Managing IIS Registry Settings | Microsoft IIS 6.0Administrator's Consultant

The Windows Registry stores configuration settings for the operating system, the server hardware, and all installed applications. The registry is essential to the proper operation of the operating system. You should make changes to the registry only when you know how these changes will affect the system.

Working with the Registry

Registry settings are stored as keys and values. These keys and values are placed under a specific root key. The root key controls when and how other keys and values are used. The root keys are:

HKEY_CLASSES_ROOT Configuration settings for applications and files. Ensures that the correct application is opened when a file is started through Microsoft Windows Explorer or object linking and embedding (OLE).
HKEY_CURRENT_USER Controls configuration settings for the current user.
HKEY_LOCAL_MACHINE Controls system-level configuration settings.
HKEY_USERS Stores default user and other user settings by profile.
HKEY_CURRENT_CONFIG Contains information about the hardware profile being used.

Under the root keys, you’ll find the main keys that control various facets of the system, user, and application environments. These keys are organized into a tree structure in which folders represent keys. Settings that control the IIS Admin Service are stored under the following registry path:

HKEY_LOCAL_MACHINE  \SYSTEM  \CurrentControlSet  \Services \InetInfo  \Parameters

Here, the key is Parameters. The values associated with this or any other keys have three components: a value name, a value type, and an actual value. Numeric values are often expressed in hexadecimal format. Hexadecimal values use the prefix 0x, such as 0x19 for the decimal value 25. In the following example the ListenBackLog value has a type of REG_DWORD and a value of 0x19:

ListenBackLog : REG_DWORD : 0x19

REG_DWORD is one of several possible value types. The complete list of value types follows:

REG_BINARY Sets a binary value. Binary values must be entered using base-2 (0 or 1).
REG_DWORD Sets a DWORD value, which is composed of hexadecimal data with a maximum length of 4 bytes.
REG_SZ Sets a string value containing a sequence of characters.
REG_EXPAND_SZ Sets an expandable string value, which is usually used with directory paths.
REG_MULTI_SZ Sets a multiple string value.

The main tool that you’ll use to work with the Windows Registry is the Registry Editor (Regedt32.exe). You can start the Registry Editor by clicking Start and then selecting Run. Then type REGEDT32 in the Open field and click OK.

If you’re an experienced administrator, you might want to use a Windows script to manage the registry. With scripts you can create, update, and delete registry settings. Here is a Microsoft Visual Basic, Scripting Edition (VBScript) script example that updates the ListenBackLog value:

'Initialize variables and objects Dim PathPath = "HKLM\SYSTEM\CurrentControlSet\Services\Inetinfo\Parameter\ "Set ws = WScript.CreateObject("WScript.Shell") 'Read and display key value val = ws.RegRead(Path & "ListenBackLog") WScript.Echo "Orginal ListenBackLog value: " & val 'Write new key value and then display new value retVal = ws.RegWrite(Path & "ListenBackLog", 50,"REG_DWORD") val = ws.RegRead(Path & "ListenBackLog") WScript.Echo "Updated ListenBackLog value: " & val

Controlling IIS Through the Registry

Settings that control IIS are stored in the registry under:

HKEY_LOCAL_MACHINE\SYSTEM  \CurrentControlSet  \Services  \Inetinfo  \Parameters

With the changes to the IIS architecture for application pools and queues, many of the previously used registry keys aren’t created automatically. You can still create these keys, however, if you’d like to use them.

The key values you might want to work with are the following:

CacheSecurityDescriptor Indicates whether security descriptors are cached for file objects. A value of 1 enables this feature. A value of 0 disables this feature. When enabled (the default setting), security descriptors for files are saved when caching a file object. As long as the file is cached, IIS won’t need to reaccess the file to determine access rights for new users. This value is most useful for sites that authenticate users and isn’t useful for sites that allow anonymous access.
CheckCertRevocation Indicates whether IIS checks to see if a client certificate is revoked. If you issue your own certificates and make local certificate checks, you might want to enable this feature (setting the value to 1). Otherwise, the feature should be disabled (with a value of 0), which is the default.
DisableMemoryCache Indicates whether IIS memory caching is enabled or disabled. By default, this value is set to 0 (meaning that memory caching is not disabled). Disable memory caching only for testing or development purposes.
ListenBackLog Specifies the maximum number of active connections that IIS maintains in the connection queue. The default value is 15 and the range of acceptable values is from 1 to 250.
MaxCachedFileSize Determines the maximum size of a file that can be placed in the file cache. IIS won’t cache files that are larger than this value. The default value is 262,144 bytes (256 KB).
MaxConcurrency Specifies how many threads per processor should be allowed to run simultaneously if there’s a pending input/output (I/O) operation. The default value (0) allows IIS to control the number of threads per processor. You can also set a specific value.
MaxPoolThreads Sets the number of pool threads to create per processor. Each pool thread watches for a network request for a CGI application and processes it. This value doesn’t control threads that are used by ISAPI applications. By default, the value is set to 4. On a single processor system, this means that only four CGI applications could run simultaneously.
MemCacheSize Sets the maximum amount of memory that IIS will use for its file cache. If IIS doesn’t need this much memory, it’ll be left for other applications to use. By default, IIS uses 50 percent of the available memory. The valid range is from 0 MB to 2,500 MB (2.5 GB).
ObjectCacheTTL Sets the length of time (in milliseconds) that objects are held in memory. If the object hasn’t been used in this interval, it’s removed from memory. The default value is 30 seconds (300,000 milliseconds).
PoolThreadLimit Sets the maximum number of pool threads that can be created on the server. This limit is for all IIS threads. The default value is twice the size of physical memory in megabytes.

Controlling the Indexing Service Through the Registry

Settings that control the Indexing Service are stored in the registry under:

HKEY_LOCAL_MACHINE  \SYSTEM  \CurrentControlSet  \Control  \ContentIndex

You’ll find a detailed discussion of related settings and keys in the section entitled “Indexing Service Essentials” in Chapter 12, “Administering the Indexing Service.”

Settings for the World Wide Web Publishing, File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP) Services are stored in separate registry keys. The path to these keys is:

HKEY_LOCAL_MACHINE  \SYSTEM  \CurrentControlSet  \Services  \ServiceName  \Parameters

ServiceName is the name of the service you want to work with. Services you might work with are:

MSFTPSVC for the FTP Service
W3SVC for the World Wide Web Publishing Service
SMTPSVC for the SMTP Service

Although most of the keys under this path are used only by IIS, you might want to set the AllowGuestAccess key value. This key value determines whether Guest logons are allowed for Internet services. By default, Guest logons are permitted, but you can disable this feature by creating the key and setting its value to 0.

For the World Wide Web Publishing Service, you might also want to work with the following key values:

SSIEnableCmdDirective Determines whether Web pages can issue server-side include statements that execute shell commands. By default, the ability to execute shell commands is disabled (set to 0), and this is the value you should use in most cases. If you allow the direct execution of shell commands from Web pages, you might inadvertently open up the server to attack from malicious coders.
TryExceptDisable Determines whether exception caching is enabled for debugging. The value is disabled by default (set to 0). If enabled (set to 1), the server stops when any exception is thrown and allows a developer to debug the application that threw the exception.
UploadReadAhead When a client posts data to the server, this value determines the amount of data the server reads before passing control to the application responsible for handling the data. The default value is 48 KB.
UsePoolThreadForCGI Determines whether CGI requests can use pooled threads. By default, this value is enabled (set to 1). If disabled, CGI requests don’t use pooling and the Inetinfo value MaxPoolThreads doesn’t apply.

Controlling Secure Sockets Layer Through the Registry

Settings that control Secure Sockets Layer (SSL) are stored in the registry under

HKEY_LOCAL_MACHINE  \SYSTEM  \CurrentControlSet  \Control  \SecurityProviders  \SCHANNEL

After you’ve started the Registry Editor and accessed this location, the key values you might want to work with are:

EventLogging Determines whether SSL connections are logged for Web sites configured on the server. By default, this value is enabled (set to 1). To disable this feature, set the value to 0.
ServerCacheTime Determines the amount of time (in milliseconds) that an SSL session lasts. Establishing an SSL session is a time-intensive and resource-intensive process. If you expect SSL sessions to last, on average, longer than the default value, you might want to modify this value. By default, an SSL session lasts 5 minutes (300,000 milliseconds). When the session expires, a new SSL session must be established.