Very timely! Just got a new server the other day and plan on putting CF10 on it and then migrate our site from it's current CF8 server.

Awesome. Implementing shortly. Thanks.

Are there errors in the lockdown guide?

1) It says to create the cfadmin directory, but then it doesn't say anything about copying anything to it. Are you supposed to copy what's under the Coldfusion cfusion\wwwroot to your new cfadmin folder? If you do, will the updates then fail since it does not know where the actual CFIDE is or do you have to copy it over again after each update.

2) Moving the CFIDE appears to break the updates, the accordions are gone and when I click on "Download" nothing happens though the rest of the administrator appears to work.

Any help appreciated.

I figured out part of my problem. I had to include a cf-scripts virtual directory in the cfadmin web site pointing to the scripts folder. That fixes the accordion/download issue.

But the other issue is that now the updater does not know where CFIDE is, does it? You set where the scripts directory is, but not the CFIDE. Do you have to copy it over after every update?

Jim, I'd reach out to Pete Freitag at Foundeo. He is the author of the document.