HKLMSYSTEMCurrentControlSetServices | Microsoft Windows Registry Guide, Second Edition

HKLM\SYSTEM\CurrentControlSet\Services

The Services subkeys contain entries for standard and optional Windows services, such as network drivers and services. Although the values of the entries differ for each service, most Services subkeys have the same subkeys and entries.

Each Services subkey bears the name of the service that uses it. Often, this is also the name of the file from which the service is loaded. Some services and devices represented by subkeys in the Services subkey are installed on the computer, but some subkeys represent services that are not installed or not enabled. To determine which services are installed on the computer, click Services in the Computer Management console. To determine which devices are installed on the computer, use Device Manager.

For more information about the Services key, see Appendix D, “Per-Computer Settings.”

LanmanServer

The LanmanServer subkey stores configuration data for the LAN Manager 2.x Server service. The following list describes the settings in the Parameters subkey of LanmanServer:

AlertSchedule.
This REG_DWORD value specifies how often the Server service checks alert conditions and sends alert messages. This entry also defines the time interval used in calculating the general error rate (ErrorThreshold) and the rate of network errors (NetworkErrorThreshold). This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe. Valid values range from 0x01 to 0xFFFF. The default value is 0x05.
ConnectionNoSessionTimeout.
This REG_DWORD value specifies how long the Server service maintains an unused virtual circuit. If the time specified in the value of this entry expires and the client has not established a session, the Server service closes the virtual circuit. Decreasing this value can conserve server resources, but it might impair performance by requiring more virtual circuits to be re-established. This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe. Values range from 0x01 through 0xFFFFFFFF, and the default value is 0x02.
DiskSpaceThreshold.
This REG_DWORD value specifies the percentage of disk space that must remain free for use. If the percentage of free space falls below the value of this entry, the Server service records the following event in the System Log in Event Viewer:

“The <disk-letter> disk is at or near capacity. You might need to delete some files.” (Srv Event ID 2013)

If the value of this entry is zero, the system does not check the percentage of free space on the disk; it also does not check for free space in megabytes as specified by LowDiskSpaceMinimum. Values range from 0 through 99. The default value is 10. This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe.
EnableWFW311Directlpx.
This REG_DWORD value specifies whether older, direct-hosted Internetwork Packet Exchange (IPX) clients can connect to this server. Clients running earlier versions of Windows for Workgroups provide inadequate support for named pipes when running over direct-hosted IPX, causing named-pipe applications to stop responding. You can prevent these clients from connecting to the server by setting the value of this entry to 0.
hidden.
This REG_DWORD value specifies whether the server's computer name is displayed to other computers in the domain. If the value of this entry is 0, or if this entry is absent from the registry, users can see the server's computer name in the following displays:
- In the Network Connection Wizard
- In the Browse for Network Connections dialog box. (In the Map Network Drive dialog box, click Browse, or in My Network Places, click Add Network Place)
- In My Network Places, by clicking Entire Network or Computers Near Me
To omit this computer's name from the display, add this entry to the registry and change its value to 1.

This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe.
IRPstackSize.
This REG_DWORD value specifies how many stack locations the Server service establishes for I/O Request Packets (IRPs). It might be necessary to increase this number for certain transports or if you have many file system drivers installed on the system. Each stack uses 36 bytes of memory for each receive buffer (also known as a work item). This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe. Values range from 11 through 50, and the default is 15.
LowDiskSpaceMinimum.
This REG_DWORD value specifies the amount of disk space that must remain free for use. If the amount of free space falls below the value of this entry and below the percentage specified by the value of the DiskSpaceThreshhold entry, the Server service records the following event in the System Log in Event Viewer:

“The <disk-letter> disk is at or near capacity. You might need to delete some files.” (Srv Event ID 2013)

If the value of this entry is 0, the system does not check whether free disk space has decreased below a specific number of megabytes. However, unlike DiskSpaceThreshhold (which when equal to zero prevents both checks of free space), the value of this entry has no effect on the check specified by DiskSpaceThreshhold. This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe. Values range from 0x00 through 0xFFFFFFFF, and the default value is 400.
RestrictNullSessAccess.
This REG_DWORD value specifies whether the Server service limits access to the system by clients that are logged on to the system account without username and password authentication. Setting this value to 0x01 restricts access to Null sessions. Unauthenticated users can access only the server pipes listed in the value of the NullSessionPipes entry and the shared directories listed in the value of the NullSessionShares entry. This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe.
SessConns.
This REG_DWORD value specifies the maximum number of connections to network shares (tree connects) that are permitted for a single network connection. If the client requests more connections, the Server service returns an error message. Values range from 1 through 2048 seconds, and the default value is 2048. This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe.
SessOpens.
This REG_DWORD value specifies the maximum number of open files permitted for each connection. It is possible to have multiple sessions on a single connection. Values range from 1 through 16384, and the default is 16384. This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe.
SessUsers.
This REG_DWORD value specifies the maximum number of users who can be logged on to each virtual circuit. Values range from 1 through 2048, and the default is 2048. This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe.
SharingViolationDelay.
This REG_DWORD value specifies how often the Server service repeats a file operation when the initial request resulted in a sharing violation error. The value of this entry specifies the minimum time that must elapse between repeated attempts to open, rename, or delete a file. This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe. Values range from 1 through 1000 milliseconds, and the default is 200.
SharingViolationRetries.
This REG_DWORD value specifies the maximum number of times the Server service repeats an attempted file operation when the request results in a sharing violation error. The Server service repeats the operation, at a rate determined by the value of the SharingViolationDelay entry, until either the operation is successful or the value of this entry is reached. If a client requests more attempts than the value of this entry permits, the Server service returns an error. This entry applies to open, rename, and delete file operations. This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe. Values range from 1 through 1000 attempts, and the default value is 5.
SizReqBuf.
This REG_DWORD value specifies the size of the request buffers that the Server service uses. Small buffers use less memory, but large buffers can improve performance. For computers running Windows Server 2003 and with 512 MB or more of physical memory, the default size of the request buffers is 16,644 bytes; for servers with less physical memory, the default size is 4,356 bytes. If this entry is present in the registry, its value overrides the default value. This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe. Values range from 512 through 65,536 bytes.
srvcomment.
This REG_SZ value specifies the text that appears in the Comment field next to the name of this computer in My Network Places. To view the comment text, in My Network Places, double-click Entire Network or Computers Near Me. From the View menu, either click Details or double-click the name of any computer. Or, in My Network Places, double-click Add Network Place, and view the comment text in the Browse for Network Resource dialog box. This entry does not exist in the registry by default.

ThreadPriority.

This REG_DWORD value specifies the priority of all Server service threads in relation to the base priority of the Server service process. Table B-2 describes the valid values. This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe.

Table B-2 ThreadPriority
Value	Description
0	Run at the same priority as the process.
1	Run at one priority level higher than the process. This is equivalent to a process running in the foreground, where it interacts with users.
2	Run at two priority levels higher than the process.
15	Run at real-time priority. Threads running in real time can exclude all other threads, including essential system threads and threads that process mouse and keyboard commands.

Users.
This REG_DWORD value specifies whether a limit exists for the number of users that can be logged on to the Server service simultaneously, and if so, specifies what the limit is. Values range from 0x01 through 0xFFFFFFFF users, and the default value is 0xFFFFFFFF. If the value is 0xFFFFFFFF, there is no limit to the number of users that can log on to the Server service simultaneously. This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe.

LanmanWorkstation

The LanmanWorkstation subkey stores configuration data for the Workstation service. The Workstation service provides network connections and communications on computers running Windows XP Professional and Windows Server 2003. The following list describes the settings in this key's Parameters subkey:

BufNamedPipes.
This REG_DWORD value specifies whether the redirector caches character-mode named pipes. If named pipes are not stored in the cache, they are flushed to the server immediately, and read-ahead is disabled on these named pipes. Set this value to 0x01 to permit the Workstation service to cache character-mode named pipes. This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe.
KeepConn.
This REG_DWORD value specifies the maximum amount of time that an idle connection can remain open. If the idle time for a connection reaches the value of this entry, the connection is closed. Increase the value of this entry if your application closes and opens Universal Naming Convention (UNC) files on a server less frequently than every 10 minutes. This decreases the number of reconnections to a server. Values range from 1 through 65,536 seconds, and the default value is 600 seconds.
LockIncrement.
This REG_DWORD value specifies how long an OS/2-based application can wait when a request for a lock fails. If the lock request cannot be granted before the time specified in the value of this entry expires, the redirector rejects the lock request. This entry is used either if OS/2-based applications running on servers (except servers using LAN Manager version 2.0 and later) request that a lock operation wait indefinitely or if the lock cannot be granted immediately. Do not change this value unless you are running an OS/2-based application that requests lock operations that might fail. This entry does not affect Windows 32-bit applications. Values range from 0x00 through 0xFFFFFFFF, and the default value is 0x0A milliseconds.
LockMaximum.
This REG_DWORD value is used to configure the lock backoff package. This entry prevents an application from consuming server time by issuing nonblocking requests when no data is available for the application. Values range from 0x00 through 0xFFFFFFFF milliseconds, and the default is 0x01F4.
LockQuota.
This REG_DWORD value specifies the maximum amount of data that can be read from a file when the value of the UseLockReadUnlock entry is 1. Consider increasing the value of this entry if your application performs a significant number of lock-and-read operations. These are operations in which an application locks data and then immediately reads the data. This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe. Increasing the value of this entry to more than 2 MB and using an application that locks megabtyes of data can cause the system to deplete its paged pool. Values range from 0x00 through 0xFFFFFFFF, and the default is 0x1800 bytes.
MaxCmds.
This REG_DWORD value specifies the maximum number of network control blocks that the redirector can reserve. The value of this entry coincides with the number of execution threads that can be outstanding simultaneously. Increase this value to improve network throughput, especially if you are running applications that perform more than 15 operations simultaneously. However, because this entry also limits the number of outstanding execution threads, your network performance might not improve. Each additional execution thread uses a margin of 1 KB of nonpaged pool when the network is at capacity. However, these resources are not consumed until the user references data in the network control block. Values range from 50 through 65,536 network control blocks, and the default value is 50.
MaxCollectionCount.
This REG_DWORD value specifies the amount of data that must be present in the character-mode buffer of a named pipe to trigger a write operation. If the amount of data in the buffer meets or exceeds this value, it is written immediately. Otherwise, it is retained in the buffer until either more data is added or the value of the CollectionTime entry expires. Increasing the value of this entry can improve the performance of named-pipe applications, but it does not affect applications that do their own buffering, such as Microsoft SQL Server applications. This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe. Values range from 0x00 through 0xFFFF, and the default value is 0x10 bytes.
SizCharBuf.
This REG_DWORD value specifies the size of the character buffers for a named pipe. The redirector maintains a read-ahead buffer and a write-behind buffer for each pipe. This entry establishes the size of both buffers. The buffer size determines the amount of data the redirector reads and writes. When reading, the redirector attempts to read enough data to fill the read buffer. If the data it is reading is smaller than the buffer, the redirector reads ahead until the buffer is full. If the data is larger than the buffer, the redirector bypasses the character-mode buffer and reads the data directly into the user buffer. When writing, the redirector collects data in the character-mode buffer until it meets or exceeds the size specified by the value of the MaxCollectionCount entry, or until the time specified by the value of the CollectionTime entry expires. Increasing the value of this entry can improve the performance of named-pipe applications, but it does not affect applications that do their own buffering, such as SQL Server applications. This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe. Values range from 64 through 4096 bytes. The default value is 512.
UseLockReadUnlock.
Specifies whether the lock-and-read and write-and-unlock performance enhancements are enabled. These features improve performance when an application locks data and then immediately reads the data, or writes data and then immediately unlocks it. Setting this value to 0x01 enables lock-and-read and write-and-unlock features. Setting this value to 1 usually improves performance significantly. However, it degrades the performance of database applications that lock a range of data and do not allow data within that range to be read. This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe.
UseOpportunisticLocking.
This REG_DWORD value specifies whether the opportunistic-locking (oplock) performance enhancement is enabled. If it is enabled, the redirector requests an opportunistic lock on any file opened in “Deny None” mode. As a result, the server performs automatic read-ahead and write-behind caching on behalf of the redirector. Setting this value to 0x01 enables opportunistic locking. This is the default value. This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe.
UseUnlockBehind.
This REG_DWORD value specifies whether the unlock-behind optimization feature is enabled. If it is enabled, the redirector unlocks data immediately in response to an unlock request. It does not wait for confirmation from the server that the unlock operation is complete. Setting this value to 0x01 enables unlock-behind optimization. This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe.

Tcpip\Parameters

The Tcpip subkey stores configuration data for the Microsoft implementation of TCP/IP (Transmission Control Protocol/Internet Protocol). TCP/IP is a suite of networking protocols that enable communication over diverse, interconnected networks.

This subkey stores some of the configuration data for TCP/IP, primarily the settings for the TCP/IP service. Other subkeys also store entries that affect the operation of the TCP/IP implementation on your computer. These other subkeys include those for network components and for services related to TCP/IP, such as the Dynamic Host Configuration Protocol (DHCP), NetBIOS over TCP/IP (NetBT), and Windows Sockets (Winsock).

The Parameters subkey stores configuration data that applies to the TCP/IP service as a whole. This data can be overridden by settings specific to a network component using TCP/IP, such as a network adapter driver, or by settings specific to a service using TCP/IP, such as the Dynamic Host Configuration Protocol (DHCP) or Windows Sockets (Winsock). These component-specific entries reside in subkeys representing the component. The following list describes the settings in the Parame ters subkey:

KeepAliveInterval.
This REG_DWORD value specifies how often TCP repeats keep-alive transmissions when no response is received. TCP sends keep-alive transmissions to verify that idle connections are still active. This prevents TCP from inadvertently disconnecting active lines. Windows Server 2003 does not add this entry to the registry. You can add it by using the registry editor Regedit.exe. Values range from 0x01 through 0xFFFFFFFF milliseconds. The default is 0x03E8.
KeepAliveTime.
This REG_DWORD value specifies how often TCP sends keep-alive transmissions. TCP sends keep-alive transmissions to verify that an idle connection is still active. This entry is used when the remote system is responding to TCP. Otherwise, the interval between transmissions is determined by the value of the KeepAliveInterval entry. By default, keep-alive transmissions are not sent. The TCP keep-alive feature must be enabled by a program (such as Telnet), or by an Internet browser (such as Internet Explorer). Windows does not add this entry to the registry. You can add it by using the registry editor Regedit.exe. Values range from 0x01 through 0xFFFFFFFF, and the default value is 0x6DDD00 milliseconds.
MaxUserPort.
This REG_DWORD value specifies the highest port number that TCP can assign when an application requests an available user port from the system. Typically, ephemeral ports (those used briefly) are allocated to port numbers 1024 through 5000. Windows does not add this entry to the registry. You can add it by using the registry editor Regedit.exe. Values range from 5000 through 65,534. The default value is 5000.
NumTcbTablePartitions.
This REG_DWORD value specifies the number of partitions in the Transport Control Block table. Partitioning the Transport Control Block table minimizes contention for table access. This is especially useful on multiprocessor systems. This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe. Do not change the value of this entry before carefully studying the effect of different values in a test environment. When testing, do not enter a value greater than two times the number of processors on the computer. Values range from 0x01 through 0xFFFF TCB table partitions. The default value is 0x01.
PPTPTcpMaxDataRetransmissions.
This REG_DWORD value specifies how many times an unacknowledged Point-to-Point Tunneling Protocol (PPTP) packet is retransmitted before the connection is dropped. This entry lets you configure a limit on PPTP retransmissions separately from the limit for regular TCP retransmissions, which is stored in the value of the TCPMaxDataRetransmissions entry. You can then adjust the TCP setting to prevent denial-of-service attacks (also known as SYN flooding) without affecting PPTP traffic. To prevent the TCP dead gateway detection feature from inadvertently disconnecting a congested Internet link, set this value higher than the default value of the TCPMaxDataRetransmissions entry. Values range from 0x00 through 0xFF, and the default value is 0x05.
PrioritizeRecordData.
This REG_DWORD value specifies whether the Domain Name System (DNS) client, upon receiving an answer to a DNS query, looks for the address most similar to its own when there are multiple addresses in the answer to its query. By choosing the address most like its own, the client connects to the server nearest to it on the network, which reduces network traffic. When the value of this entry is 1, the client prioritizes for the nearest address; when the value is zero, the client attempts to connect to the first address in the answer. Values are 0x00 and 0x01; the default value is 0x01.
SackOpts.
This REG_DWORD value enables and disables the Selective Acknowledgment (SACK) feature of Windows TCP/IP. SACK is specified in RFC 2018, TCP Selective Acknowledgement Options. SACK is an optimizing feature that lets you acknowledge receipt of individual blocks of data in a continuous sequence, rather than just the last sequence number. The recipient can tell the sender that one or more data blocks are missing from the middle of a sequence, and the sender can retransmit only the missing data. Set this value to 0x01 to enable SACK.
SynAttackProtect.
This REG_DWORD value specifies whether the SYN flooding attack protection feature of TCP/IP is enabled. SYN flooding attack protection is enabled when the value of this entry is 1 and the value of the TcpMaxConnectResponseRetransmissions entry is at least 2. The SYN flooding attack protection feature of TCP detects symptoms of denial-of-service attacks (also known as SYN flooding), and it responds by reducing the time that the server spends on connection requests that it cannot acknowledge. Set this value to 0x01 to enable SYN flooding attack protection. The default is 0x00.
Tcp1323Opts.
This REG_DWORD value specifies whether TCP uses the timestamping and window-scaling features described in RFC 1323, TCP Extensions for High Performance. Window scaling permits TCP to negotiate a scaling factor for the TCP receive window size, allowing for a very large TCP receive window of up to 1 GB. The TCP receive window is the amount of data that the sending host can send at one time on a connection. Timestamps help TCP measure round-trip time (RTT) accurately in order to adjust retransmission timeouts. The Timestamps option provides two timestamp fields of 4 bytes each in the TCP header, one to record the time the initial transmission is sent and one to record the time on the remote host. This entry is a 2-bit bitmask. The lower bit determines whether scaling is enabled; the higher bit determines whether timestamps are enabled. To enable a feature, set the bit representing the feature to 1. To disable a feature, set its bit to 0. Table B-3 describes the possible values.

Table B-3 Tcp1323Opts

Value

Description

0

Timestamps and window scaling are disabled.

1

Window scaling is enabled.

2

Timestamps are enabled.

3

Timestamps and window scaling are enabled.
TcpMaxConnectRetransmissions.
This REG_DWORD value specifies how many times TCP retransmits an unanswered request for a new connection. TCP retransmits new connection requests until they are answered or until this value expires. TCP/IP adjusts the frequency of retransmissions over time. The delay between the original transmission and the first retransmission for each interface is determined by the value of the TcpInitialRTT entry. By default, it is three seconds. This delay doubles after each attempt. After the final attempt, TCP/IP waits for an interval equal to double the last delay, and then it abandons the connection request. This entry determines how many times TCP retransmits requests for new connections. When sending data on existing connections, the maximum number of retransmissions is determined by the value of the TcpMaxDataRetransmissions entry. Windows does not add this entry to the registry. You can add it by using the registry editor Regedit.exe. Values range from 0 through 255, and the default value is 2 retransmission attempts.
TcpMaxDataRetransmissions.
This REG_DWORD value specifies how many times TCP retransmits an unacknowledged data segment on an existing connection. TCP retransmits data segments until they are acknowledged or until this value expires. TCP/IP adjusts the frequency of retransmissions over time. TCP establishes an initial retransmission interval by measuring the round-trip time on the connection. The interval doubles with each successive retransmission on a connection, and it is reset to the initial value when responses resume. This entry is also used in the Windows algorithm for defining nonoperational (dead) gateways. A given connection defines a gateway as dead (and switches to the next gateway in the list stored in the value of the DefaultGateway or DhcpDefaultGateway entries) when a packet sent to the gateway must be retransmitted more than half of the number of times specified in the value of this entry. The system defines a gateway as dead when more than 25 percent of its connections have switched to the next default gateway in the list. This entry determines how many times TCP retransmits data segments. The maximum number of retransmissions of requests for new connections is determined by the value of the TcpMaxConnectRetransmissions entry. Windows does not add this entry to the registry. You can add it by using the registry editor Regedit.exe. Values range from 0x00 through 0xFFFFFFFF retransmission attempts, and the default value is 0x05.
TcpMaxDupAcks.
This REG_DWORD value specifies how many duplicate ACKs (ACKs for the same sequence numbers) constitute a signal to retransmit a segment. If you set the value of this entry to 1, the system retransmits a segment when it receives an ACK for a segment with a sequence number that is less than the number of the segment currently being sent. When data arrives with a sequence number that is greater than expected, the receiver assumes that data with the expected number was dropped, and it immediately sends an ACK with the ACK number set to the expected sequence number. The receiver sends ACKs set to the same missing number each time it receives a TCP segment that has a sequence number greater than expected. The sender recognizes the duplicate ACKs and sends the missing segment. Values range from 1 through 3, and 2 is the default.
TcpMaxHalfOpen.
This REG_DWORD value specifies how many connections the server can maintain in the half-open (SYN-RCVD) state before TCP/IP initiates SYN flooding attack protection. This entry is used only when SYN flooding attack protection is enabled on this server—that is, when the value of the SynAttackProtect entry is 1 and the value of the TcpMaxConnectRespo nseRetransmissionsentry is at least 2. This entry establishes one of three configurable thresholds that, if exceeded, trigger TCP's SYN attack flooding protection feature. Because SYN flooding often results in many half-open connections, TCP interprets an elevated number of half-open connections to be a symptom of SYN flooding. The other two thresholds are:
- The number of connections that remain in the half-open (SYN-RCVD) state even after a connection request has been retransmitted exceeds the value of the TcpMaxHalfOpenRetried entry.
- The number of connection requests that the system refuses exceeds the value of the TcpMaxPortsExhausted entry. The system must refuse all connection requests when its reserve of open connection ports runs out.
The value of this entry should be greater than the value of the TCPMaxHalfOpenRetried entry. Windows does not add this entry to the registry. You can add it by using the registry editor Regedit.exe. Values range from 0x01 through 0xFFFFFFFF. In Windows Server 2003, the default value 0x1F4, and in Windows XP, the default value is 0x64.
TCPMaxHalfOpenRetired.
This REG_DWORD value specifies how many connections the server can maintain in the half-open (SYN-RCVD) state even after a connection request has been retransmitted. If the number of connections exceeds the value of this entry, TCP/IP initiates SYN flooding attack protection. This entry is used only when SYN flooding attack protection is enabled on this server—that is, when the value of the SynAttackProtect entry is 1 and the value of the TcpMaxConnectR esponseRetransmissions entry is at least 2. This entry establishes one of three configurable thresholds that, if exceeded, trigger TCP's SYN attack flooding protection feature. Because SYN flooding often results in many half-open connections, TCP interprets an elevated number of half-open connections to be a symptom of SYN flooding. The other two thresholds are:
- The total number of connections in the half-open (SYN-RCVD) state exceeds the value of the TcpMaxHalfOpen entry.
- The number of connection requests that the system refuses exceeds the value of the TcpMaxPortsExhausted entry. The system must refuse all connection requests when its reserve of open connection ports runs out.
The value of this entry should be less than the value of the TCPMaxHalfOpen entry. Windows does not add this entry to the registry. You can add it by using the registry editor Regedit.exe. Values range from 0x00 through 0xFFFFFFF. In Windows Server 2003, the default value is 0x190. In Windows XP, the default value is 0x50.
TcpMaxSendFree.
This REG_DWORD value sets the size limit of the TCP header resource. On computers with ample RAM, increasing this limit can improve responsiveness during a SYN flood denial-of-service attack. Values range from 0 through 65,535, and the default value is 5000.
TcpNumConnections.
This REG_DWORD value specifies the maximum number of connections that TCP can have open simultaneously. If the value of this entry is 0, you cannot establish any connections. Values range from 0x40000 through 0xFFFFFe, and the default value is 0xFFFFE.
TcpTimedWaitDelay.
This REG_DWORD value specifies the time that must elapse before TCP can release a closed connection and reuse its resources. This interval between closure and release is known as the TIME_WAIT state or 2MSL state. During this time, the connection can be reopened at much less cost to the client and server than establishing a new connection. RFC 793 requires that TCP maintains a closed connection for an interval at least equal to twice the maximum segment lifetime (2MSL) of the network. When a connection is released, its socket pair and TCP control block can be used to support another connection. By default, the maximum segment lifetime is defined to be 120 seconds, and the value of this entry is equal to twice that, or 4 minutes. However, you can use this entry to customize the interval. Reducing the value of this entry allows TCP to release closed connections faster, providing more resources for new connections. However, if the value is too low, TCP might release connection resources before the connection is complete, requiring the server to use additional resources to reestablish the connection. Normally, TCP does not release closed connections until the value of this entry expires. However, TCP can release connections before this value expires if it is running out of TCP control blocks. The number of TCP control blocks that the system creates is specified by the value of the MaxFreeTcbs entry. Windows does not add this entry to the registry. You can add it by using the registry editor Regedit.exe. Values range from 0x00 through 0x12C seconds, and the default value is 0x78.
TcpUseRFC1122UrgentPointer.
This REG_DWORD value specifies which mode TCP uses for urgent data. The two modes interpret the urgent pointer in the TCP header and the length of the urgent data differently. The two modes do not interoperate. Set this value to 0x01 to use the specification in RFC 1122, Requirements for Internet Hosts—Communication Layers, for urgent data. Set this value to 0x00 to use the mode used by systems derived from Berkeley Software Distribution (BSD). The default value is 0x00.
TcpWindowSize.
This REG_DWORD value sets the maximum size of the TCP receive window. The receive window specifies the number of bytes that a sender can transmit without receiving an acknowledgment. In general, larger receive windows improve performance over high-latency, high-bandwidth networks. For greatest efficiency, the receive window should be an even multiple of the TCP Maximum Segment Size (MSS). The TCP/IP stack of Windows was designed to tune itself in most environments. Instead of using a fixed size for the receive window, TCP negotiates for and adjusts to an even increment of the MSS. Matching the receive window to even increments of the maximum segment size increases the percentage of full-sized TCP segments used during bulk data transmission. (Sizes larger than 64 KB can be achieved only when connecting to other systems that support RFC 1323 Window Scaling.) The default value is the smaller of the following numbers:
- 65,535
- Value of registry entry GlobalMaxTcpWindowSize
- Four times the MSS on the network
- Even multiple of the MSS larger than 16,384
This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe.

The default window size can start at 17,520 for Ethernet, but it might shrink slightly when a connection to another computer is established that supports extended TCP options (such as SACK and TIMESTAMPS) because these options increase the TCP header beyond the usual 20 bytes, which decreases room for data.

When an entry with the name of this entry is in HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, it sets the receive window size globally for all TCP interfaces. However, an entry with this name in HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ interface-name has precedence for the interface named in its registry path, and its value, rather than whatever value might be set globally, is used for that interface.
DisableDynamicUpdate.
This REG_DWORD value disables the Domain Name System (DNS) dynamic update registration for all interfaces on the system. The default value is zero. With dynamic update, DNS client computers automatically register and update their resource records whenever address changes occur. Set this value to 0x01 to disable dynamic registration. The default value is 0x00.
DisableReplaceAddressInConflicts.
This REG_DWORD value prevents the Domain Name System (DNS) client from overwriting an existing resource record when it discovers an address conflict during dynamic update. An address conflict occurs when the DNS client discovers that an existing A (address) record associates its DNS name with the IP address of a different computer. By default, the DNS client tries to replace the original registration with a record associating the DNS name to its own IP address. However, you can use this entry to direct DNS to back out of the registration process and to record an error in the Event Viewer log instead. This entry is designed for zones that do not use secure dynamic update. It prevents unauthorized users from changing the IP address registration of a client computer. Setting this value to 0x00 allows the DNS client to overwrite the existing A record with an A record for its own IP address. Setting this value to 0x01 allows the DNS client to back out of the registration process and write an error to the Event Viewer log.
DisableRevserAddressRegistrations.
This REG_DWORD value disables the Domain Name System (DNS) dynamic update registration of PTR (pointer) records by this DNS client. PTR records associate an IP address with a computer name. This entry is designed for enterprises in which the primary DNS server that is authoritative for the reverse lookup zone cannot or is not configured to perform dynamic updates. It reduces unnecessary network traffic and eliminates event log errors that record failed attempts to register PTR records. Set this value to 0x01 to prevent registration of PTR records. Setting this value to 0x00 allows registration of PTR records.
DisableUserTOSSetting.
This REG_DWORD value specifies whether individual applications can alter the type of service (TOS) bits in the header of outgoing IP packets. In general, individual applications should not be allowed to manipulate TOS bits, because this can defeat system policy mechanisms. You must restart the computer for this setting to take effect.
EnableICMPRedirect.
This REG_DWORD value controls whether Windows alters its routing table in response to Internet Control Message Protocol (ICMP) messages that instruct it to direct datagrams for the recipient along a different route. You must restart the computer for this setting to take effect.

Table B-3 Tcp1323Opts
Value	Description
0	Timestamps and window scaling are disabled.
1	Window scaling is enabled.
2	Timestamps are enabled.
3	Timestamps and window scaling are enabled.

IGMPLevel.

This REG_DWORD value specifies the extent to which the system supports IP multicasting and participates in the Internet Group Management Protocol. Table B-4 describes this value's settings.

Table B-4 IGMPLevel
Value	Description
0	Only send IP multicast packets. Treated the same as a value of 1.
1	Only send IP multicast packets.
2	Send and receive IP multicast packets (participate in IGMP).

Tcpip\Interfaces

The Interfaces subkey stores configuration data specific to a TCP/IP communications interface. This subkey stores TCP/IP configuration data that can be configured differently for each interface that the system uses. It contains one or more subkeys, called interface-name (represented by a GUID), each of which represents one interface. The entries in the interface-name subkeys apply only to the interface that the subkey represents, and they take precedence over any conflicting settings in the Parameters subkey.

The interface-name subkeys represent TCP\IP communication interfaces, and they are named for the network name of the interface. Each subkey represents a particular interface, and it stores configuration data that applies only to that interface. Most of the entries in the interface-name subkey described here can appear in any of the subkeys in the Interfaces subkey. Some entries can appear in the Param eters subkey, in an interface-name subkey, or in both. If an entry appears in the Parameters subkey, it applies to all interfaces by default. If it appears in an interface-name subkey, it applies only to the interface that the subkey represents, and it takes precedence over the entry in the Parameters subkey when configuring that interface.

The following list describes the values for each interface-name subkey:

EnableDHCP.
This REG_DWORD value determines whether the Dynamic Host Configuration Protocol (DHCP) service is enabled. If the value of this entry is 1, the DHCP client service is used to configure this interface.
IPAutoconfigurationAddress.
This REG_DWORD value stores the IP address that the IP autoconfiguration feature assigns to this interface. Autoconfiguration allows TCP/IP to configure an interface even when it cannot locate a Dynamic Host Configuration Protocol (DHCP) server. If TCP/IP cannot locate a DHCP server, it configures the interface by using IP addresses from the Microsoft reserved Class B network (169.254.0.0), subnet mask 255.255.0.0. During autoconfiguration, TCP/IP continues trying to locate a DHCP server, and it abandons autoconfiguration if it finds one. This entry is used only when IP autoconfiguration is enabled—that is, when the value of the IPAutoconfigurationEnabled entry is 1.
IPAutoconfigurationEnabled.
This REG_DWORD value specifies whether the IP autoconfiguration feature is enabled for this interface. If the value of this entry is 1, autoconfiguration is enabled; if the value of this entry is 0 or if this entry is absent from the registry, autoconfiguration is not enabled. Autoconfiguration allows TCP/IP to configure an interface even when it cannot locate a Dynamic Host Configuration Protocol (DHCP) server. If TCP/IP cannot locate a DHCP server, it configures the interface by using IP addresses from the Microsoft reserved Class B network (169.254.0.0), subnet mask 255.255.0.0. During autoconfiguration, TCP/IP continues trying to locate a DHCP server, and it abandons autoconfiguration if it finds one. IPAutoconfigurationEnabled also appears in the Parameters subkey, and its value applies, by default, to all interfaces. However, if this entry appears in any subkey of the Interfaces subkey, it takes precedence over the entry in the Parameters subkey when configuring the interface. Windows does not add this entry to the registry. You can add it by using the registry editor Regedit.exe.
SubnetMask.
This REG_DWORD value specifies the subnet mask for the IP address specified in the value of the IPAddress entry or the DhcpIPAddress entry. This entry, which can be changed by the user, overrides the DHCP-configured values for the subnet mask. The subnet mask is determined by two entries, DhcpSubnetMask (which is configured by DHCP) and SubnetMask (which you can configure). If the value of SubnetMask is not 0.0.0.0, it overrides the value of DhcpSubne tMask.