Note: These settings are for Windows Server 2003. If you run Windows Server 2008, please see this article.
Cart32 requires permissions to be set in a few areas to ensure proper functionality. This article is designed to give you a quick reference for all required permissions, as well as some example images to help you.
(Note: Cart32 cannot run on a Linux, Mac, or Unix server)
- Environmental Settings
- IIS Settings
- Directory Permissions
- Windows Service 2003+ Web Server Extensions
- Windows Server 2003+ Data Execution Prevention (DEP)
Windows OS: Cart32 is programmed in VB6 and will only run on a Windows Server
Executable permissions: Cart32 is an executable (.exe) CGI application. Your host must allow your site to run executable files for Cart32 to work. This normally requires a dedicated or virtual-dedicated hosting plan. Typical “shared hosting” plans will not allow this.
Once you’ve ensured your environmental settings are correct you’re ready to set up IIS permissions. The IIS permissions listed here include permissions for enabling functionality and for enhancing security. Please read each setting to understand what it is for and how to set it up.
(Note: In all our examples we will be installing to a domain called Cart32.com and setting permissions on a folder called CGI-BIN)
Enabling Executable Permissions:
- Open the IIS management console (Start –> Run –> type “inetmgr” and press OK)
- Navigate the left window pane and expand your domain so that your CGI-BIN folder (or virtual directory, depending on how you set it up) is showing
- Right-click on the CGI-BIN folder and choose Properties
- With the Properties window open, click on the Home Directory (or Virtual Directory) tab and change the Application Protection dropdown from it’s current setting to Scripts and Executables and click OK
Note: If you’ve done this wrong, you’ll be prompted to download the .exe file when you try to navigate to the cart in your browser window
Restricting Anonymous Access To Certain Files:
- Open the IIS management console and navigate the left pane to your site (Start –> Run –> type “inetmgr” and press OK)
- Open the CGI-BIN directory (in IIS) and right click on the file called Cart32.ini and choose Properties
- Go to the File Security tab and click the Edit button in the section labeled Anonymous Access
- Remove the checkmark in the checkbox for Allow Anonymous Access and click OK
- Repeat steps 2.2 through 2.4 again, but this time for the folder called Cart32 under the CGI-BIN directory/virtual directory
- If you have any exports set up (order export text files, etc) repeat steps 2.2 through 2.4 for those files/folders as needed
Note: If you did a full install using C32Full.exe your Cart32.ini is already protected
IIS protects files on a server by using an Anonymous User (normally named IUSR_MachineName) to retrieve files. Before anything can be served through IIS the anonymous user who operates the site must have permission on the actual directories and files we will be accessing. The following steps explain how to allow the Anonymous User access to the Cart32 files.
- Navigate to the folder directly above your CGI-BIN folder using Windows Explorer/Folder Browser
- Right click on the CGI-BIN folder and choose Properties
- Click on the Security tab and make sure your Anonymous User (normally named IUSR_MachineName) has Change/Modify permissions on the folder
- Click OK to apply any permissions changes you had to make
Note: If these permissions are not set right you will see an error when you navigate to Cart32 in your browser along the lines of Directory permissions check failed.
Windows Server 2003+ Web Service Extensions
Starting with Windows Server 2003 and going forward there is a new protection mechanism built into IIS; Web Service Extensions. This module blocks many previously allowed CGI applications from running. Since Cart32 is a CGI application we must specify an allowance for Cart32 to run.
Specifying Web Service Extension:
- Open the IIS management console and navigate the left pane to Web Service Extensions (Start –> Run –> type “inetmgr” and press OK)
- In the left pane right-click the folder Web Server Extensions and select Add a new web service extension…
- Enter anything (such as Cart32) for the Extension name
- Click Add and select the file C32Setup.exe from your CGI-BIN directory. After you’ve run the setup (or you used the Full Install method) add Cart32.exe and C32web.exe from the CGI-BIN directory.
- Mark the checkbox labeled Set extension status to Allowed and finally click OK
Note: If this is not set up correctly you will get a 404 – File Not Found error when you navigate to Cart32 in your browser.
Windows Server 2003+ Data Execution Prevention (DEP)
Starting with Windows Server 2003 and going forward a new protection for executable files exists. This protection is called “Data Execution Prevention” and can sometimes interfere with the operation of Cart32. In our experience Data Execution Prevention (herein referred to as DEP) is typically NOT enabled. However, if the server does have this feature turned on you will have to add allowances for the Cart32 setup and operation files. Here’s how to enable it:
Enabling Data Execution Prevention Allowance for Cart32:
- Right click on the My Computer icon (sometimes in the start menu) and choose Properties
- Click on the Advanced tab and then click the Settings button in the Performance groupbox
- Click on the Data Execution Prevention tab
- Assuming DEP is on for “… all programs and services…” click the Add button and add Cart32.exe and C32web.exe from the CGI-BIN directory
- When you’re done, click OK on all the popups until you’re back to your desktop
Note #1: If DEP is only enabled for Windows programs and services you should NOT have to change DEP for Cart32 to work.
Note #2: If you have DEP turned on, and Cart32 is not allowed, then you will receive an error like CGI Misbehaved by not sending a complete set of headers.