Enabling and Disabling Dynamic Content (IIS 6.0)
To help reduce the attack surface of systems, IIS 6.0 is not installed by default on the Microsoft® Windows® Server 2003, Standard Edition; Microsoft® Windows® Server 2003, Enterprise Edition; and Microsoft® Windows® Server 2003, Datacenter Edition. After installing these products, administrators must manually install IIS 6.0.
When you perform a clean installation of IIS 6.0, the default settings help protect your system from malicious users and attackers. When you install IIS 6.0, it is locked down — only request handling for static Web pages (HTTP content, such as .htm and .html files ) is enabled, and only the World Wide Web Publishing Service (WWW service) is installed. The request handlers that process dynamic content are disabled, which means that features like ASP, ASP.NET, server-side includes (SSI), FrontPage® 2002 Server Extensions from Microsoft, and Web Distributed Authoring and Versioning (WebDAV) do not work by default.
You can configure the request handlers (for example, Internet Server API [ISAPI] extensions or Common Gateway Interface [CGI] programs), which are called Web service extensions, by using the Web Service Extensions node in IIS Manager or by using the command-line script Iisext.vbs, which is stored in the systemroot\System32 folder. You can individually enable or disable a Web service extension if it is registered in the Web Service Extensions node in IIS Manager.
For more information about using IIS Manager to administer dynamic content, including step-by-step documentation for adding new Web service extensions, allowing an application to call a Web service extension, or disabling all Web service extensions, see Enabling and Disabling Dynamic Content in IIS 6.0.
For more information about using the Iisext.vbs command-line script to administer dynamic content, such as enabling, disabling, or listing Web service extensions and their files, see Managing Applications and Web Service Extensions Using Scripts.