I'm involved with supporting a web application on IIS. Part of that application involves a Java applet, which runs fine. My problem is this: if Java is not installed on the client machine, the browser automatically downloads and installs a JVM. However, the JVM it downloads is 1.4.2_03, but the application requires 1.4.2_10 as a minimum, due to security fixes implemented in this verison. Is there a configuration option within IIS to tell the browser to download JVM 1.4.2_10 is an older version is installed, or no JVM is installed?
Oh, we're running IIS 6.0 on Windows Server 2003.
Actually, your question has nothing to do with IIS nor web servers in general. Let me explain...
IIS provides no configuration options that tell the browser the JVM version to download... not because Microsoft/IIS has any prejudice against Java, but rather because that option makes no sense from a web server.
In fact, you will find the same behavior hosting your application on any other web server (short of a Java-based webserver, which is intrinsically prejudiced towards Java), so either all those web servers are prejudiced against Java, or whatever you are imagining does not exist/make sense. Convinced?
No? Ok, then let's think about it for a moment - how exactly does a web server like IIS host an Applet for a browser to run?
Throughout the entire sequence, all IIS does is serve up static files - such as the web page, the Java class file, the JAR file, or the JVM to download/install. IIS has no way to tell the web browser what to do. The web browser decides what to do based on the contents of the WEB PAGE. The user determines the contents of the web page.
Now, the WEB PAGE does contain details on how a browser should behave if it does NOT have a JVM, and that is what I recommend you locate and fix.
Incidentally, this same functionality is used to update Flash when you need a newer viewer, or Acrobat when you need a newer reader, etc... and it is the responsibility of the WEB PAGE author to configure what it requires... and not the web server.
I understand that you think that you are basically "hosting a Java applet on the IIS server" so the "server" should be responsible for helping you administer the server and its application's dependencies, such as JVM version. However, in this case, what you are hosting is actually running on the CLIENT, not SERVER, and since we are interested in SECURE client/server computing, there is no server-side configuration to control the client. In this unique instance of software distribution, you have to modify the application's code to control your CLIENT dependencies since that code actually runs on the CLIENT...