Requests for dynamic content return 404 error

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

To help minimize the attack surface of the server, IIS 6.0 is not installed on Windows Server 2003 by default. When you first install IIS 6.0, it is locked down — which means that only request handling for static Web pages is enabled, and only the World Wide Web Publishing Service (WWW service) is installed. None of the features that sit on top of IIS are turned on, including ASP, ASP.NET, CGI scripting, FrontPage® 2002 Server Extensions from Microsoft, and WebDAV publishing. If you do not enable this functionality after installing IIS, by default on this denial, IIS returns a generic 404 custom error page to prevent disclosure of configuration information. IIS also writes the 404 error with the substatus code of 2 (404.2) in the W3C Extended log files, by default.

Procedures

Important

You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".

To enable or disable a Web service extension

  1. In IIS Manager, expand the local computer, and then click Web Service Extensions.

  2. In the details pane, click the Web service extension that you want to enable or disable, and then do one of the following:

    • To enable a disabled Web service extension, click Allow, and then click OK.

    • To disable an enabled Web service extension, click Prohibit, and then click OK.

To enable or disable Web service extensions programmatically, see WebSvcExtRestrictionList Metabase Property.