The Web Service Extensions folder is the user interface for the new IIS 6.0 lockdown feature. This feature is a manifest of ISAPI extensions and CGIs with user-specified permissions, meaning, administrators must set the permissions to allow specific ISAPIs and CGIs to run on your server. Administrators can also specify the names of ISAPIs or CGIs that are forbidden to run on your server. Before loading an ISAPI extension .dll file or CGI .exe file, IIS checks this manifest for the permissions on the file. If the file is permitted to run, then the request proceeds normally. If the file is not permitted to run, then IIS returns a 404.2 error response to the client machine. The HTML page for a 404.2 error looks like a standard 404 error page, so the client machine processes the request as though the file did not exist. IIS logs the 404.2 error, which administrators can view to assess problems or potential threats against the server.