HOWTO: Allow file downloads (including .exe) on IIS 6.0


Variations of this question are asked of IIS 6 all the time. However, the answer is no different than for any other version of IIS other than the fact that IIS 6 gives you a distinct error code to troubleshoot. What is not clear to me is why users think that the newly introduced Web Service Extension concept has something to do with this misconfiguration… I hope someone can give me some rationale.


Question:


Hello,


What is the correct method to allow .exe files to be downloaded or run from a web site on an IIS 6.0 server?


I am currently receiving a 404.2 error message in my browser when I try to open/download the executable files, and I am not sure which Web Service Extensions configuration changes must be made to allow this.


Thanks in advance,


Answer:


Given the current phrasing of your question, there is no correct method. Downloading a .exe file is NOT the same as run from a website, as I will describe below. I’ll give a short answer and then a more detailed answer.


Short Answer


Your error message indicates that you have “Scripts and Executables” enabled, so IIS is trying to execute the .exe file on the web server, and since the .exe is not allowed by any defined Web Service Extension, a 404.2 results. The corrective action depends on what you want to do.



  1. If you want to allow .exe files to be downloaded as-is to the browser, then you must NOT have “Scripts and Executables” as Execute Permissions.
  2. If you want to execute the .exe file on the server to generate a response that is sent to the browser (possibly interpreted as a download), then you MUST have “Scripts and Executables” as Execute Permissions, and you must enable a Web Service Extension for that .exe file.

Details


Whenever the user makes the browser request a resource like “http://server/myapp.exe”, users usually want one of the following actions to happen:



  1. Return the file contents of myapp.exe as-is to the browser (aka file download)
  2. Execute myapp.exe on the web server to generate a dynamic response (aka execute CGI script)

Now, the web server controls which action should happen, and on IIS, this is controlled by the “Execute Permissions” property of the virtual directory containing the .exe file. If the permission is set to “Scripts and Executables”, then IIS will do action #2. Otherwise, it will do action #1.


Prior to IIS 6.0, there were no further security checks against either action. On IIS 6.0, there is one additional security check, depending on the action:



  1. For action #1, the file resource’s extension (.exe in this case) must have a defined MIME Type or else a 404.3 occurs. .exe has a MIME Type of  application/octet-stream by default, so file download should just work.
  2. For action #2, there must be an enabled Web Service Extension for the full path to the .exe resource to allow IIS to execute it to generate a HTTP response or else a 404.2 occurs. For securety reasons, IIS 6 does not allow any resource to execute by default unless otherwise configured/allowed in Web Service Extension.

//David

Comments (135)

  1. Santosh says:

    Thanks this really helped resolve my problem.

  2. David.Wang says:

    You’re welcome! This is a pretty common confusion amongst users, and I really hope this clears things up.

    //David

  3. Jason says:

    Your advise helped another confused IIS user who has been searching the answer on the web for weeks. THANKS!

  4. IIS user says:

    Awesome response and thank you, I have been trying for two weeks to figure out what I changed on the server to make it try and run the program on the server, but was just over looking this.

  5. David Wang says:

    Barbie – I am not certain what more info you are looking for.

    //David

  6. Vishwas says:

    I am trying to run an exe on the box with IIS 6.0 and I did carry out all the steps mentioned above yet no improvements. Can someone please throw some light on this.

  7. Jason says:

    I am still having a problem letting ANY file be downloaded. Exe’s are working great ie: http://dl.htmlgraphic.com/bulletftpsetup.exe ie: http://dl.htmlgraphic.com/default.asp.old this *.old trys to execute. Can you please help.

  8. David Wang says:

    Vishwas – If you are trying to run an .exe on IIS 6.0 then you obviously need to:

    1. Enable "Scripts and Executables" Execute permission for the URL

    2. Make sure that .exe does NOT have an application mapping

    3. [IIS6 only] Have Web Service Extension for the EXE

    I think you probably have a mistaken setting of #2 somewhere; similar to Jason also having a mistaken setting of #2 that prevents the right thing from happening.

    Jason – if .old tries to execute, it means that you have an application mapping for .old AND you have "Scripts" Execute Permissions.

    Similar to .exe, you either:

    1. Change to "None" Execute Permissions. This prevents application mappings from taking effect

    2. Remove the application mapping for .old

    I suspect you accidentally set up a .old application mapping, so I suggest #2 first.

    //David

  9. mads says:

    How can I enable Web Service Extension for that .exe file?

  10. David says:

    Thanks… that solved a client’s problem very quickly!

  11. Henry Luo says:

    I just fixed one .exe download problem. The browser stuck and cannot download the .exe file.

    I checked the setting of the directory containing the .exe file. And it’s Execute Permission was set to Script. So I initially thought it should be OK, as .exe is not script and should be downloaded.

    But only after I changed the Execute Permission to None, did the download go away.

    So for .exe download to work, you MUST set Execute Permission to "None".

    David, your statement of ‘you must NOT have "Scripts and Executables" as Execute Permissions.’ is a bit ambiguious.  People might think "Script" is acceptable as I did.

  12. David.Wang says:

    Henry – Sorry, but I stand by my statement. For .exe download to work, Execute Permission must NOT be “Scripts and Executables”.

    In particular, you can download .exe with Execute Permissions set to “Script”. I just did. So, I am fairly certain I just disproved your claim of “for .exe download to work, you MUST set Execute Permissions to “None”.

    Of course, since IIS is a configurable server, it is also possible to configure what *should* work into not working. I obviously cannot call out all possible ways that you can shoot yourself…

    I think “Scripts” does not work for you because you have an incorrect Application Mapping for .exe extension which does not generate a valid HTTP response and hence causes the client to “hang”. This would explain the behavior difference between “Scripts” and “None” because “None” forces the Static File Handler (which results in a file download) while “Scripts” allows Application Mapping to execute (which obviously executed something or else you would have had a successfully download via Static File Handler).

    http://blogs.msdn.com/david.wang/archive/2005/10/14/HOWTO_IIS_6_Request_Processing_Basics_Part_1.aspx

    Of course, I preface all this by saying that if you have arbitrary ISAPI or CGI configured to execute during request processing, all bets are off since they can alter behavior arbitrarily. I can only describe how the IIS6 Request Processing works… not how arbitrary code can alter behavior. 

    //David

  13. Yusuf Murabe says:

    Very nice article, David, but didn’t help me with one particular problem.

    I have .rdp files on an IIS6 server so users can open them directly, and thereby go to their rdp session (which might be ipaddress:3390 etc)

    They give the file not found error, but I can’t see any mappings to them and exe’s can download OK. Any ideas?

  14. David.Wang says:

    Yusuf – This blog entry describes what is going on and how to troubleshoot it. Please re-read the "Details" section.

    You most likely need to add a MIME Type for .rdp so that it is allowed for download. The reason you didn’t do this for .exe is because there is already a defined MIME Type for .exe by default.

    //David

  15. Rao says:

    please tell me how to run *.exe file in server (and not download it). I am trying to figure out how to script for an application in c with *.exe (400kb) to run in a server upon query from a browser.

  16. keith says:

    All your info is great for putting people on the right track, but you failed to mention a couple things. These two things are IIS Lockdown 2.1 and URLScan.dll.  Two nifty tools, yes.  But the URLScan will prevent .exe download, by its default config.  

    This little annoyance caused me about 30 mins of config tweaking trying to determine why my .exe’s would serve.  So, be adviced, look in your urlscan.ini for config options.  

    Thx.

  17. David.Wang says:

    keith – Thanks for the additions.

    I just wanted to respond to your statement that I "failed to mention a couple of things".

    Please note that I intentionally disregarded IIS Lockdown 2.1 and URLScan in this blog entry because:

    1. Neither are installed by default on IIS6. Use on IIS6 is on a case-by-case basis.

    http://www.microsoft.com/technet/security/tools/urlscan.mspx

    2. Arbitrary ISAPI DLL can cause arbitrary behavior on IIS (like failure to allow EXE file downloads) for arbitrary reason. I cannot possibly write a prescriptive blog entry about an unknown arbitrary reason and how to resolve it.

    3. I want to explain the IIS6 specific behavior concerning allowing EXE file downloads, which is applicable on all IIS6 servers.

    4. URLScan rejections are not 404.2, which is in the original question.

    In other words, if the blog entry is about "ways to resolve arbitrary unexpected 404s", then yes, I should certainly mention the valid statement that "arbitrary ISAPI Extension or ISAPI Filter, such as URLScan, can alter server behavior to result in unexpected 404s."

    Now, I actually wrote this blog entry to describe a common user misunderstanding of:

    1. Downloading EXE to browser  vs

    2. Executing EXE on server  vs

    3. Executing EXE on the client

    Users tend to think that some combination of the above actions should "magically" happen with the exact same configuration — obviously not possible. I wanted to point out how IIS views the requests and the configuration that allows IIS to distinguish between #1 and #2 (a key misunderstanding).

    //David

  18. chall3ng3r says:

    hi david,

    i have created my own cgi like executable in C. it does not returns anything (as cgi’s do), but it produces a xml file in same directory.

    what i want to do is execute this file on server through my asp 3.0 script, which passes it parameters to produce dymanic xml.

    can you help me on this? i need to do it in any of asp3.0/asp.net/asp.net2

    tia,

    // chall3ng3r //

  19. David.Wang says:

    chall3ng3r – I am not certain what help you need.

    – ASP can use WScript.Shell to Run arbitrary executables on the server as the process identity.

    – ASP.Net can use System.Activator to also invoke WScript.Shell, or it can use System.Diagnostics.Process.Start() to run arbitrary executables as the process identity.

    So, the process identity needs write access to the directory to write the XML file

    You can alternatively figure out these details pragmatically using FileMon from sysinternals.com.

    //David

  20. Nausher says:

    Possibly your .exe’s can get blocked by URLScan

    Then your log would contain <Rejected-By-UrlScan>

    E.g.

    2006-04-26 01:32:39 10.254.48.61 – 10.108.117.202 80 GET /<Rejected-By-UrlScan> ~/dir/application.exe 404

    In such a case have URLScan.ini configured to allow *.exe or whatever it is by following this article.

    http://support.microsoft.com/kb/326444/

    URLScan.ini location – %WINDIR%System32InetsrvURLscan

    Log files location – %SYSTEMROOT%System32LogFilesW3SVC#*.log

  21. David Wang says:

    I finally have enough blog entries about various portions of IIS6 request processing that I can stitch…

  22. David.Wang says:

    awesome, another 10K entry!

    //David

  23. usman says:

    i had to allow .ace file download in iis6 (it was in parts, so each file had a different extension – i.e. .ace,.c01,.c02 …). I had to do this by adding mime types in the properties of the virtual directory.

    I used application/octet-stream as the mime type for each extension (ace is just another format for zipping and i’m not sure if it is correct or not) and it started working.

  24. Quentin says:

    Worked great!  Thanks!

  25. Linda says:

    Thanks!  You just saved me a lot of time and trouble!

  26. DarkestNight says:

    Thanks David Wang! Worked like a charm.

  27. Evgeny says:

    I want to allow download myfile.zip from the Virtual Directory.

    But then trying to download I have error 404 .

    If I just change extension to myfile.txt, I may normal download it.

    How must I configure IIS to allow download zip file?

  28. David.Wang says:

    Evgeny – By default, downloading a .zip file just works with no configuration because .zip extension is handled by the IIS Static File Handler, and .zip has a pre-defined MIME Type extension.

    You need to:

    1. Determine whether the .zip extension is handled as a static file or dynamic file on your server. Default is static, but unusual behavior usually indicates non-default configuration so you must verify.

    http://blogs.msdn.com/david.wang/archive/2005/10/14/HOWTO_IIS_6_Request_Processing_Basics_Part_1.aspx

    2. Determine whether you configured any per-site or global ISAPI Filter to run on the request

    3. Check the IIS log file entry for that 404 error and determine the substatus and Win32 error code

    //David

  29. Elizabeth Dunn says:

    Thank you for this information.  I was able to fix my problem in minutes.  We recently switched to a new server running IIS 6 and suddenly SCR files were creating a file not found error rather than prompting users with the Run/Download option.  Once I added the SCR extension with the MIME Type of application/octet-stream the Run/Download option appeared.  Is there a site that lists all extensions with the appropriate associated MIME type if I identify additional extensions I need to add or is is save to just use "application/octet-stream" if I can not identify the specific MIME type?

  30. David.Wang says:

    Elizabeth – I am not aware of a website that lists all extensions with appropriate associate MIME type. However, I would not really worry about it because it is just a "hint" to the User-Agent (i.e. web browser) on what to do with the content.

    Realistically, content on the web falls into these buckets:

    1. txt/html/xml/js/css – textual data that the browser can immediately consume for user display (i.e. CSS stylesheet that affects how an HTML page is displayed)

    2. anything non-textual (i.e. binary) – binary data that the browser should download and save. Optionally, those with special MIME Type can automatically trigger handler plugins to display the binary data.

    The things in bucket #1 is pretty static. When talking about MIME Type, you are really talking about things in bucket #2 and in particular, whether the browser should either:

    1. bring up the generic Download/Run dialog and make the user click a button

    2. or automatically invoke the plugin based on MIME Type

    If you are just serving up files for download, you don’t care about #2 and thus application/octet-stream is perfect sign for "download this".

    If you are serving up files to be executed on the web browser, then you should know the correct MIME Type, and that can always be obtained from the computer where the web browser is supposed to execute.

    //David

  31. sunlie says:

    Hi David, just want to ask how to set a .cer (X509 certificate) to be download. I’ve set the MIME type to application/x-x509-ca-cert, but the file show up in text.

    Thanks

  32. Harry says:

    David – you should be getting paid for this kind of advice!

  33. David.Wang says:

    Harry – hehe… you should tell my manager that. 🙂

    //David

  34. Danny says:

    My Hat’s off to you David.  Thanks for the great advice.  I too had the same trouble with .exe files and searched the net for a while before stumbling across this article.  Of course, after reading through the responses,  it seems more like you were being attacked instead of offering advice.  Shame on those so quick to prove others wrong!!

    My fix was to change the site to Scripts only.  This allowed me to achieve what I desired to have them be prompted for the download of the .exe file.

    Keep up the good work and Thanks again.  The info was greatly appreciated!!  🙂

  35. MickeyDing says:

    David – you are a legend.

    I have created a virtual directory to stash any old file and be able to download it.

    I set the execute permissions to "none" because I don’t want to compromise the server in any way by allowing any execution of anything.

    The discussion about mime types led me to try a mime type with an extension of "*" mapping to a mimetype of "application/octet-stream".

    This appears to allow me to do binary transfers over http of any file, irrespective of what its extension may be. Is what I have done a security risk in any way ?

  36. David.Wang says:

    MickeyDing – Yes, a * MIME-Type allows all files (extension *) to be transported as binary (application/octet-stream).

    Default IIS6 behavior is to only allow downloads of defined MIME Types, and adding a * MIME-Type defeats that security check.

    However, if your purpose is to have a download directory, then the security risk of * MIME-Type on that directory is necessary.

    In other words, every single piece of functionality you enable on the web has an associated security risk. The only thing you can do is decide whether the risk is necessary, and if so, how to minimize/mitigate the risk.

    //David

  37. Jay says:

    David –  I am trying to download our own custom extension over .Net application. I have added it to MIME type as application/octet-stream and also to Virtual Directory as new MIME type. But still for some reason it does not get downloaded. If I change the extension for the same file .tif it gets.

    Any ideas? As a test I even created a Test folder and tried to access the URL in Internet Explorer. For .tif extension it asks to open or save but for the custom extension it says page cannot be displayed.

    Thanks in advance!

  38. David.Wang says:

    Jay – The answer depends on the handler that sends the download.

    If the download of the custom extension is sent by your own application, then you are responsible for fixing the problem. MIME Type is only relevant when the IIS Static File Handler sends the resource.

    You should start by troubleshooting what status/substatus is recorded for the failing request. IE says "page cannot be displayed" for many reasons, not all related to MIME Type.

    In other words, setting the MIME Type does not ensure a file download. It only works if the file extension is handled by the IIS Static File Handler.

    I have other related blog entries along the sidebar of my Blog to explain how IIS handles requests, how to correctly troubleshoot IIS, etc. I suggest reading them all for more info.

    //David

  39. Nate says:

    David –

    I have run into a situation where I can not get IIS 6 to serve up files with a .log extension.

    I have a website that has a small data driven front end that lets you upload and view files stored in a share on a file server physically separate from the web server.  That share is mapped to via a virtual directory on the webroot.

    Every time a .log file is requested the website throws a 404 error.  So I tried adding .log to the list of mime types and no I am getting a 500 error.

    Any ideas?

  40. Apple_Eater says:

    Hey,

    Is there any way to define "All unknown extensions" in the MIME settings to be "application/octet stream" (downloadable, I think)? I would like any files not directly recognized by IIS to be considered downloadable, any ideas?

  41. Tarun says:

    I am not able to execute any exe using ASP on IIS server.

    I am getting this error message :

    "The application failed to initialize properly (0xc0000142). Click on OK to terminate the application."

    Please help !!!!!!!!

  42. Ian Billing says:

    Thanks for all the articles – I am almost all the way to getting it right. My last problem now is this:

    If the .exe file is a self extracting zip file or any other .exe file that is not a complied VB.NET .exe file, then I get the download box – which I want!

    However, if the .exe is a file that was compiled in VB.NET, then no matter how I set the Execute Permissions, the server will not give the option of downloading the file – it always attempts to run it.

    Please help.

    Thanks

  43. I’m sure the use of adding .ICA files to web servers to launch published applications from Presentation

  44. Konstantin says:

    Hi David

    I read through all these interesting notes, but didn’t find anything on ".com" extension. I have images saved in user directories, named by user email addresses (because they’re unique), like webserver.com/mary@test.net/pic.jpg – picture downloads great. But if user email ends on ".com", like webserver.com/mary@test.com/pic.jpg – picture download gives 403.1 error "no execute permission". Is any way to configure IIS5 not to consider ".com" in path as executable?

    thank you

    Konstantin

  45. Sasi says:

    Please help me!!!

    I have lot of files on the server(it has got IIS 6.0) with different extensions(like abc.x01, xyz.x02, ddd.c12…). I have set the MIME type to .* with application/octet-stream. When I open these files from the IE, it directly opens file on the browser but I would like to have the "File Download" option, so that I can save the file instead of opening it automatically.

    please help me…..

    Many thanks

    Sasi.

  46. I am interested about how to execute executables on a web server and interact via a website.

    Example:http://www.mywebsite/blabla.exe

    How can I check now if the executable is runnning and how can I (if possible) interact with it?

    Does somebody have more information?

  47. Alattar says:

    Thank you David! It really solved my problem.

  48. Erik Peterson says:

    Not sure this is the same, but I am using a C# webservice to run an executable..which is not working in IIS.  I *THINK* its a permissions problem because I can run it no problem in VS 2005, but not when deployed on the server.  If you can help that’d be great, I set permissions to execute already, and added a web extension for the exes..but to no avail..

    Program error:launch failed: c:windowssystem32inetsrv>c:Documents and SettingsAdministratorDesktoptestDebugtest.exe "c:Documents and SettingsAdministratorDesktoptestDebugtest.exe" on ‘frontend’ failed

  49. LGR says:

    Thanks this saved me a lot of time. It reminds me why I use Linux servers. I find them easier to admin.

  50. David.Wang says:

    LGR – I’m glad to be able to help.

    However, ease of administration is relative to one’s skill set. Linux and Windows simply have different usage models.

    For example, I’m sure I find Linux as difficult to manage as you find Windows difficult to manage. But, I respect and leverage the advantages of each platform.

    //David

  51. PJD_BE says:

    OK, but… don’t work with .reg files. How to allow .reg files downloads on IIS 6.0

  52. Aboleth says:

    Thanks, this article helped alot.

  53. RodW says:

    David,

    I’m trying to get IIS 6.0 to serve up MP4 files without success.

    I’ve tried all of your suggestions so far in this list (re MIME Types etc) but it still just gives a 404 error page not found.

    Is there anything else that could be preventing MP4 files from being served?

    Regards,

    Rod

  54. David.Wang says:

    RodW – Please look in the IIS log file entry for the 404 response and if it is a:

    – 404 3 50, that is due to incorrect MIME Type configuration

    – 404 2 1260, that is due to misconfigured Application Mapping which does not have an enabled Web Service Extension

    – 404 0 2, that is a real "File not found".

    – Anything else, it has nothing to do with IIS and depends on arbitrary ISAPI software installed on your server

    //David

  55. RodW says:

    OK. I did this and the log says its 404 2 1260

    Since MP4 files are normally played by Apple Quicktime does this mean that I have to set up a Web Service Extension for MP4 as I have done for other files (like PHP etc)?

    If so, which of the many Quicktime dlls do I need to specify the as the required file?

  56. David.Wang says:

    RodW – Please read the blog entry and understand it.

    Since MP4 files are played by Apple Quicktime on the browser, it means that you should just register the .MP4 extension as a MIME Type with an appropriate value so that the web server allows it to be downloaded to the browser to play. You do NOT want to setup Web Service Extension because you do not want to execute the MP4 file on the server.

    In fact, please remove the Application Mapping for .mp4 – that is the misconfiguration causing your 404 2 1260.

    PHP and MP4 illustrate the two different ways for a web server to handle a given request, as mentioned in the blog entry above.

    PHP is server-side script which generates HTML that is interpreted and displayed by the client-side web browser. Thus, you need to configure an Application Mapping for the .php extension and enable the Web Service Extension for the executable named in the Application Mapping.

    MP4 is a file resource downloaded by the web browser and processed/played by a client-side plugin like Apple Quicktime. You only need to configure IIS to allow it to download, not execute.

    //David

  57. todd says:

    thanks, your explanation helped me figure out why web deployment of symantec was having problems.

    todd

  58. Glenn says:

    Please help !!!

    Anyway we can limit the file being download by file size?

    For example, all file >1Mb cannot be downloaded through HTTP

  59. Stephen Pickett says:

    For anyone with 404 problems, make sure that your .php string in your Website -> Configuration matches with that in your ISAPI filter (if any) and in your Web Service Extension configuration.

    This is the correct way to do it and far safer than just enabling all Unknown ISAPI configurations.

  60. blueocean says:

    thanks, very clear explanation.

  61. Apurva Kaushal says:

    Thanks a lot David for these useful information. It really helped me a lot. Thanks a million again.

  62. perplexed says:

    Help!!

    I’m using the System.Net.WebClient because I need to roll this into a DLL for VB6 programs to use.

    ‘Download a file works great. (2 lines of code)

           Dim wcClient As WebClient = New System.Net.WebClient()

           wcClient.DownloadFile("http://X/X/1.jpg&quot;, "C:1.jpg")    

    Upload throws a 404 0 Not Fnd.

    If no credential passed, throws 401

    wcClient.Credentials = New NetworkCredential("UID", "PW")

    wcClient.UploadFile("http://X/X/1.jpg&quot;, "PUT", "C:1.jpg")

    Can’t find answer. Localhost works fine. Must be permissions??

    Created virtual dir and assigned all read/write permissions to receiving folder on server.

    Any ideas or suggestions would be greatly appreciated…

  63. deseo obtener los beneficios del este servicio

  64. deseo obtener los beneficios de este servicio downlaods

  65. deseo obtener todos los beneficios del programa via downloads

  66. Sector says:

    Thanks for the solution. I ‘ll remember that because I spent half a day searching.

  67. Russell says:

    Thanks, this fixed my problem.

  68. Tom says:

    Hi David!

    I followed your instructions about the IIS and set it to execute .exe files:

    -permission set to "Scripts and Executables",

    -enable a Web Service Extension for that exe,

    -NOT set the mime type for exe!

    -NOT set the mapping /application configuration/ for exe!

    But when write the exe-s url into the browser the  following error appeares:

    CGI Error

    The specified CGI application misbehaved by not returning a complete set of HTTP headers.

    Can you give me somee help for that?

    Thanks

    Tom

  69. Tom says:

    I correct the problem, thanks for fast reply

    Tom

  70. DaveF says:

    Great information!  I followed what you said and had my A.exe file downloading in seconds.

    However, I also have other .exe’s that are delphi forms on the site.  When I set the Execute permissions to Scripts, then the A.exe download works, but the forms don’t.  When I set it to Scripts and Executibles, then the forms work, but the A.exe download file doesn’t.

    Is there a way to set this, so that the A.exe file downloads, yet the other .exe forms execute?

    I’m thinking that this is Step 2 of the blog, where I would have to enable a Web Service Extension for the A.exe file.  If that’s the case, how would I go about doing this?

    I went into the WEb Service Extensions folder and created a new extension called "A" and associated A with the A.exe file.  Is this incorrect?

  71. David.Wang says:

    DaveF – Yes, it is possible to achieve what you want. You need to make sure that:

    1. A.exe does NOT have "Scripts and Executable" execute permission applied to it, so that it downloads

    2. other .exe forms HAVE "Scripts and Executable" execute permission applied to it, so that these forms execute and function.

    Clearly, one needs to set two different execute permissions. There are several ways to do this.

    Since you can set execute permissions for a virtual directory, set your existing virtual directory for these .exes to be one of the values (either "Scripts" or "Scripts and Executables"), then create a different IIS virtual directory pointing to the same physical directory, and have its execute permission be the other value. Now, reference A.exe from one of the virtual directories and the other .exe FORMs from the other.

    If you want to accomplish this without changing any external URLs, there is another approach, but you cannot do it totally from the IIS Manager UI. You will configure the execute permission to be "Scripts and Executables" for the virtual directory containing A.exe and the other .exe FORMs. You will then have to use a tool like ADSUTIL.VBS to set the AccessFlags property of the A.exe IIsWebFile itself to be "None" so that it downloads. This gives the behavior that all .exe will execute EXCEPT A.exe, which will download. i.e.

    CSCRIPT.EXE %SYSTEMDRIVE%inetpubAdminScriptsadsutil.vbs CREATE W3SVC/1/ROOT/vdirname/A.exe IIsWebFile

    CSCRIPT.EXE %SYSTEMDRIVE%inetpubAdminScriptsadsutil.vbs SET W3SVC/1/ROOT/vdirname/A.exe/AccessFlags 1

    where W3SVC/1 corresponds to the ID of your website, and /vdirname corresponds to the full pathname of your virtual directory

    Now, downloading of A.exe has nothing to do with Web Service Extension since that feature has to do with program EXECUTION. You want A.exe to download, not execute, so it has nothing to do with Web Service Extensions.

    Meanwhile, since you want the other .exe FORMs to execute on the server, every such .exe MUST be enabled in Web Service Extensions or else IIS6 will not execute them on the web server.

    //David

  72. PH says:

    Hi, David!

    Great post, helped me a lot!

    Now I’m stuck with an execution ploblem with a thid-party .exe file. I double-checked all the settings, and it’s still beeing downloaded instead of executing.

    I don’t have an Application Mapping for .exe, I’ve set the "Scripts ans Executables" execute permission on the virtual directory and I have created and allowed an Web Service Extension for that .exe. When I prohibit this Web Service Extension, I get the 404 error. When I allow it, the browser tries to download it.

    This file is hosted on an application server. I even tried installing IIS on this server and configuring all the way, but still doesn’t work.

    I’m thinking this may be a problem at the .exe file, but when I run it from a console, I get the response:

    "D:seniorwebrs>conector.exe

    Content-type: text/html

    <HTML><HEAD><TITLE>ERROR</TITLE></HEAD><BODY><P><H1>Error1.htm</H1></P><P>Comments: </P></BODY></HTML>

    D:seniorwebrs>"

    Got any clue?

  73. kishore says:

    hi to all,

    i have done one project in vb.net, i dont know how to generate exe file and setup file, please help me

    thanks alot

  74. WJewell says:

    Great help, I was even able to use it for my problem on IIS ver 5.1 and getting my .exe file to generate a response (option #2).  Many thanks!!!!!!

  75. steve says:

    Many thanks!  Couldn’t figure out why we couldn’t download .exe files.

  76. Let me add my thanks as wellf or a concise (and very useful) answer! 😀

  77. G. S. Lyon says:

    Even with the shear numbers of replies to your blog, let me add my thank you as well.

    Your post is concise and to the point! It’s unfortunate vendor product documentation can’t be like this.

  78. David.Wang says:

    G.S.Lyon – Welcome. Glad I could help and explain things quickly and concisely.

    //David

  79. gshewan says:

    Thanks David, that "Scripts and Executables" had me too!

  80. Nimish says:

    Awesome, that saved my day.

    Thanks David. That was really good!!

  81. Scott says:

    David –

    I have an executable file that works with a dll located in a cgi-bin directory. Tee file needs to execute and does not and I am getting the expected "404 2 1260" in the logs. You suggested that this is a due to an absent web service extension. I enabled "all unknown CGI extensions" and now I am able to run the executable. But, the problem is that this is a global change for all of my sites running in IIS and is a security concern of mine. Is there a way to only allow this for one particular web site or is this an all or none deal?

    Thanks in advance.

  82. David.Wang says:

    Scott – You should create a Web Service Extension to the CGI EXEcutable itself and enable it. It then allows IIS to execute that CGI for any website.

    Web Service Extension is meant to allow/deny execution of a single EXE across all websites on IIS. Thus, it is very fine-grained.

    People tend to make the mistake of wanting to use Web Service Extension as an authorization mechanism and ask "can I have this EXE be allowed to run only on this particular website but not anywhere else" — i.e. per-URL Web Service Extension

    However, Web Service Extension was never meant an authorization mechanism — it is an IIS-wide yes/no security decision.

    The better way to authorize CGI execution is to use process identity and NTFS ACLs to control *which* URL/website can actually read the CGI — because then Web Service Extension allows you to control whether it is even allowed to be executed by IIS, and through NTFS ACLs you control exactly what the CGI can do.

    Cardinal sin made by users — if you do not control the user identity, you cannot properly authorize.

    That is real authorization. Per-URL Web Service Extension pales in comparison and that’s why we didn’t do things that way, even though customers think it is the "natural" solution.

    //David

  83. Rahul says:

    Hey..the view u mentioned are quiet good..but i m using verion IIS5.1…The mentioned thing is not working there…Kindly revert back

  84. Doo4fun says:

    David,

    I have a virtural directory off root that must have execute premissions set to scripts and exe to allow the site to server pages.  The directory is web shared with properties of execute.  (I have found that when the virtural dir is set to scripts and exe then the web share defaults to execute.  If web share is changed it also changes the Virtural site and vice versa) My problem is that the .exe will not execute if the web share permissions is set to execute.  it wil work if the  Web share permissions are none or scripts.  But then my website will not server pages.  I have the default mime type .exe configured and I have added the .exe path to the Web server extentions.  Now the site does not return the 404 error the site times out with  CGI Timeout.

    Thanks,

    doo4fun

  85. David.Wang says:

    Doo4fun – It sounds like you configured every possible combination, all conflicting, so nothing works as it should.

    First, get rid of the configuration changes you made, such as adding the .exe MIME Type, .EXE Web Service Extension, and .EXE Application mapping. Your configuration is causing the misbehavior.

    Then, decide on what you want to do based on this blog entry, which describes how to properly configure all the options. Any other configuration is incorrect.

    //David

  86. Doo4fun says:

    David,

    I have read the details of this blog however; I believe my scenario may be a slight different.  The (3rd Party) application requires execute permissions set to scripts and exec to allow the site to server pages.  Now within the page there is a link to download a file.  This is where the 404 error is produced.  I actually need both #1 and #2 to happen.

    Is this possible?

    Doo4fun

  87. David.Wang says:

    Doo4fun – Thanks for clarifying.

    It sounds like what you want is to execute a 3rd party application with .EXE extension in one virtual directory, and it also serves up files with .EXE extension for download from the same virtual directory. If not, please clarify further.

    To do the above, you need to use IIsWebFile to set the Execute Permission on the .EXE 3rd party application itself to be "Scripts and Executables" while the rest of the virtual directory is set to "Read" only and does not execute anything. And make sure the MIME Type for .exe is set in this virtual directory to allow downloads.

    With such a design, it is possible for:

    – /directory/3rdPartyApp.exe  to execute

    – /directory/Another.exe URL served up by 3rdPartyApp.exe to be downloaded

    FYI: This 3rd Party Application’s design is *bad*. What you really want is for the application itself to execute in one URL namespace while the files it serves to live in another URL namespace. The fact that it mixes it all up is poor, insecure design.

    //David

  88. L P Morton says:

    David,

    How about IIs 5.0?

    I need to execute an .exe on a web server for a private web site.

    The program returns http 401.3 no matter what. I have changed every known permission there is and still it gives me the same error.

    Here is my code, but I have tried about 20 different code approaches.

    <HEAD>

    <SCRIPT type="text/javascript" LANGUAGE="JavaScript">

    function JSRun( program, params )

    {

    var program = "d:/inetpub/txprc/txprc.exe";

    var params = ‘TX’;

    var shell = new ActiveXObject( "WScript.Shell" );

    shell.run("http://www.txprc.com/txprc.exe&quot;);

    }

    </SCRIPT>

    </HEAD>

    <BODY>

    <FORM name="Form1">

    <BR><BR>

    <H1>Execute TXPRC From HTML </H1>

    <BR><BR>

    <BR><BR>

    <input type="Button" name="Button1"

      value="Run txprc.exe" onClick="JSRun()"  />

    Thank you for your help….

  89. Ben says:

    Hi All —

    I’m attempting to have files with .exe extension run so that dynamic web content is displayed (option #3 as listed several times above).

    I have a virtual directory that contains the .exe files.  That virtual directory has its "Execute Permissions" set to "Scripts and Executables".

    The .exe extension is NOT listed in the MIME-type list anywhere.  It is also not listed in ISAPI application map list.

    I have the Web Service extensions set to "Allow All unknown CGI extensions" (for the purpose of testing).  Though I also set up a specific extension for each of my files in an attempt to get this working.

    When I try to access the webpages in IE7 (one of my pages is called "login.exe") — I get a blank page.  The IIS log shows the server sending a 200 response.

    When I try to access the webpage in Firefox I get the "Save File" dialog.  

    Help!

  90. David.Wang says:

    Ben – this sounds like a problem with your .exe files because they are not generating proper HTTP response to be interpreted as web content by browsers.

    Please run the .exe yourself and report the exact output produced by the .exe files, including output of every single byte that is sent, because HTTP cares around the exact bytes, not characters, being transferred.

    //David

  91. Ben says:

    Hi David —

    Thanks for the response.  The initial “load” page is very simple.  

    Here is the output (the first character “C” is line 1, char 1):

    Content-Type: text/html; charset=ISO-8859-1

    <html>

    <head><title>Company Title</title>

     <style type=’text/css’>

     <!–  url(../css/23A7.css) –>

     </style>

     <script language=Javascript1.2>

     <!–

     function onFormSubmit() {

       setTimeout (“document.forms[‘one’].uname.value=””, 5000);

    setTimeout (“document.forms[‘one’].pd.value=””, 5000);

       var EncUname;

       var HexEncUname;

       var EncPd;

       var HexEncPd;

       var uName = document.forms[‘one’].uname.value;

       var pd = document.forms[‘one’].pd.value;

       var key = “”;

       EncUname = des( key, uName, 1, 0 );

       HexEncUname = translate( EncUname, ‘ascii’ );

       EncPd = des( key, pd, 1, 0 );

       HexEncPd = translate( EncPd, ‘ascii’ );

       document.forms[‘two’].hiddenuname.value = HexEncUname;

       document.forms[‘two’].hiddenpd.value = HexEncPd;

       var winString = ‘width=’ + winWidth + ‘,height=’ + winHeight;

       winString = winString + ‘menubar=no,toolbar=no,scrollbars=yes,resizable=yes,left=5,top=5’;

       document.forms[‘two’].target = ‘main’;

       window.open(”, ‘main’, winString);

       document.forms[‘two’].submit();

       return false;

    }

     function bodyLoad() {

       document.one.uname.focus();

     }

    –>

    </script>

    </head>

    <body onLoad=’bodyLoad();’>

    <center><img src=’../images/keysystems_logo.gif’></center>

    <br><br>

    <center><h3>Login</h3></center>

    <center>

    <FORM method=’POST’ name=’one’ onSubmit=”return onFormSubmit();”>

    <table>

    <tr><td class=’small-form’>Username:</td><td><INPUT TYPE=’text’ name=’uname’ class=’small-form’></td></tr>

    <tr><td class=’small-form’>Password:</td><td><INPUT TYPE=’password’ name=’pd’ class=’small-form’></td></tr>

    <tr><td colspan=’2′><INPUT TYPE=’submit’ value=’Submit’></td></tr>

    </table>

    </FORM>

    </center>

    <FORM method=’POST’ name=’two’ action=’main.exe’>

      <INPUT TYPE=’hidden’ name=’hiddenuname’>

      <INPUT TYPE=’hidden’ name=’hiddenpd’>

    </FORM>

    </body>

    </html>

  92. David.Wang says:

    Ben – What you provided is not proper HTML.

    Content-Type is a HTTP response header which should not show up as part of any HTML Markup, so that is a bug in the CGI.

    In order for the EXE to function properly to generate dynamic content that can be interpreted by a browser, it needs to output a proper HTTP response with HTML Markup as entity body.

    The following is what a proper-looking HTTP response should look like. It needs to be generated by the CGI EXE.

    HTTP/1.1 200 OK[CRLF]

    Connection: Close[CRLF]

    Content-Length: <byte count of HTML Markup as Entity Body>[CRLF]

    Content-Type:  text/html; charset=ISO-8859-1[CRLF]

    [CRLF]

    <html>…

    </html>

    Some of the most common problems with CGI are:

    1. not sending CRLF (hex 0D 0A) to terminate HTTP header lines as specified by HTTP 1.1 specification

    2. not sending Content-Length, which forces the client to use Connection closure as way to know when the request is done. Combined with HTTP/1.1 which defaults to Connection: Keep-Alive, it means that CGI’s which rely on "default" values will just fail.

    3. not sending a Content-Type response header

    Based on what you provided, it looks like the CGI has several of these problems. If this CGI worked before, it was more because of a miracle than by-design.

    //David

  93. bamm78 says:

    David —

    Appreciate your response.  I’m going to work with the vendor to see what can be done here.  Clearly, IIS6 is more strict about enforcing these rules than II5 or Apache 2.x, as the application seems to be running fine in those environments.  

    Thanks again, and I’ll post some further results when I get them.

    Ben

  94. David.Wang says:

    Ben – both of those named servers allow very badly written applications to semi-function. It makes the server look stellar in terms of compatibility, but all it really does is propagate badly written and non-conformant applications.

    We all know the same mess on the Browsers, which had bugs that allowed badly written applications (or even browser-bug-specific applications) to propagate… until conformance to HTML standards kicked in with some Browsers to clean things up.

    It may hurt in the short run, but in the long run, having applications which conform to public HTTP and HTML specifications is a good, not bad, thing.

    //David

  95. Ben says:

    Hi David —

    Thanks again for the knowledge, you’ve been extremely helpful.  One thing I’ve tried is to write a test script, which I compiled into an EXE and am testing on my own.  Here is the output:

    HTTP/1.1 200 OK

    Connection: Close

    Content-Length: 101

    Content-Type:  text/html; charset=ISO-8859-1

    <html>

    <head>

    <title>Test Page</test>

    </head>

    <body>

    <h2>Testing…</h2>

    </body>

    </html>

    Accessing this page with IE7 renders a blank page, while attempting it with Firefox gets the file download routines started.  Is there an issue with conforming to HTTP/HTML specs with this script, or should I go back to checking my IIS settings?

    Thanks again for all of your help.

    –Ben

  96. Ben says:

    Just to (maybe) make the script output clearer:

    HTTP/1.1 200 OK[CRLF]

    Connection: Close[CRLF]

    Content-Length: 101[CRLF]

    Content-Type:  text/html; charset=ISO-8859-1[CRLF][CRLF]

    <html>

    <head>

    <title>Test Page</test>

    </head>

    <body>

    <h2>Testing…</h2>

    </body>

    </html>

  97. David.Wang says:

    Ben – IIS itself does not modify response output. However, you may have custom ISAPI that do modify response – I do not know your server’s configuration.

    I do not count 101 bytes following the double [CRLF] (maybe some of the [CRLF] are eaten up by HTML, which does not preserve such whitespace by definition), which constitutes what the browser expects to download and display.

    Malformed HTTP response often results in unexpected (and different) behavior between browsers.

    //David

  98. Raja says:

    Hi david,

    I want to run .exe file in my server .first i try it in my localhost like as you metioned i add a webservice extension and i try to execute it cause an exception as follows

    ExitCode = ‘command.ExitCode’ threw an exception of type ‘System.InvalidOperationException’

    Please  help me.

  99. Avinash Goyal says:

    Hi David,

    I have been running into a problem. I have .sitx file which macintosh compressed file like .zip file. On our local environment we have IIS 5.1. Whenever I download .sitx file from my local environment it does good. It shows me ‘File download’ window. But on Production environment I have IIS 6.0, it is showing me ‘File Not Found’ error.

    Please suggest a solution to this.

    Thanks,

    Avinash

  100. David.Wang says:

    Avinash – the solution is actually mentioned in this blog entry. You want action #1 to happen, and the blog entry tells you how to do that.

    //David

  101. Amit says:

    Hello,

    I am facing problem in downloading .exe file from asp.net website which is hosted on IIS7 and Windows Server 2008.

    The following error comes when i am trying to download .exe file :

    HTTP Error 404.2 – Not Found

    The page you are requesting cannot be served because of the ISAPI and CGI Restriction list settings on the Web server.

    It is perfactly working in IIS6 and windows server 2003.

    Any help is appreciated.

    Thanks & Regards,

    Amit

  102. David.Wang says:

    Amit – please read this blog entry for the solution. If you configure IIS7 the same as IIS6, it will work perfectly as well.

    //David

  103. Amit says:

    Hello David,

    Thanks for your quick reply.

    I have tried to follow your steps but still i am not able to download *.exe file from my webiste hosted on IIS7 and Windows Server 2008.

    For your reference, here i am listing some of my IIS settings.

    ISAPI and CGI Restrictions

    description = Active Server Pages  

    Restrictions = Allowed

    Path=c:windowssystem32inetsrvasp.dll

    description = ASP .NET v2.0.50727

    Restrictions = Allowed

    Path=C:WindowsMicrosoft.NETFrameworkv2.0.50727aspnet_isapi.dll

    description = [No Description]

    Restrictions = Allowed

    Path=C:Perlbinperl.exe "%s" %s

    description = [No Description]

    Restrictions = Allowed

    Path=C:Perlbinperlis.dll

    description = [No Description]

    Restrictions = Allowed

    Path=C:PerlbinPerlEx30.dll

    Handler Mappings on Site Level

    name=CGI-exe  path=*.exe stat=Enabled

    path type=File

    handler=CgiModule

    Access ->Read

    name=ISAPI-dll  path=*.dll stat=Enabled

    path type=File

    handler=IsapiModule

    Access ->Read

    If you get any idea from the above information then please suggest me what other settings should i do? Or if you want some more information about my iis settings then pls let me know.

    Any help is appreciated.

    Thanks & Regards,

    Amit

  104. Ofer says:

    Hello David,

    I am able to download an .exe file from IIS 6.0, but the progress bar shows "Estimated time left : Not Known", while if I change the extension of the file (lets say .dmg), I get the right estimation.

    What might cause that?

    Thanks,

    Ofer

  105. David.Wang says:

    Ofer – something is configured on IIS to cause the .exe extension to be transferred via chunked encoding instead of content-length. Since chunked encoding means "keep downloading until the server tells the browser it is done", it is not possible for the browser to estimate number of bytes remaining and hence impossible to estimate time left.

    The default behavior on IIS for static files like .exe is content-length, which gives the same behavior as .dmg.

    Thus, something on the server is configured to transfer .exe as chunked encoding. An ISAPI Filter or Application Mapping for * or .exe can result in this behavior.

    Since this non-default behavior is due to user configuration, you will have to determine whether that configuration is necessary and if not, remove it. Then .exe will download with content-length as expected.

    //David

  106. David.Wang says:

    Amit – You need to remove the handler mappings you added at the site level for CGI-EXE and ISAPI-DLL. They are incorrect and cause your issue.

    FYI: This is what your handler mapping definition is actually saying.

    It tells IIS to *launch* any EXE as CGI on the server-side whenever the resource is accessed by a client for download. That is clearly not what you want – you want IIS to send the EXE as download whenever the resource is accessed by a client for download.

    Removing your misconfiguration and adding .EXE MimeType should allow the default IIS configuration to function as you expect.

    //David

  107. Ofer says:

    Hello David,

    Thank you for your response. The chuncked encoding hint set me on the right path, and actually I found the solution on another post by you 🙂http://www.eggheadcafe.com/software/aspnet/31045970/compression-and-disablin.aspx

    The exe extension was set to be compressed.

    Thank you again,

    Ofer

  108. Phillip says:

    Thank you so MUCH for this post!  Worked like a charm just changing the Execute Permissions.

  109. st.silvia says:

    Defining MIME types in IIS helped me a lot. The issue was that some of the files were downloading (common extensions like "zip", "doc"), other files with unknown extensions – were not.

    Thank you very much ! This article was a great help !

  110. David.Wang says:

    st.silvia – Glad you resolved your issue.

    Honestly, I am glad that IIS6 forces the issue of making you define MIME types in IIS or else it refuses to send them as download… because that is the way things should be. Why?

    Because web administrators were lazy at defining MIME types, web browsers had to get incredibly smart at sniffing content to determine content-type so that it knows how to handle downloaded content. This has good and bad implications.

    For example, sending a file to be downloaded, or opened/executed looks EXACTLY the same to the server but are obviously very different user experiences in the web browser. Without the server providing MIME types, the web browser has to guess one way or another — and web page developers start writing code to fool how each browser sniffs content in order to force the behavior that they wanted — which is clearly not standards compliant nor solid code.

    If web servers forced the administrator to declare MIME Types from the beginning, web browsers would not need to sniff content, web developers would not need to write browser-specific code to defeat sniffing to achieve their desired client-side behavior, and things would be a lot cleaner today.

    //David

  111. Unfortunately this did not answer my question. For some strange reason, EXE files don’t completely download anymore. They stop at 98%

  112. David.Wang says:

    Webwinkel freak – This blog entry deals with allowing the EXE to download. If it fails at 98%, your question is completely unrelated to this.

    If you have a reliable repro, I suggest using a network monitor to capture the entire network traffic of the download. Then, you can see whether the problem is due to:

    1. The Server prematurely closing the connection before download is complete

    2. Any mismatch between the number of bytes the server promised to send in the header vs actually sent

    3. Any other network anomaly

    Once you can determine if the problem is on the network or on the server/client, then you can proceed further.

    For example, if you determine the issue is on the server, you will need to examine what handler sent the .EXE download. By default it is the IIS Static File Handler, which doesn’t have such issues, so I suspect your system has other custom handlers performing the download — which means you have to start looking for bugs in those custom handlers.

    //David

  113. Alison says:

    Thanks David, I found this article helpful in enabling download of dxb files.  Worked like a charm!

  114. Dirk says:

    Hi David,

    You are a great help. My customer has tried many things to allow exe to download to browser. The product is an application run from a web server. I’m not to up on the networking stuff but I have it running from our web server (third party)….no problems. What happens is you click on a link on a web page, a couple downloads happen (one of which is the exe) and then the application runs…..fetching content (resources) from the server as needed. The site is getting a 404 error (just 404)….Object not found….although the file is there. The site is using IIS5.0.

    Please help.

  115. David.Wang says:

    Dirk – I suggest you read the threads of this post to find clues to answer your question. It is why I allow unlimited anonymous comments — to gather collective community knowledge and experience.

    I suspect you will find searching for "URLScan" useful.

    //David

  116. Rick says:

    Thanks David.  This solved my problem and I learned something.

  117. teenzbutler says:

    I have an .exe file in my CGI BIN that I would like users to be able to run scripts and execute.  I have two servers running IIS 6.0 (WS 2003 and WS 2008).  My 2003 system works great.  All permissions are in place with no problem.  My 2008 is not working.  When I access the .exe file, I receive 404 file not found error in my browser.  I have read through the posts and am confused.  The interface in WS 2008 is completely different than 2003.  I can’t find the Web Server Extension or the execute permissions for the CGI BIN.  In 2003 you right click on CGI BIN and the execute permissions are right there in front of you.  In 2008 you right click the CGI BIN and you get the security permissions tab as you would on a windows folder/file.  The only area I could find the Script and Execute functions was within the Server Components section under Handler Mappings.  I am not sure if there is where I need to be.   I was also reading about virtual directories.  Do I need to create one of those under the CGI BIN?   Any help is much appreciated.

  118. David.Wang says:

    teenzbutler – IIS7 retains much of the same features of IIS6 (and adds some new features of its own).

    Execute Permissions and Web Service Extensions are concepts still retained in IIS7, and the IIS7 UI allows you to configure them, just in different locations. You found the place for Execute Permissions. The Web Service Extensions got renamed to CGI/ISAPI because that was what it configured.

    Virtual Directories have no relation to this issue because it defines a virtual-to-physical mapping (i.e. which filesystem directory corresponds to the virtual directory’s name), which has nothing to do with ability to execute scripts and executables.

    I view the IIS7 UI as a "test" to see if the user actually understood the concepts of what was being configured, or if the user just remembered to always right click properties, select the second tab, third button, click two check boxes and then OK out of everything to configure something.

    In other words, the IIS6 UI is like a glorified ‘regedit’ tool, and one quickly got used to "right click properties" on an object to get to the various property pages that contained what you wanted to configure. There is often very little logical coherence in those property tabs, and useful configuration were ofter buried four levels deep. But, people prove to be highly adaptive and "learned" where they were.

    IIS7 UI is different — it is Task oriented. You still have the familiar Tree view (people loudly complained when we didn’t have it in beta originally), but instead of "right click properties", you now need to select the object to find a filtered list of applicable configuration choices in the center and a list of common, context-sensitive tasks in the right pane.

    The logic becomes "choose this task for this object" instead of "right click properties for this object". It is a subtle but profound change, and while users will certainly complain at any change, I believe that it is a worthwhile and gutsy change initiated by the IIS7 UI. Once you get used to the UI and concepts, you should find that IIS7’s core behaviors and functions a little better. IIS7 brings a lot of good things to the table, and it will be good to learn about it.

    //David

  119. teenzbutler says:

    Thanks for your reply.  Unfortunately, I don’t see the CGI/ISAPI feature on the Features screen.  This is why I am confused.  Does this feature need to be invoked some how?

  120. teenzbutler says:

    Thanks for you reply.  I don’t see the CGI/ISAPI feature anywhere on the feature screen.  Does this need to be invoked some how?

  121. teenzbutler says:

    I found exactly what I need from this article.  It makes so much sense.  My CGI script is working perfectly!  I hope this helps others: http://www.wrensoft.com/zoom/support/faq_cgi_iis.html

  122. David.Wang says:

    teenzbutler – did you install the CGI Feature to be able to run that .exe? It is not installed on IIS7 by default.

    //David

  123. Tamer says:

    Hi,

    How can I enable download of a "*.rar" file.

    When I try to access the file via browser, I get the following error:

    "You are not authorized to view this page

    You do not have permission to view this directory or page due to the access control list (ACL) that is configured for this resource on the Web server."

  124. Amit says:

    David,

    Thanks for the article. It worked for me.

  125. Russian says:

    Thank you very much!!! Really helpful information.

  126. Rajesh says:

    How can i download files with filename in japanese characters (収益認識.txt). i am getting a 404 error.working fine for english file names.

  127. M.Venkat says:

    Hi David

    I had gone through the article and registered MIME types, still i am facing the issues.

    Issue: I am trying to download doc,docx,ppt and pptx from my .net website, hosted on Windows 2003 and IIS 6.0. It is saying "Unknown file type" for ppt and pptx, "wordpad document" for doc and "Compressed(zip folder)" for docx.

    Please let me know Am i missed out any configuration or Is there any other fix for this.

    Just for your information, I have registered the MIME types at IIS level not at default site or at my site.

    Thank you in advance for your help

  128. Developer28 says:

    Hi David,

    Thanks for a good post.

    I am successfully able to prevent .exe execution on the server side and can download them to the client side.

    The following represents my current configuration:

    o Extension:*

    o MIME type: application/octet-stream

    o Set "Execute Permissions" to NONE

    But the objective that i want to attain is i do not want absolutely anything to be run on the server side. I want EVERYTHING to be brought down to the client side.

    Even after the above configuration, though i am able to bring .exe files down to client side, other files like *.cer which try to get executed on the server side. I am not able to download them when i click on them in IE. How do i manage getting these files on the client side.

    Looking for some advise from you.

    Thanks!

  129. Matteo says:

    Great post, simple but effective.

    Thanks

  130. todo esta bien sola con ganas de buscar compañia , muchas amistades

  131. EvitomoCol says:

    Hi

    Under IIS6 I have a file (Eg colin.csv)  which for some reason is being downloaded as pagename.aspx, where pagename is the page which is doing the response.binarywrite().

           response.AddHeader("Content-Disposition", "attachment;filename=" & "WebPay" & Format(Now(), "ddMMyy") & ".csv")

           response.ContentType = "application/octet-stream"

           Dim Encoding As New System.Text.ASCIIEncoding

           response.AddHeader("Content-Length", Encoding.GetByteCount(exportContent).ToString())

           response.BinaryWrite(Encoding.GetBytes(exportContent))

           response.Charset = "iso-8859-2"

           response.End()

    Do you think adding a CSV mime-type server-side will help resolve this?  The website sits behind an F5 server, so some chunking is possible – not sure whether this may affect it or not.  

    Any assistance would be greatly appreciated.

    Col

  132. I also had this issue and adding the new MIME Type to IIS fixed it. Mine was actually for ".qwc" files and I was able to set their MIME type as the generic "application/octet-stream" in order to be able to download them.

  133. Sachin says:

    Thanks Buddy 🙂 . I had the same issue and it resolved by remove the permission "Execute Permissions"  and it works .

  134. varahalu says:

    hi

    i want to execute an .exe file on the browser and i am using asp.net and iis 6.0 is my server

    and i follow the steps provided by you to execute an exe but i am getting an error message

    CGI Error

    The specified CGI application misbehaved by not returning a complete set of HTTP headers.

    what to do for this plz help me for this

  135. varahalu says:

    I followed your instructions about the IIS and set it to execute .exe files:

    -permission set to "Scripts and Executables",

    -enable a Web Service Extension for that exe,

    -NOT set the mime type for exe!

    -NOT set the mapping /application configuration/ for exe!

    But when write the exe-s url into the browser the  following error appeares:

    CGI Error

    The specified CGI application misbehaved by not returning a complete set of HTTP headers.

    Can you give me somee help for that?