Frequently Asked Question
Cart32 Windows Server Settings
Last Updated a year ago
Cart32 requires permissions to be set in a few areas to ensure proper functionality. This article is designed to give you a quick reference for all required permissions, as well as some example images to help you. (Note: Cart32 cannot run on a Linux, Mac, or Unix server)
ENVIRONMENTAL SETTINGS
There are two major environmental settings that are required for Cart32 to run on your own server. Please verify both of these before attempting to install.
IIS SETTINGS
Once you've ensured your environmental settings are correct you're ready to set up IIS permissions. The IIS permissions listed here include permissions for enabling functionality and for enhancing
security. Please read each setting to understand what it is for and how to set it up. (Note: In all our examples we will be installing to a domain called Cart32.com and setting permissions on a folder called CGI-BIN).
Enabling Executable Permissions:
DIRECTORY PERMISSIONS
IIS protects files on a server by using an Anonymous User (normally named IUSR_MachineName) to retrieve files. Before anything can be served through IIS the anonymous user who operates the site must have permission on the actual directories and files we will be accessing. The following steps explain how to allow the Anonymous User access to the Cart32 files.
Directory Permissions:
ISAPI and CGI Restrictions
In order to allow Cart32 to run on the Windows server take the follow steps:
WINDOWS SERVER DATA EXECUTION PREVENTION (DEP)
Starting with Windows Server 2003 and going forward a new protection for executable files exists. This protection is called "Data Execution Prevention" and can sometimes interfere with the operation of Cart32. In our experience Data Execution Prevention (herein referred to as DEP) is typically NOT enabled. However, if the server does have this feature turned on you will have to add allowances for the Cart32 setup and operation files. Here's how to enable it:
Enabling Data Execution Prevention Allowance for Cart32:
ENVIRONMENTAL SETTINGS
There are two major environmental settings that are required for Cart32 to run on your own server. Please verify both of these before attempting to install.
- Windows OS: Cart32 is programmed in VB6 and will only run on a Windows Server
- Executable permissions: Cart32 is an executable (.exe) CGI application. Your host must allow your site to run executable filesfor Cart32 to work. This normally requires a dedicated or virtual-dedicated hosting plan. Typical "shared hosting" plans will not allow this.
IIS SETTINGS
Once you've ensured your environmental settings are correct you're ready to set up IIS permissions. The IIS permissions listed here include permissions for enabling functionality and for enhancing
security. Please read each setting to understand what it is for and how to set it up. (Note: In all our examples we will be installing to a domain called Cart32.com and setting permissions on a folder called CGI-BIN).
Enabling Executable Permissions:
- Open the IIS management console (Start --> Run --> type "inetmgr" and press OK)
- Navigate the left window pane and expand your domain so that your CGI-BIN folder (or virtual directory, depending on how you set it up) is showing
- Click the cgi-bin folder so that it is selected.
- Double click on "Handler Mappings"
- Click "Edit Feature Permissions" under "actions" (on the right)
- Ensure that "Read", "Script", and "Execute" are checked and click "ok"
- (Note: If you've done this wrong, you'll be prompted to download the .exe file when you try to navigate to the cart in your browser window)
- Open the IIS management console and navigate the left pane to your site (Start --> Run --> type "inetmgr" and press OK)
- Open the CGI-BIN directory (in IIS) and right click on the file called Cart32.ini and choose Properties. Go to the File Security tab and click the Edit button in the section labeled Anonymous Access
- Remove the check mark in the checkbox for Allow Anonymous Access and click OK
- Repeat steps 2.2 through 2.4 again, but this time for the folder called Cart32 under the CGI-BIN directory/virtual directory
- If you have any exports set up (order export text files, etc) repeat steps 2.2 through 2.4 for those files/folders as needed.
- (Note: If you did a full install using C32Full.exe your Cart32.ini is already protected)
DIRECTORY PERMISSIONS
IIS protects files on a server by using an Anonymous User (normally named IUSR_MachineName) to retrieve files. Before anything can be served through IIS the anonymous user who operates the site must have permission on the actual directories and files we will be accessing. The following steps explain how to allow the Anonymous User access to the Cart32 files.
Directory Permissions:
- Navigate to the folder directly above your CGI-BIN folder using Windows Explorer/Folder Browser
- Right click on the CGI-BIN folder and choose Properties/
- Click on the Security tab and make sure your Anonymous User (normally named IUSR_MachineName) has Change/Modify permissions on the folder/
- Note: Your user may be set to your Application Pool user. This can be checked by going to Authentication->Anonymous Authentication->Edit. If "Application Pool Identity" is selected here. Go to Application Pools->YOURDOMAIN->Advanced Settings->Identity. The user listed here is the one that needs these permissions.
- Click OK to apply any permissions changes you had to make.
- (Note: If these permissions are not set right you will see an error when you navigate to Cart32 in your browser along the lines of Directory permissions check failed)
ISAPI and CGI Restrictions
In order to allow Cart32 to run on the Windows server take the follow steps:
- Open the IIS management console (Start -> Run --> type "inetmgr" and press OK)
- Click on the computer name on the left side and then double click on "ISAPI and CGI restrictions"
- Click "Add" on the right side
- Browse to find cart32.exe on the server hard drive
- Put "Cart32" or your own description, check "Allow" and then click OK
- Repeat the process for c32web.exe
WINDOWS SERVER DATA EXECUTION PREVENTION (DEP)
Starting with Windows Server 2003 and going forward a new protection for executable files exists. This protection is called "Data Execution Prevention" and can sometimes interfere with the operation of Cart32. In our experience Data Execution Prevention (herein referred to as DEP) is typically NOT enabled. However, if the server does have this feature turned on you will have to add allowances for the Cart32 setup and operation files. Here's how to enable it:
Enabling Data Execution Prevention Allowance for Cart32:
- Right click on the My Computer icon (sometimes in the start menu) and choose Properties
- Click on the Advanced tab and then click the Settings button in the Performance groupbox
- Click on the Data Execution Prevention tab
- Assuming DEP is on for "... all programs and services..." click the Add button and add Cart32.exe and C32web.exe from the CGI-BIN directory
- When you're done, click OK on all the popups until you're back to your desktop
- (Note #1: If DEP is only enabled for Windows programs and services you should NOT have to change DEP for Cart32 to work)
- (Note #2: If you have DEP turned on, and Cart32 is not allowed, then you will receive an error like CGI Misbehaved by not sending a complete set of headers)
- CD in the proper folder:
- cd C:\inetpub\vhosts\domainname\cgi-bin\cart32>
- Register the dll's
- C:\inetpub\vhosts\domain\cgi-bin\cart32>regsvr32 cart32.dll
- C:\inetpub\vhosts\domain\cgi-bin\cart32>regsvr32 email44.dll
- C:\inetpub\vhosts\domain\cgi-bin\cart32>regsvr32 g_crypt_v2.dll
- C:\inetpub\vhosts\domain\cgi-bin\cart32>regsvr32 KLog_COM.dll
- C:\inetpub\vhosts\domain\cgi-bin\cart32>regsvr32 crypt.dll
- Edit the cart32.ini file and add this line in the [Main] section
- UseRegisteredComObjects=1
- Changed AdminDir parameter in the cart32.ini file to use the correct path.