Enabling Parent Paths (IIS 6.0)
Enabling parent paths specifies whether an ASP page allows paths relative to the current directory (using the ..\ notation). If set to true, this property constitutes a potential security risk, because an include path could access critical or confidential files outside the root directory of the application.
In IIS 6.0, parent paths are no longer enabled by default. This affects your application if it has a Web page that contains the #include server-side include directive and uses ".." notation to refer to a parent directory. Enabling parent paths corresponds to the metabase setting, AspEnableParentPaths Metabase Property.
Important You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /user:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".
To enable parent paths