IIS lets a user set the script and run permissions on a virtual directory separately from its write permissions. Typically, administrators who want to allow script and program execution on a virtual directory disallow writing to that virtual directory (this keeps clients from uploading executable scripts or programs to a directory and executing them). However, when a virtual directory is BITS Server enabled, even though write permissions on the virtual directory have been disallowed, clients can write to this directory by using BITS Server.

To protect the server, BITS Server disables all script and run permissions on a BITS upload–enabled virtual directory. To help secure this virtual directory, BITS Server confirms that these permissions are disabled before responding to any client request for uploading data. If these permissions are enabled at any time, BITS Server will then deny all upload requests until the permissions are disabled again. Every time that the BITS Server denies a request in such an environment, it will write a log entry in the IIS logs.

See Also