404 File not Found on .EXE files in IIS 6.0

I'm running IIS 6.0 on SBS 2003. I've created a virtual directory that
points to a network share from which internal users need to be able to
download .exe files. Users that browse to the URL of the directory can see
the .exe files listed, but any attempt to click the link or save target
results in a 404 - File or directory not found. The global MIME types
allowed include .exe files, and I've even added the *,application /
octet-stream value to the mime types for the specific virtual directory.
I've make sure the IUSER account has read and execute permissions, and I've
even set permissions wide open just to test it, with no change. I have not
messed with the default Web Service Extentions configuration yet because
everything I've read so far seems to indicate that simply downloading an
..exe file does not constitute serving active content. I'm willing to go
there but not until I have a clear idea of the why and the what. I've
tested several file types, and found the following:

..exe won't download
..bat won't download
..jpg will display

Of course, if I rename the .exe files with a different extension they can
be downloaded, but that's not a practical solution.

Any help appreciated...I'm stuck.

Thanks,

Bryan

RE: 404 File not Found on .EXE files in IIS 6.0

Hi Bryan,
You can try to add the following setting in the urlscan.ini:
[Allow Extensions]
..exe

Cheers,
Steve Goodyear
Vancouver, Canada

Re: 404 File not Found on .EXE files in IIS 6.0

FAQ:

Generally, IIS will do one of three actions given a URL (such as
http://server/downloads/app.exe )
1. Treat app.exe as a file resource and allow the static file handler to
download it
2. Treat app.exe as a script resource, which means the resource is given to
a Script Engine (defined by the Application mapping for the extension),
which does some processing on the resource to generate content to return to
the client.
3. Treat app.exe as an executable resource on the server and execute it on
the server to generate content to return to the client

These three actions directly correlate to the setting of the "Execute
Permissions" on the URL.

You want users to be able to click the link to SAVE the target file -- this
means that you want to configure IIS to treat app.exe like #1. This means
that the virtual directory MUST have "Execute Permissions" set to "None" or
"Scripts" in order to allow .exe to be downloadable. This is how Execute
permission map to my description above:
Execute Permission: None == #1
Execute Permission: Scripts == #2
Execute Permission: Scripts and Executables == #3

You can actually diagnose your problem by simply looking at the IIS web log
files. The access to .exe file probably has 404 2 1260 while the access to
..bat file probably has 404 3 50. Those are the classic security denied
reasons.


So, how I would describe your situation is:
1. Regarding the inability to download .exe files -- your problem is that
you have Execute Permissions on the virtual directory set to "Scripts and
Executables", which causes IIS to try to execute the .exe on the server --
which is NOT what you wanted to do. And since IIS tries to execute the .exe
on the server and it is not enabled in Web Service Extensions, you get a 404
2 1260. No amount of MIME Type configuration will help -- you did not
configure IIS to download the resource, so MIME Type isn't even in the
picture and no amount of read/execute permissions is going to help.

2. Regarding the inability to download .bat files -- your problem is that
..bat is NOT in the MIME Type by default, and there is also no Application
mapping for the .bat extension -- hence IIS tries to serve it as a download
but fails due to missing MIME Type and results in 404 3 50.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Bryan L" wrote in message
news:OKvZOiFPFHA.904@tk2msftngp13.phx.gbl...
I'm running IIS 6.0 on SBS 2003. I've created a virtual directory that
points to a network share from which internal users need to be able to
download .exe files. Users that browse to the URL of the directory can see
the .exe files listed, but any attempt to click the link or save target
results in a 404 - File or directory not found. The global MIME types
allowed include .exe files, and I've even added the *,application /
octet-stream value to the mime types for the specific virtual directory.
I've make sure the IUSER account has read and execute permissions, and I've
even set permissions wide open just to test it, with no change. I have not
messed with the default Web Service Extentions configuration yet because
everything I've read so far seems to indicate that simply downloading an
..exe file does not constitute serving active content. I'm willing to go
there but not until I have a clear idea of the why and the what. I've
tested several file types, and found the following:

..exe won't download
..bat won't download
..jpg will display

Of course, if I rename the .exe files with a different extension they can
be downloaded, but that's not a practical solution.

Any help appreciated...I'm stuck.

Thanks,

Bryan

Re: 404 File not Found on .EXE files in IIS 6.0

Thank you for a marvelously clear and comprehensive answer. Setting the
execute permissions on the virtual directory to "None" immediately solved
the problem.

Thanks again!

Bryan L

"David Wang [Msft]" wrote in message
news:O5TYGJMPFHA.3156@TK2MSFTNGP15.phx.gbl...
> FAQ:
>
> Generally, IIS will do one of three actions given a URL (such as
> http://server/downloads/app.exe )
> 1. Treat app.exe as a file resource and allow the static file handler to
> download it
> 2. Treat app.exe as a script resource, which means the resource is given
> to
> a Script Engine (defined by the Application mapping for the extension),
> which does some processing on the resource to generate content to return
> to
> the client.
> 3. Treat app.exe as an executable resource on the server and execute it on
> the server to generate content to return to the client
>
> These three actions directly correlate to the setting of the "Execute
> Permissions" on the URL.
>
> You want users to be able to click the link to SAVE the target file --
> this
> means that you want to configure IIS to treat app.exe like #1. This means
> that the virtual directory MUST have "Execute Permissions" set to "None"
> or
> "Scripts" in order to allow .exe to be downloadable. This is how Execute
> permission map to my description above:
> Execute Permission: None == #1
> Execute Permission: Scripts == #2
> Execute Permission: Scripts and Executables == #3
>
> You can actually diagnose your problem by simply looking at the IIS web
> log
> files. The access to .exe file probably has 404 2 1260 while the access to
> .bat file probably has 404 3 50. Those are the classic security denied
> reasons.
>
>
> So, how I would describe your situation is:
> 1. Regarding the inability to download .exe files -- your problem is that
> you have Execute Permissions on the virtual directory set to "Scripts and
> Executables", which causes IIS to try to execute the .exe on the server --
> which is NOT what you wanted to do. And since IIS tries to execute the
> .exe
> on the server and it is not enabled in Web Service Extensions, you get a
> 404
> 2 1260. No amount of MIME Type configuration will help -- you did not
> configure IIS to download the resource, so MIME Type isn't even in the
> picture and no amount of read/execute permissions is going to help.
>
> 2. Regarding the inability to download .bat files -- your problem is that
> .bat is NOT in the MIME Type by default, and there is also no Application
> mapping for the .bat extension -- hence IIS tries to serve it as a
> download
> but fails due to missing MIME Type and results in 404 3 50.
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> //
> "Bryan L" wrote in message
> news:OKvZOiFPFHA.904@tk2msftngp13.phx.gbl...
> I'm running IIS 6.0 on SBS 2003. I've created a virtual directory that
> points to a network share from which internal users need to be able to
> download .exe files. Users that browse to the URL of the directory can
> see
> the .exe files listed, but any attempt to click the link or save target
> results in a 404 - File or directory not found. The global MIME types
> allowed include .exe files, and I've even added the *,application /
> octet-stream value to the mime types for the specific virtual directory.
> I've make sure the IUSER account has read and execute permissions, and
> I've
> even set permissions wide open just to test it, with no change. I have
> not
> messed with the default Web Service Extentions configuration yet because
> everything I've read so far seems to indicate that simply downloading an
> .exe file does not constitute serving active content. I'm willing to go
> there but not until I have a clear idea of the why and the what. I've
> tested several file types, and found the following:
>
> .exe won't download
> .bat won't download
> .jpg will display
>
> Of course, if I rename the .exe files with a different extension they can
> be downloaded, but that's not a practical solution.
>
> Any help appreciated...I'm stuck.
>
> Thanks,
>
> Bryan
>
>
>
>