SecureAuth IdP directory structure and permissions
Introduction
This document provides information about critical file system locations and permissions on a SecureAuth IdP Appliance.
Applies to
SecureAuth IdP v8.x and later.
File system locations
Directory | Description |
C:\inetpub | Default location of inetpub; this folder is left in place for compatibility as per the Microsoft documentation |
D:\InboundSCEP | Contains binary files necessary for SecureAuth IdP to support the Simple Certificate Enrollment Protocol (SCEP) |
D:\inetpub | Directory that contains Microsoft IIS pertinent files |
\inetpub\custerr | Location of IIS error pages |
\inetpub\custerr\en-US | Location of IIS error pages in US English (ENU) |
\inetpub\history | IIS configuration file backups |
\inetpub\logs | IIS Logs |
\inetpub\temp | IIS Temporary Files |
\inetpub\wwwroot | Location of the default website |
D:\MFCApp_Bin | SecureAuth IdP Support Files |
\MFCApp_Bin\Appliance_Sync | Binaries and configuration file for the SecureAuth FileSync Service |
\MFCApp_Bin\Extras | Scripts (known as tools) to help administer the appliance |
\MFCApp_Bin\Extras\2008VCDist | Microsoft Visual C++ 2008 Redistributable Installer |
\MFCApp_Bin\Extras\2012 Server | Scripts to help with Microsoft Windows license management |
\MFCApp_Bin\Extras\Email Test | Email testing support files |
\MFCApp_Bin\Extras\LDAP Connection | Lightweight Directory Access Protocol (LDAP) testing tool |
\MFCApp_Bin\Extras\MachineKeyTool | |
\MFCApp_Bin\Extras\Microsoft .NET Framework 4.7.2 (Offline Installer) | Installer for Microsoft .NET Framework 4.7.2 |
\MFCApp_Bin\Extras\RealmManagementTool | |
\MFCApp_Bin\Extras\SABackupTool | |
\MFCApp_Bin\Extras\Security | Scripts to manage security settings for Windows Server |
\MFCApp_Bin\Extras\WebConfigManager | Command line utility to encrypt / decrypt web.config files |
\MFCApp_Bin\GPOBackup | Utility used to backup and restore GPO settings |
\MFCApp_Bin\MSI | Internet Explorer ActiveX Add-On installers |
\MFCApp_Bin\SAHotfix | Hotfix installers for SecureAuth IdP |
\MFCApp_Bin\SecureAuth.IdM.Engine | Support files for the SecureAuth IdP IDM engine |
\MFCApp_Bin\SecureAuth_Archive | Central location for backup operations |
\MFCApp_Bin\SecureAuth_Update | Legacy directory, deprecated starting from SecureAuth IdP version 8.0 |
\MFCApp_Bin\SISU | SISU directory contains support files for the SecureAuth IdP SISU registration tool |
\MFCApp_Bin\Startmenu | Holds installer files for the Windows Start menu |
D:\Scripts | Holds configuration scripts for the Windows Firewall with Advanced Security |
D:\SecureAuth | Contains SecureAuth IdP realms (IIS Applications) |
\SecureAuth\IdPConfigurator | Code and configuration files for the SecureAuth IdP Configurator functionality |
\SecureAuth\ResourceCompiler | Configuration files for the SecureAuth IdP verbiage editor functionality |
\SecureAuth\SecureAuth0 | Administrative realm for SecureAuth IdP |
\SecureAuth\SecureAuth1 | First non-administrative realm for SecureAuth IdP |
\SecureAuth\SecureAuth998 | Realm that is preconfigured and reserved for OATH enrollment |
\SecureAuth\Template | Directory with a stock version of a SecureAuth IdP realm to use a clean realm is needed |
D:\SecureAuthScepService | Contains binary files necessary for SecureAuth IdP to support the Simple Certificate Enrollment Protocol (SCEP) |
D:\SecureauthWS | Contains binary and configuration files for the SecureAuth IdP Web Service |
File system permissions
Directory | Permissions |
C:\inetpub | Use the Microsoft specified default privileges |
D:\InboundSCEP | Network Service: Modify |
D:\inetpub | Use the Microsoft specified default privileges |
D:\MFCApp_Bin | Administrators: Full Control |
D:\Scripts | Administrators: Full Control |
D:\SecureAuth | Network Service: Full Control | SecureAuth0Pool: Modify |
D:\SecureAuthScepService | Network Service: Modify | SecureAuth0Pool: Modify |
D:\SecureauthWS | Network Service: Modify | SecureAuth0Pool: Modify |
If permissions issues appear to exist on the SecureAuth IdP Appliance, try running the Reset File Permissions and Shares Tool to reset permissions to SecureAuth recommended values.
Application Pool roles
Task | .NET 4.7.2 (leveraging 'Network Service' account) | SecureAuth0Pool (leveraging 'Application Pool Identity' account) |
License Key renewal | x | x |
Log file | x | x |
D:\Secureauth\SecureAuth#\PostAuthData | x | x |
WinSSO impersonation | x | x |
Decryption / Encryption (web.config) | x | x |
Realm Creation | x | |
Resource compiler to generate language verbiage .DLL | x |