| 123 |
| Cache an IIS security token (Server) |
| Security in Windows 2000 is based on tokens. When you log on, the operating system creates a |
| token for you that contains all the security identifiers (SIDs) for the groups you belong to and your |
| privileges. Whenever you try to access a resource, the operating system checks your token and the |
| ACL on the resource to determine if you're allowed to access that resource. |
| By default, Internet Information Services (IIS) caches the token and waits 15 minutes before |
| updating. This delay can cause a problem in some situations, such as after changing passwords. You |
| have two options for eliminating this wait: One, stop and start all IIS services. Or two, change the |
| default update interval, which you can do through a registry edit. |
| To change IIS's default update interval, first open the Registry Editor (Regedt32.exe) and go to |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\InetInfo\Parameters |
| On the Edit menu, click Add Value, type "UserTokenTTL" in the Value Name text box, and select |
| REG_DWORD as the Data Type. |
| In the Data box, type the number of seconds for the token to be cached. (For Windows 2000 IIS5 the |
| Close the Registry Editor and then stop and restart all IIS services. |
| For performance reasons, be careful not to set the UserTokenTTL value too low. If you make |
| updates infrequently, use the stop-restart method mentioned in paragraph two, above. |
| Note: Editing the registry can be risky, so be sure you have a verified backup before making any |
First Previous Next Last |