Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Changing the Default Interval for User Tokens in IIS

Changing the Default Interval for User Tokens in IIS

We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx
For more information about IIS 7.0, visit the following Microsoft Web site:
http://www.iis.net/default.aspx?tabid=1

↑ Back to the top

Symptoms

Internet Information Server (IIS) has a default delay of 15 minutes before users tokens are updated. For example, if you change the password on a user account, you will be able to connect to the server with both the old password and the new password.

↑ Back to the top

Cause

For performance reasons, user tokens are cached by IIS and updated at 15 minute intervals.

↑ Back to the top

Resolution

The token cache can be refreshed manually by stopping and restarting ALL of the IIS services (Gopher, FTP, and WWW). For performance reasons, this is the preferred method if updates are infrequent.


The default interval for the token cache can also be changed in the Microsoft Windows registry.


WARNING: Using Registry Editor incorrectly can cause serious, system wide problems that may require you to reinstall Windows to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk.

  1. Run Registry Editor (Regedt32.exe or Regedit.exe).
  2. From the HKEY_LOCAL_MACHINE subtree, go to the following key:
    \System\CurrentControlSet\Services\InetInfo\Parameters
  3. Click Add Value on the Edit menu, and add the following:

    Value Name: UserTokenTTL
    Data Type: REG_DWORD
    Data: (Number of Seconds for token to be cached - 30 sec. Min)
    Note For IIS version 4.0, the minimum value is 30 seconds. For IIS 5.0, the minimum value is 1 second. If you set the value to 0, the minimum value will be used instead.

    For IIS 6.0, the minimum value is 0. If this value is set to 0, TTL-based flushing of tokens is disabled. When TTL-based flushing is disabled, user tokens remain cached until either IIS is restarted or the worker process is recycled.

  4. Restart IIS Admin and dependent services.

↑ Back to the top

Keywords: kbsweptiis6, kbnetwork, kb

↑ Back to the top

Article Info
Article ID : 152526
Revision : 4
Created on : 6/10/2019
Published on : 6/10/2019
Exists online : False
Views : 272