Cacti (home)ForumsDocumentation

Differences

This shows you the differences between two versions of the page.

manual:087:1_installation.2_install_windows.2_configure_webserver [2010/03/05 12:37]
Linegod temp change for pdf test
manual:087:1_installation.2_install_windows.2_configure_webserver [2010/03/05 12:56] (current)
Linegod temp change for pdf test
Line 42: Line 42:
   - Under the Documents tab, add **index.php** to the list.   - Under the Documents tab, add **index.php** to the list.
   - If using IIS6, goto Web Service Extensions and add a new Web Service Extension. Name the extension "php", and click Add and browse to the **php5isapi.dll** file, enable Set Extension status to **Enable**, and click OK.   - If using IIS6, goto Web Service Extensions and add a new Web Service Extension. Name the extension "php", and click Add and browse to the **php5isapi.dll** file, enable Set Extension status to **Enable**, and click OK.
-  - Give the **COMPUTERNAME \ IUSR_** and **COMPUTERNAME \ IIS_WPG** users Read & Execute permissions to the file  C:\Windows\system32\cmd.exe.   Yes, this can be a large security hole, but it's required so RRDTool can be launched for graphing by the anonymous web account.  For slightly improved security, one can specify a separate custom //User account// which would be used for the /wwwroot/Cacti/ site.  Then, instead of using IUSR_ everywhere throughout this document, replace it with the custom User account.  This way, only a security hole in Cacti's code could exploit cmd.exe and not all sites on the IIS server.+  - Give the COMPUTERNAME\IUSR_ and COMPUTERNAME\IIS_WPG users Read & Execute permissions to the file  C:\Windows\system32\cmd.exe.   Yes, this can be a large security hole, but it's required so RRDTool can be launched for graphing by the anonymous web account.  For slightly improved security, one can specify a separate custom //User account// which would be used for the /wwwroot/Cacti/ site.  Then, instead of using IUSR_ everywhere throughout this document, replace it with the custom User account.  This way, only a security hole in Cacti's code could exploit cmd.exe and not all sites on the IIS server.
     - Right click on **cmd.exe** and select **Properties**.     - Right click on **cmd.exe** and select **Properties**.
     - Click on the **Security** tab.     - Click on the **Security** tab.
Line 50: Line 50:
     - Click **OK**.     - Click **OK**.
   - Both IUSR_ and IIS_WPG users will also need read permissions on  C:\Inetpub\wwwroot\cacti\ and its subfolders.   - Both IUSR_ and IIS_WPG users will also need read permissions on  C:\Inetpub\wwwroot\cacti\ and its subfolders.
-    - Right click on the folder **C:\Inetpub\wwwroot\cacti** and select **Properties**.+    - Right click on the folder C:\Inetpub\wwwroot\cacti and select **Properties**.
     - Click on the **Security** tab.     - Click on the **Security** tab.
     - Click on **Add...** under the group or user names section.     - Click on **Add...** under the group or user names section.
Line 63: Line 63:
     - Click **Yes** to the Security warning dialog box.     - Click **Yes** to the Security warning dialog box.
     - Click **OK** to close the properties window.     - Click **OK** to close the properties window.
-  - Give the IUSR_ and IIS_WPG users modify permissions to the folders  **C:\Inetpub\wwwroot\cacti\log** and **C:\Inetpub\wwwroot\cacti\rra**.+  - Give the IUSR_ and IIS_WPG users modify permissions to the folders C:\Inetpub\wwwroot\cacti\log and C:\Inetpub\wwwroot\cacti\rra.
   - Completely stop and start the IIS service using the following commands from the command prompt.  Alternatively, use the Service MMC snap-in under Administrative Tools:<code>   - Completely stop and start the IIS service using the following commands from the command prompt.  Alternatively, use the Service MMC snap-in under Administrative Tools:<code>
 net stop iisadmin net stop iisadmin





Personal Tools