Before IIS7, the main method for allowing users to download files of a protected type (exe, zip, etc.) meant writing a function based off the Stream method and writing the file out based on individual name. Thankfully with IIS7+ there is a much easier way.
First, I would recommend that all files meant for internet user download be maintained in a separate virtual directory. For example, if your site was called www.mysite.com, the downloadable files should be in a directory like www.mysite.com/userdownloads. Once the files are in place, you need to do the following:
1) Open the IIS 7.0 (or later) Manager on the server
2) Select the site and click on "Handler Mappings"
3) Select "Add Module Mapping"
4) Enter the fields on the window:
a) Request Path: where are the files to be found don't put a leading slash. Example: "userdownloads/*.exe" to allow all files in the userdownloads directory ending in .exe to be downloaded when the request is for any executable file within the virtual path that you would have defined earlier.
b) Module: StaticFileModule - this will handle requests containing your request path and return the file to you.
c) Executable: don't enter anything.
d) Name: whatever you want to call it: "ClientSide Executables"
5) Click on "Request Restrictions" and click on the checkbox and ensure that "File" option is selected. (This will only apply to files)
6) Click on the "Access" tab. Ensure that "Script" is selected.
7) Click on "OK" to close this window
8) Click on "OK" to close the main Handler screen.
9) Your handler should now appear in the list with the other handlers.
10) Test it out by opening a browser and accessing an executable file.