In order to take a more proactive stance against malicious users and attackers, IIS is installed in a highly secure and locked mode. By default, IIS serves only static content - meaning features like ASP, ASP.NET, server-side includes, WebDAV publishing, FrontPage Â® Server Extensions, and Common Gateway Interfaces - do not work unless enabled. If you do not enable this functionality after installing IIS, by default on this denial, IIS returns a generic 404 custom error page to prevent disclosure of configuration information. IIS also writes the 404 error with the substatus code of 2 (404.2) in the W3C Extended log files, by default.
Important noteImportant Note:
You must be a member of the Administrators group on the local computer to perform the following procedure (or procedures), or you must have been delegated the appropriate authority. As a security best practice, log on to your computer using an account that is not in the Administrators group, and then use Runas to open a command window from which you can run other programs like IIS Manager.
To open a command window under secure credentials, from a command prompt, type the following:
Runas /user:domain_or_machine_name\administrative_account_name "cmd /k"
To open IIS Manager from the secure command window, type the following: