Configuring IIS 6.0 Application Pools to run CGI Scripts

By | 5 November, 2008

If a website is working i.e. displaying HTML pages but not running a CGI
Application i.e. app.exe with an error “403 : Access Denied – You are
not authorised to view this page” it’s most likely a CGI Access Forbidden
message from IIS.

Check the IIS Logs for an error like this:

2008-08-22 09:49:45 10.1.1.10 GET /appdir/app.exe
dsqApp=Library&dsqCmd=Index.

tcl 80 ED\ADAMSD 10.1.1.10 Mozilla/4.0+
(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.0.3705;+.NET+CLR
+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022)
403 19 1314To get this working….

Create a new user called APP_USER (make a note of the password) set it so
that it won’t expire and the user cannot change the password.

Remove the user from the Users group and add to the IIS_WPG group (This
contains the default permissions needed to be a worker process.;

Create a new application pool called APP_POOL with default settings.  In the
identity tab of the application pool change the user to APP_USER and
enter the password..

In the IIS Web properties for the applications directory under virtual directory
tab change the application pool to APP_POOL and apply.  Then under the
Directory Security tab edit the Authentication and access control change
the username to APP_USER and enter the password.

In the IIS Web properties for the Application directory click the Directory
Security tab and edit the Authentication and access control change the
username to dserve and enter the password.

In the standard NTFS File permissions add the user to the directory in the Inetpub with Read & Execute and also to the Application Directory also with Read & Execute permissions.

Go to the local security policy.  Under User rights add the APP_USER user to
both “Replace a process-level token” and Adjust memory Quotas for a
Process”

The website should now be running.

Leave a Reply