Skip to main content

SecureAuth IdP directory structure and permissions

Introduction

This document provides information about critical file system locations and permissions on a SecureAuth IdP Appliance.

Applies to

SecureAuth IdP v8.x and later.

File system locations

Directory

Description

C:\inetpub

Default location of inetpub; this folder is left in place for compatibility as per the Microsoft documentation

D:\InboundSCEP

Contains binary files necessary for SecureAuth IdP to support the Simple Certificate Enrollment Protocol (SCEP)

D:\inetpub

Directory that contains Microsoft IIS pertinent files

\inetpub\custerr

Location of IIS error pages

\inetpub\custerr\en-US

Location of IIS error pages in US English (ENU)

\inetpub\history

IIS configuration file backups

\inetpub\logs

IIS Logs

\inetpub\temp

IIS Temporary Files

\inetpub\wwwroot

Location of the default website

D:\MFCApp_Bin

SecureAuth IdP Support Files

\MFCApp_Bin\Appliance_Sync

Binaries and configuration file for the SecureAuth FileSync Service

\MFCApp_Bin\Extras

Scripts (known as tools) to help administer the appliance

\MFCApp_Bin\Extras\2008VCDist

Microsoft Visual C++ 2008 Redistributable Installer

\MFCApp_Bin\Extras\2012 Server

Scripts to help with Microsoft Windows license management

\MFCApp_Bin\Extras\Email Test

Email testing support files

\MFCApp_Bin\Extras\LDAP Connection

Lightweight Directory Access Protocol (LDAP) testing tool

\MFCApp_Bin\Extras\MachineKeyTool

Machine Key Tool

\MFCApp_Bin\Extras\Microsoft .NET Framework 4.7.2 (Offline Installer)

Installer for Microsoft .NET Framework 4.7.2

\MFCApp_Bin\Extras\RealmManagementTool

Realm Management Tool

\MFCApp_Bin\Extras\SABackupTool

SecureAuth Backup Tool

\MFCApp_Bin\Extras\Security

Scripts to manage security settings for Windows Server

\MFCApp_Bin\Extras\WebConfigManager

Command line utility to encrypt / decrypt web.config files

\MFCApp_Bin\GPOBackup

Utility used to backup and restore GPO settings

\MFCApp_Bin\MSI

Internet Explorer ActiveX Add-On installers

\MFCApp_Bin\SAHotfix

Hotfix installers for SecureAuth IdP

\MFCApp_Bin\SecureAuth.IdM.Engine

Support files for the SecureAuth IdP IDM engine

\MFCApp_Bin\SecureAuth_Archive

Central location for backup operations

\MFCApp_Bin\SecureAuth_Update

Legacy directory, deprecated starting from SecureAuth IdP version 8.0

\MFCApp_Bin\SISU

SISU directory contains support files for the SecureAuth IdP SISU registration tool

\MFCApp_Bin\Startmenu

Holds installer files for the Windows Start menu

D:\Scripts

Holds configuration scripts for the Windows Firewall with Advanced Security

D:\SecureAuth

Contains SecureAuth IdP realms (IIS Applications)

\SecureAuth\IdPConfigurator

Code and configuration files for the SecureAuth IdP Configurator functionality

\SecureAuth\ResourceCompiler

Configuration files for the SecureAuth IdP verbiage editor functionality

\SecureAuth\SecureAuth0

Administrative realm for SecureAuth IdP

\SecureAuth\SecureAuth1

First non-administrative realm for SecureAuth IdP

\SecureAuth\SecureAuth998

Realm that is preconfigured and reserved for OATH enrollment

\SecureAuth\Template

Directory with a stock version of a SecureAuth IdP realm to use a clean realm is needed

D:\SecureAuthScepService

Contains binary files necessary for SecureAuth IdP to support the Simple Certificate Enrollment Protocol (SCEP)

D:\SecureauthWS

Contains binary and configuration files for the SecureAuth IdP Web Service

File system permissions

Directory

Permissions

C:\inetpub

Use the Microsoft specified default privileges

D:\InboundSCEP

Network Service: Modify

D:\inetpub

Use the Microsoft specified default privileges

D:\MFCApp_Bin

Administrators: Full Control

D:\Scripts

Administrators: Full Control

D:\SecureAuth

Network Service: Full Control | SecureAuth0Pool: Modify

D:\SecureAuthScepService

Network Service: Modify | SecureAuth0Pool: Modify

D:\SecureauthWS

Network Service: Modify | SecureAuth0Pool: Modify

If permissions issues appear to exist on the SecureAuth IdP Appliance, try running the Reset File Permissions and Shares Tool to reset permissions to SecureAuth recommended values.

Application Pool roles

Task

.NET 4.7.2 (leveraging 'Network Service' account)

SecureAuth0Pool (leveraging 'Application Pool Identity' account)

License Key renewal

x

x

Log file

x

x

D:\Secureauth\SecureAuth#\PostAuthData

x

x

WinSSO impersonation

x

x

Decryption / Encryption (web.config)

x

x

Realm Creation

x

Resource compiler to generate language verbiage .DLL

x