The AspEnableParentPaths property specifies whether an ASP page allows paths relative to the current directory (using the ..\ notation) or above the current directory. If set to true, this property constitutes a potential security risk, because an include path could access critical or sensitive data files outside the root directory of the application if strong ACLs are not set on those files.
IIS 6.0 and later: To increase security, parent paths are disabled by default. This can potentially break upgraded Web sites that use the ..\ notation or include files from parent directories.
This property is an application-level property.
Attribute Name
Value
ADSI/WMI Data Type
BOOL
ABO Data Type
DWORD_METADATA
Schema Default
FALSE
Internal Default
Upper Bound
0
Lower Bound
Not specified
Internal ID
7008
Friendly ID
MD_ASP_ENABLEPARENTPATHS
Property Attributes
INHERIT
User Type
ASP_MD_UT_APP
You can configure this property at the following locations in the IIS metabase.
Metabase Path
IIS Admin Object Type
/LM/W3SVC
IIsWebService
/LM/W3SVC/n
IIsWebServer
/LM/W3SVC/n/ROOT/physical_directory_name
/LM/W3SVC/n/virtual_directory_name/physical_directory_name
IIsWebDirectory
/LM/W3SVC/n/ROOT
/LM/W3SVC/n/ROOT/virtual_directory_name
IIsWebVirtualDir
There are no flags for this property.
Client: Requires Windows XP Professional, Windows 2000 Professional, or Windows NT Workstation 4.0.
Server: Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0.
Product: IIS