Disable BITS Server Scripting

Applies To: Windows Server 2008

IIS allows a user to set the script and execute permissions on a virtual directory separately from its write permissions. Normally, administrators who wish to allow script and program execution on a virtual directory disallow writing to that virtual directory (this will keep clients from uploading executable scripts or programs to a directory and executing them). However, when a virtual directory is BITS Server enabled, even though write permissions on the virtual directory have been disallowed, clients can write to this directory via BITS Server.

To protect the server, BITS Server disables all script and execute permissions on a BITS upload–enabled virtual directory. To make sure that this virtual directory is secure, BITS Server will check to make sure that these permissions are disabled before responding to any client request for uploading data. If these permissions are enabled at any time, BITS Server will deny all upload requests thereafter, until the permissions are disabled again. Every time the BITS Server denies a request in such an environment, it will write a log entry in the IIS logs.