Few months ago, I fired procmon and collected all the registry keys IIS7 processes read. I then gathered the information about these registry keys from different people in the team and also collected available information on the internet. I have been sitting on this information for quite a while hoping to make it complete and finally I got enough time during this holiday period to finish this. Below is what all I could gather. Keys affecting FTP/FTP7 and Asp.Net are not included in this article. There are few IIS7 keys omitted from this list either because I couldn’t think of why people would like to change it or because we don’t want to people to modify those. If you see any information missing or incorrect as per your knowledge, please send me a message.
Common (keys read by many parts of IIS)
1. HKLM\SOFTWARE\Microsoft\InetStp\Configuration\MaxWebConfigFileSizeInKB (REG_DWORD)
Nativerd.dll uses the value of this registry key to determine the maximum allowed size (in KB) of web.config files. Configuration system will produce error “Cannot read configuration file because it exceeds the maximum file size” if it encounters a web.config larger than this size. Configuration system assumes a default value of 250 (100 in Vista RTM). Changing the value of this key will require a process restart.
2. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\LastPriorityUPNLogon (REG_DWORD)
This registry key switches the order in which IIS processes try to do a user logon. Default value is 0 (false) which means UPN logon is not last priority. IIS uses the UPN format first and then the “domain” and username” fields. Setting this key to non-zero switches it so that IIS uses domain and username first and then the UPN logon.
3. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\UserTokenTTL (REG_DWORD)
This key controls how long IIS will cache a user token before releasing it and recreating it (as needed). Default value is 900 (seconds). This key is used by token cache module in worker process and also by WAS. Read more about it here.
4. HKLM\System\CurrentControlSet\Services\WAS\Parameters\ConfigIsolationEnabled (REG_DWORD)
Default value of this key is 1 (configuration isolation enabled). Setting this registry to key to 0 will disable configuration isolation and worker process will try to read applicationHost.config directly. Any value other than 0 or 1 is assumed as default value. If you disable configuration isolation, you might need to change ACLs of %windir%\system32\inetsrv\config folder to grant worker process read access to applicationHost.config. As configuration isolation feature is not available in Vista RTM, this key is not valid on it.
5. HKLM\System\CurrentControlSet\Services\WAS\Parameters\ConfigIsolationPath (REG_SZ)
This regkey dictates the folder path where temp apppool config files are created by WAS. Default value of this key is %systemdrive%\inetput\temp\apppools. If you change this location make sure that LocalSystem has full access to the folder. This is not valid on vista RTM as the configuration isolation feature is not available.
6. HKLM\System\CurrentControlSet\Services\WAS\Parameters\AlwaysLogEvents (REG_DWORD)
If WAS detects an invalid object for some reason, it doesn’t allow object to log errors. This registry switch allows users to see these errors. Default is 0 which means WAS won’t log events. Any non-zero value enables logging.
7. HKLM\System\CurrentControlSet\Services\WAS\Parameters\UseSharedWPDesktop (REG_DWORD)
Read about it here.
8. HKLM\System\CurrentControlSet\Services\IISADMIN\Parameters\EnableABOMapperLog (REG_DWORD)
This registry key can be used to enable ABOMapper logging. When set to 0 (default value), ABOMapper doesn’t log any information. When set to non-zero value, a log is created as %windir%\system32\abomapper.log and ABO will spew debug information in this file. You need to restart iisadmin after you change this key. http://support.microsoft.com/kb/931208 has more information about it.
9. HKLM\System\CurrentControlSet\Services\IISADMIN\Parameters\LazyWriteTime (REG_DWORD)
This registry key can be used to make ABOMapper buffer the configuration changes for sometime before it commits the changes to disk. Default value of this registry key is 0 which means lazy writer is OFF by default. Setting this key to value greater than 0 turns on Lazywriter with the lazy write time equal to the time set in the registry (interpreted as number of milliseconds).
10. HKLM\System\CurrentControlSet\Services\W3SVC\Parameters\ConfigPollMilliSeconds (REG_DWORD) (not there in vista rtm)
Default value of this key is 0 (disabled) which means configuration system will rely on change notifications for tracking changes to configuration files. Positive value of this key means configuration system will check configuration file last modified time every N milliseconds to find changes to configuration files and will not use directory monitors.
11. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\ObjectCacheTTL (REG_DWORD)
This regKey is used by both user mode file cache and kernel mode output cache. Both these caches run a scavenger every ObjectCacheTTL seconds. Read more about it here.
12. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\DisableMemoryCache (REG_DWORD)
When this regKey value is set to non-zero, file cache is disabled. By default value of this key is assumed to be 0 and file cache is enabled. Read about it here.
13. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\MaxCachedFileSize (REG_DWORD)
This regKey is used by file cache to determine maximum size (in bytes) of file which can be cached. Any file of size greater than this value is not cached. Default value of this key is 256KB. Read more about it here.
14. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\MaxCachedFileSizeInMB (REG_DWORD)
MaxCachedFileSize which is the max size in bytes cannot be set to greater than 4GB. You can use MaxCachedFileSizeInMB instead to set max file size to cache greater than 4GB. If both MaxCachedFileSizeInMB and MaxCachedFileSize is defined, effective max cached file size is sum of both these values. As default value of MaxCachedFileSize is 256KB, defining only this regKey will increase effective max size by 256KB. Default value of this regKey is 0.
15. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\MemCacheSize (REG_DWORD)
This regKey dictates maximum amount of memory which will be used by file cache in a worker process. Default value of this regKey is 0 which means cache size is determined dynamically by looking at available physical memory and total virtual memory. When set to 0, value is adjusted every ObjectCacheTTL seconds. Read about it here.
16. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\MaxOpenFiles (REG_DWORD)
File cache caches a maximum of MaxOpenFiles number of files. Default value is 0 which means no limit.
17. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\DoDirMonitoringForUnc (REG_DWORD)
By default file cache doesn’t use change notifications for UNC files. Setting this regKey to 1 enables directory monitoring for UNC paths. Read more here.
18. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\FileAttributeCheckThreshold (REG_DWORD)
File cache checks last modified time of UNC files every FileAttributeCheckThreshold seconds to detect file changes. Default value of this key is 5 (seconds). Read about it here. User mode and kernel mode output caches also uses this key to determine how long output of files which have virtual file mapping (handler configured with resourceType=Unspecified) should stay in response cache.
19. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\FlushTokenCache (REG_DWORD)
Token cache module registers for a change notification for this key and as soon as this is set to 1, it flushes the token cache. You should set this back to 0 after changing to 1. Read more about it here.
20. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\HttpResponseCacheTTL (REG_DWORD)
This regKey defines http.sys response cache TTL whose default value is 900 (seconds).
21. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\OutputCacheTTL (REG_DWORD)
User mode output cache uses value of this regKey as TTL. Default is 30 (seconds). A scavenger is run every TTL seconds to remove content from the cache as needed.
22. HKLM\System\CurrentControlSet\Services\W3SVC\Parameters\EnableTraceMethod (REG_DWORD)
This regKey is read by protocol support module (protsup.dll). Trace verb is enabled only if this registry key is set to a non-zero value. If this key is not set or is set to 0, trace requests are returned as 404. Read more here.
23. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\DigestPartialContextCacheTTL (REG_DWORD)
First time when client connects to a site that requires digest authentication, it will receive an initial challenge. This initial challenge is based on the partial security context which needs to be kept around for the client to be able to finish the digest auth handshake. DigestPartialContextCacheTTL regKey allows you to set the timeout value which controls how long IIS should keep partial contexts around. Read more about it here.
24. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\DigestContextCacheTTL (REG_DWORD)
After successful digest auth handshake full security context can be kept around but eventually upon inactivity full security contexts have to be flushed. DigestContextCacheTTL controls how long full security contexts should be stored. Read more here.
25. HKLM\System\CurrentControlSet\Services\W3SVC\Parameters\DontFlushCachedIsapiResponses (REG_DWORD)
Default value of this key is false. When set to non-zero, ISAPI module calls SetKernelInvalidatorSet. Read about it here.
26. HKLM\System\CurrentControlSet\Services\W3SVC\Parameters\ForwardServerEnvironmentBlock (REG_DWORD)
CGI handler uses this key to determine if it should forward all the environment variables defined in the worker process are to CGI process or not. Default is true. Setting this regKey to 0 will make CGI handler to not forward environment block to CGI.
27. HKLM\System\CurrentControlSet\Services\W3SVC\Parameters\MaxConcurrentCgisExecuting (REG_DWORD)
This key is used by CGI handler to determine maximum number of CGIs that can execute concurrently. Default value of this is 256. Read more about it here.
28. HKLM\System\CurrentControlSet\Services\W3SVC\Parameters\DoNotKillCgiOnRequestEnd (REG_DWORD)
Default value is false. You can set it to true to tell CGI handler to not kill the processes on request end.
Registry keys listed below are used by ASP ISAPI. Details on all these regKeys can be found here.
29. HKLM\System\CurrentControlSet\Services\ASP\Parameters\F5AttackDetectionEnabled (REG_DWORD)
30. HKLM\System\CurrentControlSet\Services\ASP\Parameters\HangDetRequestThreshold (REG_DWORD)
31. HKLM\System\CurrentControlSet\Services\ASP\Parameters\HangDetThreadHungThreshold (REG_DWORD)
32. HKLM\System\CurrentControlSet\Services\ASP\Parameters\HangDetConsecIllStatesThreshold (REG_DWORD)
33. HKLM\System\CurrentControlSet\Services\ASP\Parameters\HangDetEnabled (REG_DWORD)
34. HKLM\System\CurrentControlSet\Services\ASP\Parameters\EnableChangeNotificationForUNC (REG_DWORD)
35. HKLM\System\CurrentControlSet\Services\ASP\Parameters\FileMonitoringEnabled (REG_DWORD)
36. HKLM\System\CurrentControlSet\Services\ASP\Parameters\FileMonitoringTimeoutSeconds (REG_DWORD)
37. HKLM\System\CurrentControlSet\Services\ASP\Parameters\MaxCSR (REG_DWORD)
38. HKLM\System\CurrentControlSet\Services\ASP\Parameters\MaxCPU (REG_DWORD)
39. HKLM\System\CurrentControlSet\Services\ASP\Parameters\DisableOOMRecycle (REG_DWORD)
40. HKLM\System\CurrentControlSet\Services\ASP\Parameters\DisableLazyContentPropagation (REG_DWORD)
41. HKLM\System\CurrentControlSet\Services\ASP\Parameters\ThreadMax (REG_DWORD)
42. HKLM\System\CurrentControlSet\Services\ASP\Parameters\DisableComPlusCpuMetric (REG_DWORD)
43. HKLM\System\CurrentControlSet\Services\ASP\Parameters\AspMaxResponseHeaderLength (REG_DWORD)
44. HKLM\System\CurrentControlSet\Services\ASP\Parameters\AspMaxPropertyStringLength (REG_DWORD)
45. HKLM\System\CurrentControlSet\Services\ASP\Parameters\DisableCachedResponseOnUNCAccessFailure (REG_DWORD)
46. HKLM\System\CurrentControlSet\Services\ASP\Parameters\DisableCertificateBlobAsArray (REG_DWORD)
Certificates Blob can be returned as an Array. But some programs dont want them as a Array. Disable this for then. Read more here.
IIS Manager and WMSVC
47. HKLM\Software\Microsoft\Inetmgr\Parameters\IncrementalSiteIDCreation (REG_DWORD)
Default value is 0 which means incremental site id is not enabled. You can set this key to 1 to enable it. This key is read by inetmgr.exe every time a site is created. So you don’t need to restart inetmgr.exe after changing this key. Read more here.
Following registry keys are used to store settings required by WMSvc for remote management. Changes to these keys require WMSvc restart. You should use IIS7 UI to change these settings whenever possible. Some more information about these is available here here.
48. HKLM\SOFTWARE\Microsoft\WebManagement\Server\IPAddress (REG_SZ)
Default value of this regKey is * which means all unassigned IP addresses.
49. HKLM\SOFTWARE\Microsoft\WebManagement\Server\Port (REG_DWORD)
If this key is not defined, port is assumed as 8172.
50. HKLM\SOFTWARE\Microsoft\WebManagement\Server\RequiresWindowsCredentials (REG_DWORD)
Default value of this key is 0 which means both windows and IIS manager users can be used. When set to 1 only windows users are allowed.
51. HKLM\SOFTWARE\Microsoft\WebManagement\Server\EnableLogging (REG_DWORD)
Default value is 1 which means logging is enabled. Setting this key to 0 will disable WMSvc logging.
52. HKLM\SOFTWARE\Microsoft\WebManagement\Server\LoggingDirectory (REG_SZ)
Value of this key is used as the log location whose default is %systemdrive%\inetpub\logs\wmsvc.
53. HKLM\SOFTWARE\Microsoft\WebManagement\Server\EnableRemoteManagement (REG_DWORD)
Default value is 0 which means remote management is disabled. When this key is set to 1 remote management is enabled.
54. HKLM\SOFTWARE\Microsoft\WebManagement\Server\RemoteRestrictions (REG_SZ)
55. HKLM\SOFTWARE\Microsoft\WebManagement\Server\SslCertificateHash (REG_BINARY)
56. HKLM\SOFTWARE\Microsoft\WebManagement\Server\SelfSignedSslCertificateHash (REG_BINARY)
W3TP (Keys affecting thread pool manager used by WAS and worker process)
57. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\MaxPoolThreads (REG_DWORD)
These is soft limit on maximum number of threads which will be used and is adjusted dynamically. By default its value is 20 * number of processors. Read more here.
58. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\PoolThreadLimit (REG_DWORD)
This is the absolute maximum thread count. Min = 64, Max = 256. Default value is calculated based on available physical memory. Read more here.
59. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\ThreadTimeout (REG_DWORD)
Default is 1800 (seconds). Read about it here.
60. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\ThreadPoolStartupThreadCount (REG_DWORD)
Number of threads to start on startup. Default is 4 if number of processors is less than 4 or equal to number of processors. Less than 1 is interpreted as 1.
61. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\ThreadPoolMaxCPU (REG_DWORD)
If CPU usage is more than this value, new threads are not created. Default is 95. Read about it here.
62. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\ThreadPoolStartDelay (REG_DWORD)
Default is 1 sec. Read more here.
63. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\ThreadPoolExactThreadCount (REG_DWORD)
Default is 0 which means not set. If set initial thread count is set to this value and thread count is not changed dynamically.
64. HKLM\System\CurrentControlSet\Services\InetInfo\Parameters\MaxConcurrency (REG_DWORD)
This key dictates number of threads allowed to concurrently process I/O. Default value is 0 which means the system allows as many concurrently running threads as there are processors in the system. Read more here.
Hope this helps.