Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 152526 - Last Review: July 7, 2008 - Revision: 6.1
Changing the Default Interval for User Tokens in IIS
This article was previously published under Q152526
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
For more information about IIS 7.0, visit the following Microsoft Web site:
Internet Information Server (IIS) has a default delay of 15 minutes before
users tokens are updated. For example, if you change the password on a user
account, you will be able to connect to the server with both the old
password and the new password.
For performance reasons, user tokens are cached by IIS and updated at 15
minute intervals.
The token cache can be refreshed manually by stopping and restarting ALL of
the IIS services (Gopher, FTP, and WWW). For performance reasons, this is
the preferred method if updates are infrequent.
The default interval for the token cache can also be changed in the
Microsoft Windows registry.
WARNING: Using Registry Editor incorrectly can cause serious, system
wide problems that may require you to reinstall Windows to correct them.
Microsoft cannot guarantee that any problems resulting from the use of
Registry Editor can be solved. Use this tool at your own risk.
- Run Registry Editor (Regedt32.exe or Regedit.exe).
- From the HKEY_LOCAL_MACHINE subtree, go to the following key:
\System\CurrentControlSet\Services\InetInfo\Parameters
- Click Add Value on the Edit menu, and add the following:
Value Name: UserTokenTTL
Data Type: REG_DWORD
Data: (Number of Seconds for token to be cached - 30 sec. Min)
Note For IIS version 4.0, the minimum value is 30 seconds. For IIS 5.0, the minimum value is 1 second. If you set the value to 0, the minimum value will be used instead.
For IIS 6.0, the minimum value is 0. If this value is set to 0, TTL-based flushing of tokens is disabled. When TTL-based flushing is disabled, user tokens remain cached until either IIS is restarted or the worker process is recycled.
- Restart IIS Admin and dependent services.
APPLIES TO
- Microsoft Internet Information Server 1.0
- Microsoft Internet Information Server 2.0
- Microsoft Internet Information Server 3.0
- Microsoft Internet Information Server 4.0
- Microsoft Internet Information Services 5.0
- Microsoft Internet Information Services 6.0
- Microsoft Internet Information Services 7.0
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate