When you use Apache, the underlying permissions of the UNIX file system and the owner or group that the Apache server is being run under affect the objects that you can access and the scripts that you can run. However, when you use Windows, Internet Information Services (IIS) can access any file in the tree of the home folder for a configured Web site (in this respect, it operates as an Administrator account). The underlying Windows permissions for a folder or file are ignored. Instead, a separate mechanism in IIS allows you to control and limit the types of access that the client computer has to specific objects.
The Read permission in IIS is similar to the Read permission bit for files in Apache/UNIX. The Write permission in IIS is used only when you are using Active Server Page (ASP) scripts or Web Distributed Authoring and Versioning (WebDAV) to provide update functionality for a file; therefore, this permission is similar to the Write permission in Apache/UNIX for WebDAV only. The Execute permission in UNIX that is combined with the AddHandler directive indicates to Apache that a particular file is a script that should be run and not returned as a raw file. In IIS, Execute permissions are granted on a Web site basis or a folder basis only; you cannot enable or disable individual files as scripts in this way. However, the extension/handler combination does apply. You grant Execute permissions for a folder, and then associate an extension with a specific scripting engine.
This behavior has limitations. For example, you cannot use a blanket .cgi file name extension and rely on the UNIX header line to select the corresponding scripting language. This limitation may cause problems during migration. In this situation, you can associate the .pl file name extension for Perl scripts the .py file name extension for Python scripts.