 12.
2) I installed Coldfusion 11
- During the install process, when asked to configure iis sites, do not choose all sites. Choose ADD, pick each IIS site independently and choose the 32 bit option. Do not Add the Plesk admin site (it will break but can be fixed).
3) Continue and finish the install
4) Initially the CF admin worked fine but once plesk run its correct permission/components etc... it stopped working....

I found a posting that highlighted how to install your own permissions to be added each time plesk "does its thing" so that don't have to do it manually.
http://talk.plesk.com/threads/stop-plesk-resetting-file-permissions.318674/

I placed the file below in the disksecurity folder and then ran opened a command prompt and navigated to the PATH_TO_PLESK\plesk\admin\bin\ folder and ran ApplySecurity.exe --apply as instructed to in the post.

It added the permissions needed and it still worked even after plesk updated permissions.

Other things I found during install... if you apply the CF web configuration to "ALL" sites, the plesk admin will break because the web user doesnt have the right permissions for isapi_redirect.dll.

I found that by going to the IIS root site, isapi option and removing tomcat, and then running the coldfusion config tool on each site separately avoided the problem.

I have not run this against the coldfusion 11 lock down guide yet. Additional edits may be needed. I haven't examined how individual application pools will affect the script yet, but its a good starter.

<?xml version="1.0" encoding="utf-8" ?>
<Entries>
    <Entry AccounType="1" Account="Psacln" Path="X:\cf\" SubPath="config\wsconfig"
        AceFlags="ThisFolderSubfoldersAndFiles" AccessMask="ReadAndExecute" EntryFlags="0x0" />
    <Entry AccounType="1" Account="Psaserv" Path="X:\cf\" SubPath="config\wsconfig"
        AceFlags="ThisFolderSubfoldersAndFiles" AccessMask="FullAccess" EntryFlags="0" />
    <Entry AccounType="0" Account="NetworkService" Path="X:\cf\" SubPath="config\wsconfig"
        AceFlags="ThisFolderSubfoldersAndFiles" AccessMask="ReadAndExecute" EntryFlags="0x0" />
    <Entry AccounType="1" Account="Psaadm" Path="X:\cf\" SubPath="config\wsconfig"
        AceFlags="ThisFolderSubfoldersAndFiles" AccessMask="ReadAndExecute" EntryFlags="0x0" />
    <Entry AccounType="0" Account="Users" Path="X:\cf\" SubPath="config\wsconfig"
        AceFlags="ThisFolderSubfoldersAndFiles" AccessMask="ReadAndExecute" EntryFlags="0" />
    <Entry AccounType="0" Account="Users" Path="X:\cf\" SubPath="config\wsconfig"
        AceFlags="ThisFolderAndSubfolders" AccessMask="4" EntryFlags="0" />
    <Entry AccounType="0" Account="Users" Path="X:\cf\" SubPath="config\wsconfig"
        AceFlags="SubfoldersOnly" AccessMask="2" EntryFlags="0" />
    <Entry AccounType="0" Account="CreatorOwner" Path="X:\cf\" SubPath="config\wsconfig"
        AceFlags="SubfoldersAndFilesOnly" AccessMask="FullAccess" EntryFlags="0" />
    <!-- X:\cf\\bin -->
    <Entry AccounType="1" Account="Psacln" Path="X:\cf\" SubPath="cfusion\bin" AceFlags="ThisFolderSubfoldersAndFiles"
        AccessMask="ReadAndExecute" EntryFlags="0x0" />
    <Entry AccounType="1" Account="Psaserv" Path="X:\cf\" SubPath="cfusion\bin" AceFlags="ThisFolderSubfoldersAndFiles"
        AccessMask="FullAccess" EntryFlags="0" />
    <Entry AccounType="0" Account="NetworkService" Path="X:\cf\" SubPath="cfusion\bin" AceFlags="ThisFolderSubfoldersAndFiles"
        AccessMask="ReadAndExecute" EntryFlags="0x0" />
    <Entry AccounType="1" Account="Psaadm" Path="X:\cf\" SubPath="cfusion\bin" AceFlags="ThisFolderSubfoldersAndFiles"
        AccessMask="ReadAndExecute" EntryFlags="0x0" />
    <Entry AccounType="0" Account="Users" Path="X:\cf\" SubPath="cfusion\bin" AceFlags="ThisFolderSubfoldersAndFiles"
        AccessMask="ReadAndExecute" EntryFlags="0" />
    <Entry AccounType="0" Account="Users" Path="X:\cf\" SubPath="cfusion\bin" AceFlags="ThisFolderAndSubfolders"
        AccessMask="4" EntryFlags="0" />
    <Entry AccounType="0" Account="Users" Path="X:\cf\" SubPath="cfusion\bin" AceFlags="SubfoldersOnly"
        AccessMask="2" EntryFlags="0" />
    <Entry AccounType="0" Account="CreatorOwner" Path="X:\cf\" SubPath="cfusion\bin" AceFlags="SubfoldersAndFilesOnly"
        AccessMask="FullAccess" EntryFlags="0" />
</Entries>

 

[WaltRiceJr]

Three notes.

(1) This works with ColdFusion 10, and also with Plesk Onyx. With this fix, there is no reason you can't successfully use ColdFusion with Plesk, even though they have removed "support" for it.

(2) If you use anything in the /cfide/scripts folder, for ColdFusion interactive components, for instance, you will need to add that folder to the XML above.

<?xml version="1.0" encoding="utf-8" ?>
<Entries>
    <!-- d:\ColdFusion10\config\wsconfig -->
    <Entry AccounType="1" Account="Psacln" Path="d:\ColdFusion10\" SubPath="config\wsconfig"
        AceFlags="ThisFolderSubfoldersAndFiles" AccessMask="ReadAndExecute" EntryFlags="0x0" />
    <Entry AccounType="1" Account="Psaserv" Path="d:\ColdFusion10\" SubPath="config\wsconfig"
        AceFlags="ThisFolderSubfoldersAndFiles" AccessMask="FullAccess" EntryFlags="0" />
    <Entry AccounType="0" Account="NetworkService" Path="d:\ColdFusion10\" SubPath="config\wsconfig"
        AceFlags="ThisFolderSubfoldersAndFiles" AccessMask="ReadAndExecute" EntryFlags="0x0" />
    <Entry AccounType="1" Account="Psaadm" Path="d:\ColdFusion10\" SubPath="config\wsconfig"
        AceFlags="ThisFolderSubfoldersAndFiles" AccessMask="ReadAndExecute" EntryFlags="0x0" />
    <Entry AccounType="0" Account="Users" Path="d:\ColdFusion10\" SubPath="config\wsconfig"
        AceFlags="ThisFolderSubfoldersAndFiles" AccessMask="ReadAndExecute" EntryFlags="0" />
    <Entry AccounType="0" Account="Users" Path="d:\ColdFusion10\" SubPath="config\wsconfig"
        AceFlags="ThisFolderAndSubfolders" AccessMask="4" EntryFlags="0" />
    <Entry AccounType="0" Account="Users" Path="d:\ColdFusion10\" SubPath="config\wsconfig"
        AceFlags="SubfoldersOnly" AccessMask="2" EntryFlags="0" />
    <Entry AccounType="0" Account="CreatorOwner" Path="d:\ColdFusion10\" SubPath="config\wsconfig"
        AceFlags="SubfoldersAndFilesOnly" AccessMask="FullAccess" EntryFlags="0" />

    <!-- d:\ColdFusion10\cfusion\wwwroot\CFIDE -->
    <Entry AccounType="1" Account="Psacln" Path="d:\ColdFusion10\" SubPath="cfusion\wwwroot\CFIDE"
        AceFlags="ThisFolderSubfoldersAndFiles" AccessMask="ReadAndExecute" EntryFlags="0x0" />
    <Entry AccounType="1" Account="Psaserv" Path="d:\ColdFusion10\" SubPath="cfusion\wwwroot\CFIDE"
        AceFlags="ThisFolderSubfoldersAndFiles" AccessMask="FullAccess" EntryFlags="0" />
    <Entry AccounType="0" Account="NetworkService" Path="d:\ColdFusion10\" SubPath="cfusion\wwwroot\CFIDE"
        AceFlags="ThisFolderSubfoldersAndFiles" AccessMask="ReadAndExecute" EntryFlags="0x0" />
    <Entry AccounType="1" Account="Psaadm" Path="d:\ColdFusion10\" SubPath="cfusion\wwwroot\CFIDE"
        AceFlags="ThisFolderSubfoldersAndFiles" AccessMask="ReadAndExecute" EntryFlags="0x0" />
    <Entry AccounType="0" Account="Users" Path="d:\ColdFusion10\" SubPath="cfusion\wwwroot\CFIDE"
        AceFlags="ThisFolderSubfoldersAndFiles" AccessMask="ReadAndExecute" EntryFlags="0" />
    <Entry AccounType="0" Account="Users" Path="d:\ColdFusion10\" SubPath="cfusion\wwwroot\CFIDE"
        AceFlags="ThisFolderAndSubfolders" AccessMask="4" EntryFlags="0" />
    <Entry AccounType="0" Account="Users" Path="d:\ColdFusion10\" SubPath="cfusion\wwwroot\CFIDE"
        AceFlags="SubfoldersOnly" AccessMask="2" EntryFlags="0" />
    <Entry AccounType="0" Account="CreatorOwner" Path="d:\ColdFusion10\" SubPath="cfusion\wwwroot\CFIDE"
        AceFlags="SubfoldersAndFilesOnly" AccessMask="FullAccess" EntryFlags="0" />
        
    <!-- d:\ColdFusion10\cfusion\bin -->
    <Entry AccounType="1" Account="Psacln" Path="d:\ColdFusion10\" SubPath="cfusion\bin" AceFlags="ThisFolderSubfoldersAndFiles"
        AccessMask="ReadAndExecute" EntryFlags="0x0" />
    <Entry AccounType="1" Account="Psaserv" Path="d:\ColdFusion10\" SubPath="cfusion\bin" AceFlags="ThisFolderSubfoldersAndFiles"
        AccessMask="FullAccess" EntryFlags="0" />
    <Entry AccounType="0" Account="NetworkService" Path="d:\ColdFusion10\" SubPath="cfusion\bin" AceFlags="ThisFolderSubfoldersAndFiles"
        AccessMask="ReadAndExecute" EntryFlags="0x0" />
    <Entry AccounType="1" Account="Psaadm" Path="d:\ColdFusion10\" SubPath="cfusion\bin" AceFlags="ThisFolderSubfoldersAndFiles"
        AccessMask="ReadAndExecute" EntryFlags="0x0" />
    <Entry AccounType="0" Account="Users" Path="d:\ColdFusion10\" SubPath="cfusion\bin" AceFlags="ThisFolderSubfoldersAndFiles"
        AccessMask="ReadAndExecute" EntryFlags="0" />
    <Entry AccounType="0" Account="Users" Path="d:\ColdFusion10\" SubPath="cfusion\bin" AceFlags="ThisFolderAndSubfolders"
        AccessMask="4" EntryFlags="0" />
    <Entry AccounType="0" Account="Users" Path="d:\ColdFusion10\" SubPath="cfusion\bin" AceFlags="SubfoldersOnly"
        AccessMask="2" EntryFlags="0" />
    <Entry AccounType="0" Account="CreatorOwner" Path="d:\ColdFusion10\" SubPath="cfusion\bin" AceFlags="SubfoldersAndFilesOnly"
        AccessMask="FullAccess" EntryFlags="0" />
</Entries>

(3) After you make the CFIDE directory accessible, you'll probably want to lock down the administrator access from the public web via URI filtering. Info is in the ColdFusion Lockdown Guide. (http://wwwimages.adobe.com/content/...fusion-enterprise/pdf/cf10-lockdown-guide.pdf)