Global Registry Entries

Applies To: Windows Server 2003, Windows Server 2003 with SP1

The following registry entries affect all of the IIS services, without having to be set for each individual service. On a default installation of IIS, you might not see some of these registry entries, which indicates that the default values are being used. To set these entries to values other than the default values, you must manually create the keys and set them.

Important

For a registry change to take effect, you must restart the service that is affected by the change. For global changes to take effect, you must restart all services.

CacheSecurityDescriptor

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters

Data Type: REG_DWORD

Default Value: 1 (enabled)

Range: 0 - 1

Specifies whether security descriptors are cached for file objects. When CacheSecurityDescriptor is enabled, IIS retrieves security permissions when caching a file object and does not need to gain access to the file object to check access rights for new users. The feature is useful only if you have more than one user account (Web server does not use only Anonymous authentication).

CheckCertRevocation

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters

Data Type: REG_DWORD

Default Value: 0 (disabled)

Range: 0 - 1

Specifies whether client certificates are checked for revocation by IIS. CheckCertRevocation is disabled by default because checking for common certificate issuers is typically done over the Internet and has severe performance impact. However, enabling CheckCertRevocation may be useful if you issue your own certificates and the revocation process is local.

DataSetCacheSize

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters

Data Type: REG_DWORD

Default Value: 50

Each IIS worker process (w3wp.exe) contains a local metabase data cache of up to 50 entries. For each request, the required dataset is obtained from the local metabase cache if possible. If the dataset is not found in the cache, then an expensive LPC request is made to the Inetinfo.exe process for the dataset residing in the metabase. When there are more than 50 virtual directories, IIS disables the metabase data cache, forcing all requests to go via the expensive path (which negatively impacts throughput).

This registry entry allows administrators or IT managers to set the maximum number of dataset entries in the cache if the number of total installed virtual directories exceeds the default (50). This key is not created by default.

DigestContextCacheTTL

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters

Data Type: REG_DWORD

Default Value: 300 (seconds)

Range: 0 - 4,294,967

When using Advanced Digest Authentication, this value overrides the Time To Live (TTL) setting for fully formed security contexts after the first authentication request succeeds.

DigestPartialContextCacheTTL

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters

Data Type: REG_DWORD

Default Value: 30 (seconds)

Range: 0 - 4,294,967

When using Advanced Digest Authentication, this value overrides the Time To Live (TTL) setting for partially formed security contexts for the first authentication challenge request.

DisableLazyContentPropagation

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASP\Parameters

Data Type: REG_DWORD

Default Value: 0 (lazy propagation enabled)

Range: 0 - 1

Lazy propagation refers to the action that IIS takes when a large amount of content is updated at one time.

IIS has an internal limit of how much content can be updated in the in-memory template cache. If the size of the updated content exceeds that limit, IIS marks each of the files in the in-memory template cache as invalid. On the first request to an invalid file, IIS begins to compile a new template but the expired template is served and is continued to be served until the new template is compiled.

If you set DisableLazyContentPropagation to 1, IIS behaves as it does for IIS 5.0 and IIS 5.1 when a large amount of content is updated at one time. IIS flushes the in-memory template cache, and performance can slow to a standstill as each new request to the server forces IIS to compile new templates.

If you are developing Web pages and making changes to a few files at a time, you do not have to refresh your pages twice to see new changes because lazy propagation only applies when a large amount of content is updated at one time.

DisableMemoryCache

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters

Data Type: REG_DWORD

Default Value: 0 (disabled)

Range: 0 - 1

Disables server caching.

DoDirMonitoringForUNC

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Inetinfo\Parameters

Data Type: REG_DWORD

Default Value: 0 (disabled)

Range: 0 (disabled) - 1 (enabled)

This setting determines whether static files rely on the Change Notification mechanism for UNC to determine whether or not content is stale. The File Change Notification mechanism is not considered robust enough for tracking changes over UNC, and for this reason this setting is disabled. IIS and ASP use the Last Modified mechanism to track files instead.

ErrorLoggingDir

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters

Data Type: REG_STRING

Default Value: systemroot\system32\logfiles

Range: N/A

Specifies the location of the Httperr.log file. Httperr.log is a new feature in IIS 6.0. If HTTP.sys is unable to write an error to a Web site log because the request did not reach user mode, the error will be entered in Httperr.log. Errors that are written to Httperr.log include the following: 503 errors, idle connection time-outs, URL parsing errors, and the last 10 requests to a failed application pool.

FileAttributeCheckThreshold

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters

Data Type: REG_DWORD

Default Value: 5 (seconds)

Range: 0 - 4,294,967

When the Last Modified mechanism is used to track files, this key enables caching of static content from an UNC share in the HTTP.sys cache and specifies the amount of time for the content to remain in the cache.

IncrementalSiteIDCreation

Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetMgr\Parameters

Data Type: REG_DWORD

Default Value: Key is not created by default, and therefore site identifiers are large, unique, randomly generated numbers.

Range: 0 - 1

When a new site is created on IIS 6.0, a site identification number is randomly generated using the name of the Web site. This ensures that all IIS 6.0 servers in a Web farm have a good chance of generating the same site identification number for sites of the same name. With IIS 5.1 and previous versions, site identification numbers were incremental. For example, because the default Web site is created first, its site identification number is 1, and the next site to be created is identified as 2.

If you have administration scripts that depend upon the IIS 5.1 method of generating site identification numbers, you can create the IncrementalSiteIDCreation key at the path specified above, and set it to 1 to force IIS to use incremental site identification numbers.

noteNote
When you remotely administer another IIS server, the value of the registry key of the local server is used to determine the generation of site identification numbers on the remote server.

To choose the identification number of your Web site, create the site programmatically using the IIsWebService. CreateNewSite or IIsFtpService.CreateNewSite WMI method, whose optional fourth parameter holds a user-chosen site identification number.

LogBufferSize

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Http\Parameters\LogBufferSize

Data Type: REG_DWORD

Default Value: N/A

Range: 12,288 - 65,536 (12K - 64K)

Overrides the default logging buffer (per site) of 64K. Using this key, administrators can prevent excessive memory usage when running many thousands of sites on a server. This registry key does not exist by default and must be added to the registry.

MaxCachedFileSize

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters

Data Type: REG_DWORD

Default Value: 256 KB (262,144 bytes)

Controls the maximum size of cache files. The default is 256 KB if no value is present.

MaxConcurrency

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters

Data Type: REG_DWORD

Default Value: 0

Range: 0 - 4,294,967,295 (unlimited)

Specifies the amount of concurrency that a system should provide. IIS uses completion ports to handle input-output (I/O). In general, have more than one thread running and conflicting on shared memory or locks. This key specifies how many threads per processor should be allowed to run simultaneously, if there is a pending I/O operation. A value of 0 allows the system to make the intelligent choice of the number of threads to use. Any nonzero value specifies that the system should allow that many threads per processor to run simultaneously.

MaxPoolThreads

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters

Data Type: REG_DWORD

Default Value: 4

Range: 0 - 4,294,967,295 (unlimited)

Specifies the number of pool threads to create per processor. Pool threads watch for the network for requests and process incoming requests. The MaxPoolThreads count does not include threads that are consumed by ISAPI applications. Generally, you should not create more than 20 threads per processor.

MemCacheSize

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters

Data Type: REG_DWORD

Default Value: approximately one half the available physical memory and calibrated in megabytes

Range: 0 - 2500MB

Controls the size of the cache. The default value dynamically adjusts every 60 seconds.

MinFileBytesPerSec

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters

Data Type: REG_DWORD

Default Value: 240

Range: 1 - 8192

When a Web server sends a file to a client, a time-out is established for how long the server will allow the transfer to continue before ending the connection. The time-out chosen is the maximum of the connection time-out specified in IIS Manager plus the size of the file, and divided by the value specified for MinFileBytesPerSec. For example, a file size of 100 KB is given a time-out of 100 seconds, or the connection time-out if the latter is greater.

ObjectCacheTTL

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters

Data Type: REG_DWORD

Default Value: 30 (seconds)

Range: 0 - 4,294,967,295 (unlimited)

Controls the Time To Live (TTL) setting, which defines the length of time that objects are held in cached memory. If an object in the memory cache has not been referenced for the defined period, that object will be phased out of the cache. If system memory is limited, or the server's contents are dynamic, you can use a lower TTL to prevent system memory from being used to cache a large number of volatile objects. Setting ObjectCacheTTL to 0xFFFFFFFF disables the object-cache scavenger and allows cached objects to remain in the cache until they are overwritten. Disabling the cache scavenger is useful if your server has ample system memory and your data is relatively static.

PoolThreadLimit

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters

Data Type: REG_DWORD

Default Value: 2 * # MB

Range: 0 - 4,294,967,295 (unlimited)

Specifies the maximum number of pool threads that can be created in the system. Pool threads watch the network for requests and process incoming requests. PoolThreadLimit is a hard limit that includes all IIS threads and is always greater than or equal to MaxPoolThreads.

ThreadPoolMaxCPU

Registry Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\InetInfo\Parameters

Data Type: REG_DWORD

Default Value: -1 (CPU metric is turned off)

Range: 0 - 100

ThreadPoolMaxCPU is the maximum CPU that the thread pool should throttle back at.

ThreadPoolStartDelay

Registry Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\InetInfo\Parameters

Data Type: REG_DWORD

Default Value: 1000 ms

Range: 1000 - 10,000

ThreadPoolStartDelay is how long the thread pool should set the timer for when zero threads are waiting on the completion port.

ThreadTimeout

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters

Data Type: REG_DWORD

Default Value: 24 * 60 * 60 (24 hours, expressed in seconds)

Range: 0 - 4,294,967,295 (unlimited)

Specifies the amount of time an input-output (I/O) processing thread should be maintained, even if there is no I/O activity on the system. In general, when there is no I/O activity and no requests outstanding, the server remains idle and does not consume memory. But if the server continues and exceeds the ThreadTimeout interval, the I/O processing thread is stopped. Units are in seconds.

UserTokenTTL

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters

Data Type: REG_DWORD

Default Value: 15 * 60 (15 Minutes, expressed in seconds)

Range: 0 - 0x7FFFFFFF

When a request is made to the server, the security credentials for the request (or the configured anonymous user) are used to create a user token on the server. The server impersonates this user token when accessing files or other system resources (see CacheSecurityDescriptor). The token is cached so that the Windows log on takes place only the first time the user accesses the system or after the user's token has fallen out of the cache. Integrated Windows authentication tokens are not cached. Units are in seconds.