Lockdown of /CFIDE/Administrator

As part of the "Adobe ColdFusion 9 Server Lockdown Guide," Adobe recommends blocking /CFIDE requests (pages 9 and 10). 

After adding a <denyUrlSequences> block to the applicationHost.config file, located in the \windows\system32\inetsrv\config directory, the instructions say,

Next, you must allow access to the /CFIDE/administrator URI in the cfadmin website.  Create a file called web.config in the web root with the following content:

. <configuration>

     <system.webServer>

          <security>

               <requestFiltering>

                    <denyUrlSequences>

                         <remove sequence="/CFIDE/Administrator"/>

                    </denyUrlSequences>

                   </requestFiltering>

               </security>

             </system.webServer>

     </ configuration>

The above configuration overrides the global request filtering and removes the deny rule for the URI/CFIDE/administrator.

I want to make certain I put this in the correct directory/ies.  We're running three clustered instances and a fourth test server.  They are located in a data drive like so:

D:\JRun\servers\<instance name>\cfusion.ear\cfusion.war\CFIDE

where the <instance name> is the name of the particular instance.

So, my question is, do I need to put this new config file in the \<instance name> directory for each of the instances?  The \cfusion.war directory for each instance?  Or just once in the \servers directory?

TIA,

Pete