This is an IIS configuration issue. Inside of IIS, there's a thing called a "script map", which is a mapping of file extensions to command templates. This map determines what script to invoke to handle CGIs, depending on their extension. Typically, there'll be an entry that reads   ".cgi"   "c:/perl/bin/perl.exe %s %s" This is where you need to add the -T. Unfortunately, it's al all-or-nothing affair. If you add -T here, then all .CGI scripts are now taint-checked, whether they're ready for it or not.

This is one of several reasons why IIS on a shared web server sucks.

A typical workaround is to add a new script type (e.g, ".cgx"), and set up the script map to look like   ".cgx"   "c:/perl/bin/perl.exe -T %s %s" The script map is accessible through the IIS administrative control panel.