#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2009
    Posts
    67
    Rep Power
    6

    Change Default CF Account.


    Our SBS2008 (64bit) Domain Server needs access to our networked laser printer for which there are no 64bit drivers available. So, I shared the printer from one of the domain desktops and added it to the server as the default printer. The printer is usable but because it doesn't show in the CF Admin System Information printer list, I can't use it in CFPRINT. Browsing the web suggests that I need to change the account under which the CF Service runs to something with access to network services.

    "The best practice is to create a domain account specifically for the ColdFusion service and give it exactly what permissions your ColdFusion applications need and then set the ColdFusion service to run under this account in the Windows Services Panel."

    Is this what I need to do?
  2. #2
  3. No Profile Picture
    Moderator

    Join Date
    Jun 2002
    Location
    Raleigh, NC
    Posts
    5,286
    Rep Power
    968
    Probably. If the account the CF service is running under doesn't have rights to the printer, then it definitely won't work.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2009
    Posts
    67
    Rep Power
    6
    Currently, CF9 Services run as the default username SYSTEM (NT AUTHORITY\SYSTEM) under local system account. So, I create a user CF9 with a password - to which built-in groups should I add it and how to give it the necessary network capability?
  6. #4
  7. No Profile Picture
    Moderator

    Join Date
    Jun 2002
    Location
    Raleigh, NC
    Posts
    5,286
    Rep Power
    968
    This is really becoming a Windows networking question, but it would need to be a domain account that has rights on the printer.
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2009
    Posts
    67
    Rep Power
    6
    I sort of agree but it's windows specifically related to ColdFusion. The CF9 installation documentation says:

    "The ColdFusion services, by default, run under the highly privileged system accounts.."

    and is clear on which folders it must have access to and the level of access but isn't clear on the capabilities aspect.
  10. #6
  11. No Profile Picture
    Moderator

    Join Date
    Jun 2002
    Location
    Raleigh, NC
    Posts
    5,286
    Rep Power
    968
    Normally, that's all CF needs in order to work. But when you start adding in authentication to other resources on a network, that's a completely different level of complexity. There's just far too many variations (Windows, OS X, *nix, Active Directory, LDAP, and on and on) for Adobe to even attempt to document them all. There are entire books written on the subject.

    I mentioned that it's really a Windows networking question because the same steps would apply to set up network access to the printer for any user account. So it would be the same for the CF user account, an Administrator account, or an account for a random user named Chris Smith. If you can log onto the Windows machine with that user account and use the printer, then if CF was running under the same user account, it would also be able to access the printer.

    Make sense?
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2009
    Posts
    67
    Rep Power
    6
    Kiteless, thank you. It does make sense and I'm working along those lines as we speak.
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2009
    Posts
    67
    Rep Power
    6
    Created a user "CF" and in local security policy settings, assigned it to "act as part of the operating system". I then adjusted the permissions of the CF9 folder to give user CF full capabilities. I also added CF to the Remote Desktop group so that I could log on and assign a printer share from a domain computer as the default printer. I then removed CF from the Remote Desktop group, stopped the CF9 Service, altered it to run as CF, gave it the password and started the process. Checked the run time logs - no errors. Tried my application and it ran - no obvious errors. Fired up CF Admin and checked the list of printers. Lo! It has the shared printer as the default printer. I'll give that a try tomorrow. The only odd thing is that the list of printers is a single line of garbage characters - not sure what that means although the CF user has no other printers so this may be an empty list. Overall, it looks good but tomorrow's testing should provide more info - stay tuned.
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2009
    Posts
    67
    Rep Power
    6
    The overall problem is still there but the change of user seems to have worked. I ran cfAdmin and confirmed that the default printer was the one added by user CF (\\desktop\myprinter). I then ran my CFPRINT flash program, not defining a printer. This failed and the logged message was "Printer not available". Changed the CFPRINT to specifically ask for myprinter as printer="\\desktop\myprinter" and this time it went into a hang - no messages in any logs. I then logged on as user CF and printed a document to myprinter to prove to myself that CF had access to the printer.

    So, I've had CFDOCUMENT hang and now CFPRINT - there has to be some permission or capability (or bug?) causing this but how to proceed?
  18. #10
  19. No Profile Picture
    Moderator

    Join Date
    Jun 2002
    Location
    Raleigh, NC
    Posts
    5,286
    Rep Power
    968
    Hmm...yeah then I'm at a loss. If you can log on as the same user that CF is using, and then print without having to do anything else (no typing passwords for the printer or anything), I can't think of any reason why it wouldn't work from CF.

IMN logo majestic logo threadwatch logo seochat tools logo