Security Configuration for Users running PHP scripts in IIS

[cfalzone]

We have IIS and are looking to install PHP.  Currently we have Perl running and have restricted users from having the ability to execute CGI and executables.  As of now we plan to do the same for PHP when we install it.

 

Say we wanted to remove this restriction and allow users to have CGI capabilities.  How do we set this up so that users can only access things within their directories? How do we restrict access to the system so they cannot screw it up or get into things they are not supposed to?  What other concerns and security issues should we be looking at and is this a good idea at all?