Re: Run executables IIS 6
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 02/23/05
- Next message: Alan: "Certification Authority error"
- Previous message: David Wang [Msft]: "Re: Point home directory to C:\\ . . ."
- In reply to: Sue: "Run executables IIS 6"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 22 Feb 2005 16:02:37 -0800
In addition to what JRG has said, I'd just like to clarify what the basic
IIS6 security amounts to.
IIS6 disallows download of content that does not have an associated MIME
Type and disallows execution of binaries that do not have an enabled Web
Service Extension.
This means that:
1.You must have a MIMEMap entry for the given extension that you want to
allow IIS6 to download.
2. You must have an enabled Web Service Extension for the given binary file
that you want to allow IIS6 to execute as an ISAPI or CGI.
These requirements are on top of any other requirements.
Thus, the full list for allowing executables to run would include:
1. NTFS ACLs to allow Read/Execute permissions to IIS_WPG and the remote
impersonated identity (depends on authentication methods allowed in IIS for
that URL namespace)
2. IIS Permissions to allow "Scripts" or "Scripts and Executables" in the
given URL namespace
3. If it is a Script, then the Script Mapping of the extension to the
ScriptEngine must exist
4. The binary executable being executed, either directly as ISAPI/CGI or
indirectly as a ScriptEngine, must have an enabled Web Service Extension.
#4 is the new thing added in IIS6. Everything else is the same as before.
These security issues can be diagnosed by looking at the web logs at
%windir%\System32\LogFiles\W3SVC#\*.log and locating the HTTP
status/sub-status as well as Win32 error code. The F1 help in IIS Manager UI
has a "Troubleshooting" section to help.
-- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Sue" <Sue@discussions.microsoft.com> wrote in message news:CF9CBC43-2E38-429F-8F41-DE903DBAF461@microsoft.com... I have read that IIS by default does not allow a web application to run executables. And I read that the way to change that is to use IIS Manager to give Read/Execute permissions. I have done that at the directory and individual file level for the files I am trying to execute. I have also given security at the file level in Windows Explorer. However, it is still not letting me run an executable. All other viewing, some of which includes getting data from a SQL database is working fine. Is there something else that needs to be done to allow executables to be run? How can I check what username my application is using to make sure that I have given the correct permissions to the correct user? Windows Server 2003 IIS 6.0 PHP 4 Now, before you say that PHP is the problem... it WAS working before. I was installing the 'Prerequisites' for Visual Studio.NET which I believe was only the Front Page Extensions. That is when this part of the application quit working. The applications I am calling still work independently, just not when they are called from the web app. Please help... they are going to drag me away to the crazy farm soon...
- Next message: Alan: "Certification Authority error"
- Previous message: David Wang [Msft]: "Re: Point home directory to C:\\ . . ."
- In reply to: Sue: "Run executables IIS 6"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
