IIS 7 will either allow or deny script execution based on file extension. The ability to control script execution is controlled through two features with IIS 7, Request Filtering and Handler Mappings.
For Handler Mappings, the IAO must document and approve all allowable file extensions the web site allows (white list) and denies (black list) by the web-site. The white list and black list will be compared to the Handler Mappings in IIS 7. Handler Mappings at the site level take precedence over Handler Mappings at the server level.