Copy link to clipboard
Copied
Greetings.
I have a need to connect to a file server to read and zip up some files.
I am looking for either a solution to the problem, or a definitive "that will not work"
We have a windows based CF2018 server in our DMZ.
The DMZ is disconnected from the domain as such I can not run CF as a domain user such as cf@mydomain.com
Currently the CF service is running under a local admin accout ex. 'svcCF'
Logging in to the Windows server as the local dmin 'scvCF', I have mapped a network drive ex. Z: to a network location '\\myserver.mydomain\myfolder' using the credentials of a domain user with permissions on that machine.
I am then trying:
<cfdirectory action="list" directory="Z:\700 Series\" recurse="false" name="myList">
<cfdump var="#myList#">
With an empty result.
My guess is just because the local admin account svcCF has a mapped drive (using a different user's credentials to connect) doesnt mean the CF service sunning as the local admin account svcCF can "see" that mapped drive.
Again, open to other options, or a not possible.
Thank you!
Chris
Copy link to clipboard
Copied
Chris, your conclusion is indeed my understanding (but we could be wrong).
In any case, you've not said what happens if you just use the network path in the cfdirectory instead. I'd think it could and should work (given the other particulars you shared), but again someone with specific experience trying to solve this (perhaps even you) may say otherwise.
Copy link to clipboard
Copied
Thanks Charlie (I was hoping for a response from someone like you, as I've frequently found answers thru your posts! here and elsewhere!)
I can not use the network path like \\servername\folder as the web server CF is running on is isolated from the rest of domain (network wise), and I can not add an AD domain user to the machine, which was the reason for the runabout.. service runs as a "local" user... that local user (when logged in to the Windows OS) has a mapped drive using "domain user" credentials. My IT infrastructure people cant understand why the local "logged in user"ie. a human can have a mapped drive using another AD users credentials, but that ColdFusion (application server 'service') logged in as (or rather "running as") that local user cant see the mapped drive.. I'm no windows expert, but a user logged in to the OS probably isnt apples:apples as a "service" running as that same user. I'm hoping some expert can say.. "yeah, apples and oranges".
C.
Copy link to clipboard
Copied
So, there are a couple things going on here. First, you should be able to use shares pretty much anywhere you could use physical file paths. So you should be able to use it in your CFDIRECTORY tag, I think. I haven't tested this exactly, but you can probably just do something like this:
\\{machine name}\c$
You can open a command prompt and see what shares are available by typing:
net view \\{machine name}
If you don't know your machine name - which most people including me don't know about their own machines - just type "hostname" at the command prompt to find out.
If you don't have any shares, you can create one using "net share" at the command prompt. I'm too lazy to provide all the instructions for that, so just type "net help share" to see for yourself. It's common for newer Windows machines not to have the standard set of shares that map to drive letters, I think, but there's no reason you can't make one yourself.
Note that none of this depends on having a local user vs a domain user. That I can tell you, as I just tested it. And, a service running as a user can in fact access the same things that user can, and you can control permissions for that user to control what the service can access.
I hope this helps!
Dave Watts, Eidolon LLC
Copy link to clipboard
Copied
Currently the CF service is running under a local admin accout ex. 'svcCF'
Logging in to the Windows server as the local dmin 'scvCF', I have mapped a network drive ex. Z: to a network location '\\myserver.mydomain\myfolder' using the credentials of a domain user with permissions on that machine.
...
My guess is just because the local admin account svcCF has a mapped drive (using a different user's credentials to connect) doesnt mean the CF service sunning as the local admin account svcCF can "see" that mapped drive.
Chris
I think your guess is correct. For it to work, you have to map the network drive Z: to the network location '\\myserver.mydomain\myfolder' using the credentials of 'scvCF' (on the other machine).