How to Turn Off IUSR_machinename Token Caching (188895)


The information in this article applies to:

  • Microsoft Internet Information Server 4.0
This article was previously published under Q188895
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx

SUMMARY

To make security debugging easier, you may want to disable caching of the anonymous user account in Internet Information Server version 4.0.

MORE INFORMATION

You can do this by setting the PasswordCacheTTL property to zero (0). By default, Internet Information Server will cache the anonymous user account for 10 minutes. To change the PasswordCacheTTL value to zero (0), type the following at the command line:

adsutil set w3svc/1/PasswordCacheTTL "0"

The following sample code can be called from Visual Basic, ASP, and Windows Script Host with minimal changes in each environment: 
   Dim oServer
   Set oServer = GetObject("IIS://LocalHost/W3SVC")
   oServer.PasswordCacheTTL = 0
   oServer.SetInfo
   Set oServer = Nothing

Please note: This procedure affects all Web server instances and decreases server performance; it is intended for debugging purposes only.
Modification Type:MinorLast Reviewed:6/23/2005
Keywords:kbhowto KB188895
©2004 Microsoft Corporation. All rights reserved.