In previous versions of IIS, you can always specify IIS application execute permissions to None (read), Scripts only (scripting engine, and Scripts and Executable (executable dll, exe, etc files). This can be set at each of the site, directory, virtual directory level via the home or directory tab of the site property.
The value of the settings is kept using AccessFlags metabase key, this has changed in IIS 7.0, the metabase key is depreciated.
While I was playing with it, I came across a blog post by Thomas, application execute permissions settings now are set using Handler Mapping icon in IIS 7.0 Manager, Thomas promised to add in the UI picture, obviously he must have been too busy or forgotten about this. Anyway, this is UI when you click on the ‘Edit Handler Permissions’ link.
It is also important to take note that the new accessPolicy will be the configuration element inside <handlers> collection to control all request handler mappings. The settings can be configure at site (applicationHost.config), or web.config file located for the directory you configured.