UserTokenTTL

It has been reported that password changes on the SSPR server are not reflected immediately and that there are cases where the old password can be used to log in. This feature is a feature of the Microsoft IIS service and is due to the default 15-minute value of the UserTokenTTL. The IIS cache keeps the token information of the user account alive for 15 minutes. In order to change this value, this value must be changed from the registry on the server.

It is recommended that you back up your system before making changes to the Registry. Any incorrect changes you make to the Registry may cause the system to malfunction. All changes made are the responsibility of the system administrator.

The Registry editor opens,
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters" Node is expanded.
If there is a record named UserTokenTTL under Parameters, double-click it to open edit mode and set its value to 0.
If there is no record, right-click it under Parameters to live and create a new REG_DWORD. The name of the newly created record is UserTokenTTL.
The record is opened by double-clicking it and set its value to 0.
IIS is restarted.

PreviousTroubleshooting NextSecuring Windows Server

Last updated 1 month ago