Error: HTTP 500 Server Error Unable to Perform a Security Operation (158724)
The information in this article applies to:
- Microsoft Internet Information Server 2.0
- Microsoft Internet Information Server 3.0
- Microsoft Internet Information Server 4.0
This article was previously published under Q158724 We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site: SYMPTOMS
In IIS 2.0 and 3.0, when you choose a link that references a file for download, you may receive the following error message:
HTTP/1.0 500 Server Error (Unable to perform a security operation
on an object which has no associated security.)
In IIS 4.0, you will be challenged for credentials, with no credentials working, and then receive a 403.1 Access Denied error.
CAUSE
In a directory that has both Read and Execute permissions, when you attempt
to activate a link that references an executable file (such as in a self-
extracting .exe file), Internet Information Server attempts to execute
rather than download the file. If the file is a 32-bit program it will be
executed, however, if it is a 16-bit executable IIS generates the HTTP
Server Error listed in the Symptoms section of this article. This occurs
because you cannot execute 16-bit CGI programs.
RESOLUTION
Remove Execute permission on the virtual directory that the downloadable
file is mapped to and make sure that Read permission is allowed. For
security reasons, you should not grant Read and Execute permission at the
same time on a virtual directory. This configuration allows users to read
script files that contain proprietary information about settings which can
compromise server security.
| Modification Type: | Minor | Last Reviewed: | 6/22/2005 |
|---|
| Keywords: | kbenv kbprb KB158724 |
|---|
|