The AspEnableParentPaths property specifies whether an ASP page allows paths relative to the current directory (using the ..\ notation) or above the current directory. If set to true, this property constitutes a potential security risk, because an include path could access critical or sensitive data files outside the root directory of the application if strong ACLs are not set on those files.
IIS 6.0 and later: To increase security, parent paths are disabled by default. This can potentially break upgraded Web sites that use the ..\ notation or include files from parent directories.
This property is an application-level property.
You can configure this property at the following locations in the IIS metabase.
IIS Admin Object Type
Client: Requires Windows XP Professional, Windows 2000 Professional, or Windows NT Workstation 4.0.
Server: Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0.