portal entry

select a category, or use search below
(searches all categories and all time range)
Title:

Server Auto-Lockdown

| View in Portal
July 12, 2018 08:35:38 AM GMT
12 Comments 
<p>Introduction With the 2018 release of ColdFusion, we have introduced the support for Server Auto-Lockdown. Before going into the details, let’s understand what is Server Auto-Lockdown. What is Server Auto-Lockdown? Server Auto-Lockdown is based on the Lockdown Guide prepared by Pete Freitag for helping server administrators to secure ColdFusion Installations. The installer guides the users to change some permissions in their system to secure their ColdFusion installation. A few settings that need to be changed are: Set some OS level file system […]</p>
<p>The post <a rel="nofollow" href="https://coldfusion.adobe.com/2018/07/server-auto-lockdown/">Server Auto-Lockdown</a> appeared first on <a rel="nofollow" href="https://coldfusion.adobe.com">ColdFusion</a>.</p>
Labels: Blog, Uncategorized, ColdFusion2018, lockdown, security, Server Auto-Lockdown

Comments:

Hello, Where do I download CF2018 Server Auto-Lockdown installer to be able to run that? Thanks in advance, Carl.
Comment by Carl Meyer
1189 | July 16, 2018 03:05:33 AM GMT
Good question, Carl. I don't find it (currently) offered on the page shown upon downloading CF (as was the case with the pmt), nor is it linked to from the docs page above, nor on the "downloads" page (https://www.adobe.com/support/coldfusion/downloads.html).
Comment by Charlie Arehart
1185 | July 16, 2018 01:52:02 PM GMT
We are aware of this. It will be available soon.
Comment by RAHUL UPADHYAY
1184 | July 16, 2018 05:34:03 PM GMT
Charlie, Here you go: https://www.adobe.com/support/coldfusion/downloads.html#cf2018ldg
Comment by Saurav Ghosh
1194 | July 19, 2018 05:25:25 AM GMT
Carl, Here it is: https://www.adobe.com/support/coldfusion/downloads.html#cf2018ldg
Comment by Saurav Ghosh
1193 | July 19, 2018 05:25:50 AM GMT
Thanks.
Comment by Charlie Arehart
1195 | July 19, 2018 01:13:27 PM GMT
How does this work when you are running multiple instances using the Enterprise Edition? Do you need to run the lock-down tool for each instance/site?
Comment by Michael Brown
1246 | September 10, 2018 11:55:55 PM GMT
I have a brand new Windows server and after installing ColdFusion successfully ran the auto lock down tool.  It seems to have failed attempting to change the logon user for the Windows CF services that I did not install.  They are optional services, why does it fail? Excerpt from the log file: 2019-03-28 12:22:24 INFO  - Changing logon users for ColdFusion services 2019-03-28 12:22:24 INFO  - Trying to change logon user for ColdFusion 2019-03-28 12:22:25 INFO  - Changing for: ColdFusion2018Add-onServices 2019-03-28 12:22:25 INFO  - [SC] OpenService FAILED 1060: The specified service does not exist as an installed service. 2019-03-28 12:22:25 INFO  - Changing for: ColdFusion 2018 Application Server 2019-03-28 12:22:26 INFO  - [SC] ChangeServiceConfig SUCCESS 2019-03-28 12:22:26 INFO  - Changing for: ColdFusion 2018 ODBC Agent 2019-03-28 12:22:26 INFO  - [SC] OpenService FAILED 1060: The specified service does not exist as an installed service. 2019-03-28 12:22:26 INFO  - Changing for: ColdFusion 2018 ODBC Server 2019-03-28 12:22:26 INFO  - [SC] OpenService FAILED 1060: The specified service does not exist as an installed service. 2019-03-28 12:22:26 INFO  - Failed to change the logon users for ColdFusion services! 2019-03-28 12:22:26 INFO  - Rolling back the changes because of the Lockdown failure 2019-03-28 12:22:26 INFO  - Reverting back the registry permissions changed during Lockdown
Comment by Miguel Fernandez
1952 | March 29, 2019 11:45:32 AM GMT
Just an FYI to anyone wanting to use this. If you plan to add a site on a locked down instance you will need to uninstall as your new site will not accessible. Going thru the motions now ....
Comment by Giancarlo Gomez
1981 | April 08, 2019 07:21:20 PM GMT
Hi Miguel, I am experiencing the same issue. The lockdown is bailing out after it finds that I did not install the optional services. My log is identical to yours. Very frustrating!
Comment by philg15796544
2016 | April 25, 2019 06:13:59 PM GMT
<p>Folks finding this post in mid-2019 and beyond should note that in the technotes for CF2018 update 4 (from June 2019) there is indication that the Lockdown tool installer was “refreshed” (a new one was made available). See <a href="https://helpx.adobe.com/coldfusion/kb/coldfusion-2018-update-4.html" rel="nofollow">https://helpx.adobe.com/coldfusion/kb/coldfusion-2018-update-4.html</a>.</p><p>As for getting the new installer, see the CF downloads page, specifically this anchor:</p><p><a href="https://www.adobe.com/support/coldfusion/downloads.html#cf2018ldg" rel="nofollow">https://www.adobe.com/support/coldfusion/downloads.html#cf2018ldg</a></p><p>Note that there are now Lockdown installers for Windows, Linux, and Mac. The Mac version was added in CF2018 Update 2. The checksums for the current versions are offered on that page.</p><p>I will add for those on Windows that you can confirm the version you have by looking at the properties of the file (in Windows), and its “details” page, where the new one (from update 4) reports 2018.0.2, while the original reports 2018.0.0. (The UI for the tool does NOT report its version that I have seen.)</p><p>Finally, I have not found any documentation on what changed with the tool as of CF2018 update 4, but I have just asked Adobe and am awaiting a reply. If I don’t think to add here what I hear back, I should see eventually if someone adds a comment asking me about it.</p><p>Anyway, the main point I wanted to make was that the tool was indeed updated in June 2019, so perhaps some of the warts and challenges people have had have been addressed. It would certainly seem wise for anyone preparing to use it to make sure they DO have the latest. So many people often re-use files downloaded a year or more ago, not realizing there was indeed an update.</p>
Comment by Charlie Arehart
2181 | July 24, 2019 09:38:19 PM GMT
How long does this install take.  I have IIS with 4 sites and it has been at Change permissions of IIS Website 100% for half an hour?  Task manager shows no cpu activity.
Comment by nickj24525839
4701 | March 25, 2020 03:43:04 PM GMT