You're probably thinking - "What about security
in an application like this?" Security isn't really an issue, you can only
access what the user - IUSR_[Computer Name] has access to. When your entire
computer is using the NTFS file system then windows will provide the security
that you need. Users may have read access to most files, but write, edit,
erase etc. will be disabled. If you want it to do more than this, then just
add some Windows Security measures.
However, the real problem comes in with
ASP.NET. So if you decide to convert this to ASP.NET - use impersonation!