Gibcfg - Doc From The Windows NT Source Code Leak

Microsoft Internet
Information Server
Gibraltar Registry Configuration
Murali R. Krishnan
John F. Ludeman
Introduction:
Microsoft Internet Information Server (Gibraltar) consists of WWW, Gopher and FTP
services. The services are configured using Internet Service Manager. The servers
store all the parameters in the registry on the server machine in human-readable
format. The servers also use several additional configuration parameters in the
registry. The configuration is stored in two parts - per service component and a global
component. In this document, we describe the configuration of both per service and
global registry entries that may be of interest.
The parameters are classified into 3 categories:
n ADMIN CONFIGURABLE These parameters are best configured using admin

tool to take effect immediately. If manually configured all services should be
stopped and restarted.
n CONFIGURABLE These parameters are optionally configurable. Currently no

administration support exists for the changing these parameters. If any
change is made to such parameters, all services need to be stopped and
restarted.
n INTERNAL ANALYSIS These parameters are optionally configurable and

intended for our in house analysis for quality and performance reasons.
These parameters may be optionally disclosed to customers if there is a
strong need.
MICROSOFT CONFIDENTIAL 1 7/6/2019

Common Registry Parameters
The Internet servers share a common portion of registry in the following location for
InetInfo process. These parameters and their value are used for global control of the
Gibraltar services.
Location
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\InetInfo\Parameters
ListenBacklog REG_DWORD
Range: 1 - 250 Default: 25
Description: ADMIN CONFIGURABLE
This specifies the winsock listen backlog for each IP address the server is listening
on. If many connections per-second are being received, the winsock listen backlog
may become depleted and client’s connections will be refused. Servers under heavy
load may want to set this value to around fifty.
BandwidthLevel REG_DWORD
Range: 0 - 0xFFFFFFFF Default: 0xFFFFFFFF
This specifies the amount of bandwidth on network that the Gibraltar server can use.
The server comes with an automatic bandwidth throttler which makes intelligent
decisions to meet user requirements. This helps to reduce overloading the network
too much of Gibraltar server activities. For administrators of small corporate servers,
where a single server is used for multiple sites, this will help to reduce network usage
for Gibraltar servers. It is recommended that this parameter be set from Internet
Server Admin Manager. Otherwise the server should be stopped and restarted for
this value to take effect. A special value of 0xFFFFFFFF means do not do any
throttling.
MemoryCacheSize REG_DWORD
Range: 0 - 0xFFFFFFFF Default:: 10% of Physical Memory
Description: CONFIGURABLE
Gibraltar server caches system handles, directory listings, and several blobs of
frequently used data to improve performance of the system. This parameter specifies
the amount of memory in bytes to allocate for such a cache. This cannot be
configured using admin manager. When changed, the server should be stopped and
restarted for this to take effect. A special value of 0 means do not do any caching.
The performance may be low when caching is shut out. Certain sites experiencing lot
of file traffic can increase this size if there is sufficient RAM on the system.
DisableMemoryCache REG_DWORD
Range: 0-1 Default:: 1 (PWS) 0 (IIS)
Disables Gibraltar server caching. This cannot be configured using admin manager.
When changed, the server should be stopped and restarted for this to take effect.
ObjectCacheTTL REG_DWORD
Range: 0 - 0x7FFFFFFF, 0xFFFFFFFF Default:: 30 seconds
Description: INTERNAL ANALYSIS
2
..
..
..
Objects in.
.the Memory Cache will be phased out of the cache if there have been no
.
references to an object after this period. If the number of data files is limited or
clients only access a small portion of files, increasing this value may be of benefit
(perhaps on the order of fifteen minutes). A value of 0xFFFFFFFF disables the
object cache scavenger. Units is: Seconds.
UserTokenTTL REG_DWORD
Range: 0 - 0x7FFFFFFF Default:: 15 * 60 (10 Minutes)
When a request is made to the server, the security credentials for the request (or the
configured anonymous user) are used to create a user token on the server which the
server impersonates when accessing files or other system resources. The token is
cached so the NT logon only takes place the first time the user accesses the system
or after the user’s token has fallen out of the cache. NTLM authentication tokens are
not cached. Units is: Seconds.
LogFileBatchSize REG_DWORD
Range: 1200 - 0xFFFFFFFF Default:: 64*1024 (64 KB)
This specifies the batch size for writing log file. The server caches the last
LogFileBatchSize bytes of data in memory buffers before it dumps the current buffer
and move onto next buffer. Such batch processing reduces the amount of disk traffic
created by log files. However, if a site is interested in getting the current-up-to-date
log records flushed to disk the batch size can be reduced. For release 1.0 of Gibraltar
servers, set this parameter to at least 1200 bytes. For release 2.0 the minimum value
can be 0. Otherwise the services will crash.
LogFileFlushInterval REG_DWORD
Range: 120-0x7FFFFFFF, (0xFFFFFFFF) Default:: 300 (seconds)
This specifies the interval for flushing out log file. The server periodically wakes up at
the specified interval and flushes the cached log data to file system. Such periodic
flush provides a way for the log records to be available on the file in a system that is
used with low frequency. Setting this value to INFINITE (0xFFFF FFFF) disables the
periodic flushing. Units: seconds
MaxPoolThreads REG_DWORD
Range: 0 - 0xFFFFFFFF Default:: 10
MaxPoolThreads specifies the number of pool threads to create per processor. Each
pool thread watches for the network request and processes the same. Generally it is
not good to create more than 20 threads per processor.
PoolThreadLimit REG_DWORD
Range: 0 - 0xFFFFFFFF Default:: 2 * # MB
PoolThreadLimit specifies the maximum number of pool threads that can be created
in the system. Each pool thread watches for the network request and processes the
same.
MaxConcurrency REG_DWORD
This specifies the amount of concurrency that a system should provide. We use
completion ports for handling IO. In general it is not good to have more than one

thread running and conflicting on shared memory or locks. This parameter specifies
how many threads per processor should be allowed to run simultaneously if there is a
pending IO operation. The specific value of 0 allows system to make intelligent
choice of the number of threads to use. Any non-zero value specifies that the system
should allow that many threads per processor to run simultaneously.
ThreadTimeout REG_DWORD
Range: 0 - 0xFFFFFFFF Default:: 24*60*60 (24 hours)
This specifies the amount of time an IO processing thread should be maintained
even if there is no IO on the system. In general when there is no IO activity and no
requests outstanding the server is idle and does not consume memory. But if that
situation prolongs and exceeds the ThreadTimeout interval, then the thread is killed.
Unit is: seconds.
UseAcceptEx REG_DWORD
Range: 0, 1 Default:: 1
Starting with NT 3.51 SP2 we have a new facility to listen and establish connections
at the server side. AcceptEx() provides a cheap way to accept and receive initial
chunk of data on a new incoming connection. By default the server uses this method
to accept new connections. If for experimental purposes one decides to turn off using
this fast IO path, then this value can be set to 0. However, setting to 0 may cause
potential performance degradation.
AcceptExOutstanding REG_DWORD
Range: 0-1000 Default:: 40
When using AcceptEx(), certain number of sockets should be maintained to receive
and process new connections. This parameter specifies the number of such
outstanding connections to maintain. Whenever the number of outstanding sockets
fall below this range, the server adds additional sockets to bring it back to this level.
AcceptExTimeout REG_DWORD
Range: 0-0xFFFFFFFF Default:: 120
This specifies the time an accept ex socket is allowed to be waiting for a receive to
complete, before the server blows away the long-waiting connection. This helps to
reduce the number of outstanding sockets and hence conserve the system memory
usage. Units: seconds.
UseTransmitFile REG_DWORD
This allows the user to disable the use of transmit file by the server. This is useful
especially for the NTW version when users have more than one remote client
connected over slow link since TransmitFile can tie up resources in the system during
sends.
NonTFBufferSize REG_DWORD
Range: 512 - 64K Default:: 4096
This is used when transmit file is disabled using the UseTransmitFile registry key.
This allows the user to control the size of I/O buffers being used in the system.
4
..
..
..
..
MimeMap
Description:
. Key
CONFIGURABLE
This is a sub key that contains all of the mime mappings for the Web and Gopher
servers. Note that each mime type is a REG_SZ with the type information as the
name of the value with an empty value. The format for each entry is:
<mime-type>,<file-extension>,<unused>,<gopher-type>
For example:
image/gif,gif,,5
In this example, when clients ask the web server for a file then ends in an extension
of “.gif”, the mime type returned to the client would be “image/gif”.
MinFileKbSec REG_DWORD
Range: 1 - 8192 Default: 1000
When an IIS server sends a file to the client, a timeout is established for how long the
server will allow the transfer to continue before aborting it. The timeout chosen is the
maximum of : 1) The Connection Timeout specified in the admin tool and 2) The size
of the file divided by the value specified as MinFileKbSecs. For example, a file size
of 100kb would be given a timeout of 100 seconds or the Connection Timeout if it is
greater. Note the registry name is misleading, the value is in bytes, not kilobytes as
the name might imply.
DebugFlags REG_DWORD
This value specifies bit mask for selectively enabling different checks in a debug
binary of the server common dll (infocomm.dll). This bit mask applies to the common
dll only.
#define DEBUG_ERROR 0x00000008L

#define DEBUG_ODBC 0x00000010L
#define DEBUG_DLL_RPC 0x00000020L
#define DEBUG_GATEWAY 0x00010000L
#define DEBUG_INETLOG 0x00020000L
#define DEBUG_ATQ 0x00040000L
#define DEBUG_DLL_EVENT_LOG 0x00100000L
#define DEBUG_DLL_SERVICE_INFO 0x00200000L
#define DEBUG_DLL_SECURITY 0x00400000L
#define DEBUG_DLL_CONNECTION 0x00800000L
#define DEBUG_DLL_SOCKETS 0x01000000L
#define DEBUG_HEAP_FILL 0x02000000L
#define DEBUG_HEAP_MSG 0x04000000L
#define DEBUG_HEAP_CHECK 0x08000000L
#define DEBUG_MIME_MAP 0x10000000L
#define DEBUG_DLL_VIRTUAL_ROOTS 0x20000000L

Per Service Registry Parameters
Each of the Gibraltar services have per service registry configuration. There are
several parameters which have the same but different per-service values. The values
are used on a per service basis. Below is a description of all such common-named
registry parameters applicable to all services followed by service specific registry
parameters.
Commonly Named Per Service Parameters

Location
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\<ServiceName>\Par
ameters
where ServiceName is
MSFTPSVC FTP Service
GOPHERSVC Gopher Service
W3SVC HTTP Service
AdminName REG_SZ
Range: String Default:: Administrator
Specifies the user friendly administrator name. Gopher service uses this name to
send back responses for Gopher+ queries. It also serves as a way of identifying who
owns a service using IIS manager.
AdminEmail REG_SZ
Range: String Default:: Admin@corp.com
Specifies the email address for administrator of a particular service. Gopher service
uses this name to send back responses for Gopher+ queries. It also serves as a way
of identifying who owns a service using IIS manager.
ServerComment REG_SZ
Range: String Default:: “”
Specifies a user-friendly comment for a service. This information is supplied to the IIS
manager and is used to add configurable comment about a server.
EnableSvcLoc REG_DWORD
IIS Services register themselves with a service locator so that the service can be
discovered by administrative utility and clients. This parameter controls such
registration. If it is set to 0, then the service will forego registration of the service.
6
..
..
..
Otherwise.
. it registers the service for service location. Administrators planning on
.
having a private server should consider setting the value of this parameter to 0.
Authorization REG_DWORD
Range: 0-7 Default:: 0x1
This bit mask specifies what types of authentication a service requires. Note that the
different services have different capabilities so not all of the values are used for each
of the services.
0x00000001 - Allow anonymous (Gopher, FTP, HTTP)

0x00000002 - Allow clear text (FTP, HTTP)
0x00000004 - Allow Windows NT Challenge/Response (HTTP)
AnonymousUserName REG_SZ
Range: String Default:: Guest
This specifies the name of the local user account to use for anonymous users. Server
impersonates as a particular user to access the files so that file system security
model is leveraged. This parameter should not be changed by itself. It should be
configured using the IIS Admin Manager so that the appropriate password can also
be set. The password is stored in protected area in the registry.
ConnectionTimeOut REG_DWORD
Range: 0-0xFFFFFFFF Default:: 600 seconds
Specifies the time the server should hold on to a connection when there is no activity
on the same. Server automatically disconnects long hanging connections. Units:
seconds.
LogFileDirectory REG_EXPAND_SZ
Range: String Default:: %systemroot
%\system32\logfiles
This string specifies the directory in which log files are to be stored. Each service
generates a log record for each request processed.
LogFilePeriod REG_DWORD
Range: 0,1,2,3 Default:: 1
This specifies an internal value for request logging module. The value specifies the
type of log files to be produced.
0 No period. The logfile size is limited to LogFileTruncateSize bytes.
1 Open a new log file each day – Daily.
2 Open a new log file every week – Weekly.
3 Open a new log file every month - Monthly
LogFileTruncateSize REG_DWORD
Range: 0-0xFFFFFFFF Default:: 4,000,000,000

This value specifies the maximum size of each log file generated. Once this size is
reached, the logging module automatically opens a new log file. A special value of 0
means do not truncate.
LogSqlDataSources REG_SZ
This string specifies the name of the ODBC data source to use for sending the
request logs for the service to a SQL compatible database system. This data source
should be a system DSN in the ODBC installation on server machine.
LogSqlTableName REG_SZ
This string specifies the name of the ODBC table name use for sending the request
logs for the service to a SQL compatible database system. The table should be
created by the administrator as per the specification provided with the services. The
user should also have proper access permissions to insert into table.
LogSqlUserName REG_SZ
This string specifies the user name to use for talking to the ODBC data source
specified for ODBC based logging. This user should be a valid user on the database
system to which the LogSqlDataSource is pointing to.
LogSqlPassword REG_SZ
This string specifies the password to establishing an ODBC connection for a
particular user account on the ODBC data source. Currently the password is stored
as a clear text. This may change in the future.
LogType REG_DWORD
Range: 0, 1, 2 Default:: 1
This value specifies the type of logging desired. The type specifies the destination of
log files.
0 No logging
1 Log to files
2 Log to ODBC data source
MaxConnections REG_DWORD
This value specifies maximum number of simultaneous connections that server
allows at any given time. When the number of current connections exceeds this
value, the service rejects the request. It sends a friendly message if possible.
VirtualRoots Key
8
..
..
..
..
Description: . ADMIN CONFIGURABLE
This is a sub key that contains all the virtual roots for a service. Each virtual root is a
REG_SZ value under the key and has the following form:
<Root Name>,<Host address>=<Physical path>,<User name>,<Access mask>
Where:
Root Name: This is the name of the virtual directory as it would appear in an URL.
For example “/scripts” or “/specs”. A root name of just “/” is considered to be the
home root that will be used if no other roots match.
Host Address: The Host address is an optional field that indicates the server IP
address this virtual root is associated with. By specifying a host IP address, multiple
logical servers can be setup on a single machine. If a host address is specified, then
only clients making requests on this IP address will see this virtual root.
Physical Path: The physical path the Root Name should point to. For example
“c:\wwwroot” or “\\server\share”. In the latter case where a UNC is specified, a valid
username and password must be specified.
User Name: Only used if Physical path is a UNC share; specifies the user context
to connect and impersonate as when accessing files over this virtual root. Note the
password is kept in a protected part of the registry and must be set using the admin
tool.
Access Mask: This item is a single hex character bitfield that specifies what
operations are allowed on this root. The mask is not used by the Gopher server since
only Read operations are ever performed. Note this mask has no influence on any
NTFS ACLs that might be on the files. File ACLs must grant the appropriate
permissions in addition to setting the appropriate value on the virtual root. The
values for the bitfield are:
0x00000001 - Read access is allowed (FTP and HTT)

0x00000002 - Write access is allowed (FTP only)
0x00000004 - Execute access is allowed (HTTP only)
0x00000008 - SSL or PCT Encryption required (HTTP only)
The servers always match the longest virtual root first, thus “/123/567/89” will match
“/123/567” before it matches “/123”. The home root (“/”) always matches last. Virtual
roots with host IP addresses always match before roots without host addresses.
Deny IP List Key

This is a sub key that contains all of the IP addresses and subnet masks to deny
access from. Any value not specified under this key, is granted access. Each value
is a REG_SZ value name with a blank value in the form:
<Dotted Decimal IP Network Subnet Mask> <Dotted Decimal IP Network Address>=
Where:
IP Network Subnet Mask: Is the subnet mask of the network IP Network Address
belongs to

IP Network Address: Is the specific IP address to deny.
For example:
255.255.255.255 101.12.15.63=
The incoming IP Address is “Anded” with the IP Network Subnet Mask, then
compared for equality with the IP Network Address. This allows for a range of IP
addresses or a specific IP address to be denied access.
Grant IP List Key

The Grant IP list is identical to the deny IP list except any address not granted under
this key, is denied access.
DefaultLogonDomain REG_SZ
This string specifies the default domain to be used to validate a clear text logon when
no domain is present in the user name field.
LogonMethod REG_DWORD
Range: 0, 1, 2 Default:: 0
Specified which logon method to use for clear text logons.
0 - uses LOGON32_LOGON_INTERACTIVE. Required access right is log on locally.
1 - uses LOGON32_LOGON_BATCH. Required access right is log on as a batch job.
2 - uses LOGON32_LOGON_NETWORK. Required access right is access this

computer from network.
This allow a system administrator, by selecting 1, to give users access to IIS services
but deny them the right to log on locally.
FTP Service Parameters

In addition to the parameters listed above In Common Per Service Parameters, FTP
service maintains the following parameters.
Location
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSFTPSVC\Parame
ters
EnablePortAttack REG_DWORD
Recently there was a security hole discovered in FTP service with passive connection
support. The hole is in the FTP protocol specification. By default the FTP service
allows passive connections to be established based on the port address given by
client. This can enable some hackers to use this facility to execute malicious
commands off the FTP service. The problem occurs when we request FTP service to
10
..
..
..
.. a port other than FTP Data port (20) and port number is less than
connect to .
IP_PORT_RESERVED (1024). This flag controls if such an attack should be allowed.
By default, the service does not make any connections to ports less than
IP_PORT_RESERVED (other than 20). If someone deliberately wants the old
behavior then this flag should be enabled.
ExitMessage REG_SZ
Conventionally FTP Service sends back an exit message when a client sends a quit
command. This string specifies the exit message to be sent.
GreetingMessage REG_MULTI_SZ
When a new user connects to the FTP Server, the server sends a friendly greeting
message detailing contents and administrative information. This string (multiple lines)
specifies the message to use for greeting the new client connections.
MaxClientsMessage REG_SZ
When the current connection exceeds the MaxConnections specified for the service,
the service sends a friendly message to clients. This message is a single line
message provided in this parameter.
LogAnonymous REG_DWORD
This flag controls if a log record should be written for anonymous connections. If set
to 0, no log records are written for anonymous connections. This is valid only for the
EventLog record that is written when an anonymous user logs on. The normal
request log is not affected.
LogNonAnonymous REG_DWORD
This flag controls if a log record should be written for non-anonymous connections. If
set to 0, no log records are written for non-anonymous connections. Only FTP and
HTTP services have non-anonymous user support. This is valid only for the
EventLog record that is written when a non-anonymous user logs on. The normal
request log is not affected.
AccessCheck REG_DWORD
Range: <any> Default:: <any>
This key is used for access check of incoming user connection. The server
impersonates as the logged on user and attempts to open the registry key for read
and write. If the key does not exist then read/write permissions are granted. If the key
exists then based on the access permission on the registry key, read and write
permissions are granted to the user. This feature is specifically useful for servers
which publish content on a FAT volume and hence do not have the rich security
features of NTFS. This is not a recommended approach to provide security owing to
poor manageability and performance.

AllowGuestAccess REG_DWORD
This flag specifies if guest logons are permitted for FTP service. When a new user
logs on, the server checks to see if the user is logged on as an “NT” guest user. For a
guest connection, based on the value of this flag, the FTP service either rejects or
accepts the new connection. Permitting Guest access has been known to have
problems in poorly managed site. Under default installation of Windows NT systems,
Guest is granted permissions for all types of access on the system. This could easily
be a security hole and it is recommended that wary administrators turn off this switch.
AllowAnonymous REG_DWORD
This flag specifies if an anonymous user should be allowed to connect and make a
request to the server. By nature, most of internet protocols allow anonymous
connections to access limited set of files. Hence, it is essential to permit anonymous
connections.
AnonymousOnly REG_DWORD
Specifies if only anonymous connection should be permitted. If this flag is turned on
no non-anonymous connections are permitted (especially true of FTP server).
AnnotateDirectories REG_DWORD
Range: 0, 1 Default:: 0 (FALSE)
FTP service supports annotating a directory with custom messages. The annotation
text should be stored in a special file named ~ftpsvc~.ckm under the directory. If
this file exists in the target directory of a Change Directory (CWD) FTP operation,
then the service responds with the contents of this file for the operation. This provides
a way for administrators to add custom messages for directories under consideration.
By default the service is configured to not send annotation text. If administrator
decides to add a custom message, the annotation file should be created as well as
this flag turned on. It is recommended to make the annotation file a hidden file so that
the file does not show up on a directory listing.
MsdosDirOutput REG_DWORD
Range: 0, 1 Default:: 1 (TRUE)
This flag specifies the style of directory output for a LIST operation from an FTP
client. If the flag is turned on, the service generates a MS-DOS style directory listing.
If the flag is turned off, then the service generates an UNIX style listing. (Some clients
may break if they do not support MS-DOS style listing. For these and numerous
other reasons and administrator may consider turning this flag off. The downside is
that generation of UNIX style listing is costly operation and consumes more CPU.)
LowercaseFiles REG_DWORD
Range: 0, 1 Default:: 0 (FALSE)
The service uses the native case for file names ( like what the file names are stored
in file system). However for exact comparisons with case-sensitive file systems
(NTFS provides an option, FAT is case insensitive) to work fine, it may be necessary
12
..
..
..
to ensure.
.proper file names are used. Administrators can turn on this flag to ensure
.
that the service uses lower case for such comparisons.
binary of the FTP service component (ftpsvc2.dll). The output is sent to the debug
terminal by default.
# define DEBUG_SERVICE_CTRL 0x00000001

# define DEBUG_TIMING 0x00000002
# define DEBUG_CACHE 0x00000004
# define DEBUG_ERROR 0x00000008
# define DEBUG_SECURITY 0x00000010

# define DEBUG_USER_DATABASE 0x00000020
# define DEBUG_LICENSE 0x00000040
# define DEBUG_RPC 0x00000080
# define DEBUG_CONNECTION 0x00000100

# define DEBUG_PARSING 0x00000200
# define DEBUG_COMMANDS 0x00000400
# define DEBUG_CONFIG 0x00000800
# define DEBUG_VIRTUAL_IO 0x00001000

# define DEBUG_CLIENT 0x00002000
# define DEBUG_ASYNC_IO 0x00004000
# define DEBUG_DIR_LIST 0x00008000
# define DEBUG_SOCKETS 0x00010000

# define DEBUG_SEND 0x00020000
# define DEBUG_RECV 0x00040000
# define DEBUG_CRITICAL_PATH 0x10000000
Gopher Service Parameters

In addition to the parameters listed above In Common Per Service Parameters,
Gopher service maintains the following parameters.
Location
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GOPHERSVC\Para
meters
CheckForWAISDB REG_DWORD
The Gopher Service uses WAIS tool kit to support gopher based searches. However,
Microsoft does not ship WAIS tool kit along with IIS server. This flag is used to specify
if search is supported and if the service should check for WAIS toolkit. If set to 0, the

service does not support searches and does not look for wais tool kit. If set to 1, then
the service supports searches if waislook.exe is installed in the system.
binary of the Gopher service component (gopherd.dll). The output is sent to the
debug terminal by default.
# define DEBUG_GD_SERVICE_CTRL 0x00000001

# define DEBUG_GD_TIMING 0x00000002
# define DEBUG_GD_CACHE 0x00000004
# define DEBUG_GD_ERROR 0x00000008
# define DEBUG_GD_TAG 0x00000010

# define DEBUG_GD_PARSING 0x00000020
# define DEBUG_GD_REQUEST 0x00000040
# define DEBUG_GD_REQUEST_LOG 0x00000080
# define DEBUG_GD_CLIENT 0x00000100

# define DEBUG_GD_CONNECTION 0x00000200
# define DEBUG_GD_CONFIG 0x00000400
# define DEBUG_GD_SECURITY 0x00000800
# define DEBUG_GD_SOCKETS 0x00001000

# define DEBUG_GD_STATISTICS 0x00002000
# define DEBUG_GD_RPC 0x00004000
HTTP Service Parameters

In addition to the parameters listed above In Common Per Service Parameters,
HTTP service maintains the following parameters.
Location
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W3SVC\Parameters
AccessDeniedMessage REG_SZ
Range: String
This is the message to send back to clients when they’ve been denied access to the
server. Often times this will be a short html document explaining how to gain access.
CheckForWAISDB REG_DWORD
The HTTP Service can use the WAIS tool kit to support content based searches.
However, Microsoft does not ship WAIS tool kit along with IIS server. This flag is used
to specify if search is supported and if the service should check for WAIS toolkit. If
set to 0, the service does not support searches and does not look for wais tool kit. If
set to 1, then the service supports searches if waislook.exe is installed in the system.
NTAuthenticationProviders REG_SZ
Range: String Default:: NTLM
14
..
..
..
..
Description: . CONFIGURABLE
This value is a comma separated list of Windows NT Authentication providers the
server should advertise when a client has been denied access to a resource. Each
item in the list appears with the appropriate authentication header in the reply to the
client when access has been denied on a resource. The client is then responsible for
choosing the appropriate authentication scheme. This value is only used when the
“Windows NT Challenge/Response” authorization method is enabled.
Script Map Key

This is a sub key that contains all of the script mapping for the web server. Each
script map root is a REG_SZ value under the key and has the following form:
.<Extension>=<Full Path to Script> %s %s
Where:
Extension: Is the extension prefixed by a period this extension is going to be

mapped to. For example, “.pl”, “.idc”.
Full Path to Script: This is the fully qualified path to the executable or ISAPI
Extension dll. If it’s a CGI application, two “%s” items may follow the binary. The first
%s will receive the PATH_INFO variable (text after the script but before the ‘?’ in the
URL), the second “%s” will receive the QUERY_STRING variable (text following the
‘?’ in the URL). This functionality has no meaning for ISAPI Extensions.
Note that if the PATH_INFO is blank in the URL, the server will supply the script path
as the PATH_INFO. That is, if a client asks for “/scripts/foo.pl?abc=xyz”, the server
will set the PATH_INFO to “/scripts/foo.pl” since the PATH_INFO was blank in the
original URL.
Default Load File REG_SZ

Range: String Default:: Default.htm
When a client requests a directory on the server and the default load option is
enabled and this file exists in the directory, the client is redirected to this file.
Dir Browse Control REG_DWORD

Range: Bitfield Default:: 0x4000001e
This value controls whether directory browsing is allowed, how to display the directory
listing and whether the default file should be loaded if found in a directory.
Specifically, the bit values are:
0x00000002 - Show Date

0x00000004 - Show Time
0x00000008 - Show Size
0x00000010 - Show Extension
0x00000020 - Display long date
0x80000000 - Allow directory browsing
0x40000000 - Load Default File
Filter DLLs REG_SZ

Range: String Default:: sspifilt.dll

This is a comma separated list of fully qualified ISAPI Filter DLLs to load during
server startup.
ScriptTimeout REG_DWORD
Range: 10 - 0x80000000 Default:: 900 (5 minutes)
This value is the length of time the server will allow a CGI script to run without any
responses to the client. If the script fails to respond within this time period, the server
terminates the script and logs an event to the event log. This value only applies to
CGI scripts.
CacheExtensions REG_DWORD
The default behavior of the web server is to load an ISAPI Extension when it is first
used and leave it loaded. For debugging purposes however, it is desirable to have
the ISAPI Extension unloaded after it is used so the server doesn’t need to be
stopped. Setting this value to zero will force the server to unload the extension after
it is run. This should only be used as a debugging aid.
ServerSideIncludesEnabled REG_DWORD
The Server Side Include (SSI) functionality of the web server can be disabled to
optimize performance. Setting this value to zero will prevent the server from looking
for files that may be server side includes (that is, have the extension .stm). This may
be a desirable thing to do from a security perspective also.
ServerSideIncludesExtension REG_SZ
Range: String Default:: .stm
This is the extension the server should do server side include processing on.
GlobalExpire REG_DWORD
Range: 0-0x80000000, 0xfffffff Default:: 0xffffffff
The web server can send an “Expires” header for every static document requested by
clients. This can be used to invalidate intervening caches if the data on the server is
very time sensitive or to enhance caching if the data is very time insensitive. The
value for this registry is added to the current time and sent in an Expires header
along with the rest of the response headers to the client or intervening proxies.
Clients and proxies will be forced to check the validity of any cached items when the
are accessed beyond the expiration time.
Note setting a low value can significantly increase traffic at a site.
The special value 0xffffffff is used to disable this functionality.
CreateProcessAsUser REG_DWORD
By default, CGI scripts are run in the context of the user making the request by
creating the process with the Win32 API CreateProcessAsUser. There may be some
16
..
..
..
instances.
.where it may be desirable to run the CGI script in the System context by
.
creating the CGI process with CreateProcess.
Note: This has serious security implications and should not be changed without
understanding the potential risk involved.
CreateProcessWithNewConsole REG_DWORD
By default, CGI scripts are run in a detached process. There may be some instances
where it may be desirable to run the CGI script in a process with a new console, such
as when I/O redirection is used in the script. The process will then be created using
the CREATE_NEW_CONSOLE flag..
Note: This has serious performance implications and should not be changed without
understanding the slowdown involved.
SecurePort REG_DWORD
Range: 0 - 65535 Default:: 443
This is the TCP port to use for SSL/PCT encrypted requests.
EncryptionFlags REG_DWORD
This bitfield specifies which encryption providers to enable. The value allows a
particular encryption protocol to be used. Currently, the only two valid values are:
0x00000001 - Use SSL if available

0x00000002 - Use PCT if available
By default, both are enabled. Note that PCT is not distributed in version 1.0 of the
Internet Information Servers.
ReturnUrlUsingHostName REG_DWORD
Controls if the local computer domain name will be used in building an URL to be
returned to the HTTP client ( e.g. when a redirection indication is returned). By
default, the system will use the “Host:” header field if present else a string
representation of the addres of the local network interface on which the request was
received. If enabled and the server is not multi-homed, the local domain name will be
used if the “Host:” header field is not present.
AcceptByteRanges REG_DWORD
Controls if the HTTP server will process the “Range” header for type “bytes:”. If
enabled, the server will signal that it is accepting range requests by sending the
“Accept-Range: bytes” header field, and will process incoming request specifying a
“Range: bytes=” header field according to the internet draft “Byte range extension to
HTTP”, dated 15-dec-95.
AllowGuestAccess REG_DWORD

This flag specifies if guest logons are permitted for W3 service. When a new user
logs on, the server checks to see if the user is logged on as an “NT” guest user. For a
guest connection, based on the value of this flag, the W3 service either rejects or
accepts the new connection. Permitting Guest access has been known to have
problems in poorly managed site. Under default installation of Windows NT systems,
Guest is granted permissions for all types of access on the system. This could easily
be a security hole and it is recommended that wary administrators turn off this switch.
PoolIDCConnections REG_DWORD
This flag controls whether the Internet Database Connector pools ODBC connections
by default. This value can be overridden in the .idc file by using the
“ODBCConnection: Pool” or “ODBCConnection: NoPool” depending on whether the
default is don’t pool or pool, respectively. It is recommended pooling is controlled in
the .idc file.
PoolIDCConnectionsTimeout REG_DWORD
Range: 2 - 0x80000000 Default:: 30
For ODBC connections that are being pooled, this is the time in seconds the
connection will be left open when not being used. After the timeout has been
reached, IDC will close the ODBC connection.
UploadReadAhead REG_DWORD
Range: 0 - 0x80000000 Default:: 48k
When the client POSTs data to the server, this is the default amount the server will
read before passing control to the application. The application is then responsible for
reading the rest of the data. Increasing this size increases the amount of memory
required on the server.
Realm REG_SZ
Range: String Default:: Host Header or IP addr.
This value supplies the realm value when the server requests a client to authenticate
because they were denied access to a resource when using Basic (Clear Text)
authentication. It appears in the browser’s username/password prompt.
LogSuccessfulRequests REG_DWORD
This flag controls whether the web server writes successful client requests (i.e., HTTP
status code 200, 301 etc) to the log file.
LogErrorRequests REG_DWORD
This flag controls whether the web server writes unsuccessful client requests (i.e.,
HTTP status code 401, 500 etc) to the log file.
AllowKeepAlives REG_DWORD
18
..
..
..
..
Description: . CONFIGURABLE
In some rare instances, it may be desirable to turn off “Connection: keep-alive”
negotiation with clients. Most clients support making multiple requests to the server
on a TCP session, this significantly decreases the workload on the server. Turning off
keep-alive negotiation will have serious performance implications and should only be
used in specific circumstances.
UsePoolThreadForCGI REG_DWORD
Version 1.0 of the server started a thread to handle communication to and from CGI
process requests. In some CGI intense sites, this can cause an overload of threads
and bog down the system. 2.0 has changed this behavior and by default uses a
server pool thread to do CGI processing. This does mean CGI requests that take an
extended period of time can consume a server pool thread. Adjusting
MaxPoolThreads under ..\services\infocomm\parameters can be used to make
more pool threads available.

Gibcfg - Doc From The Windows NT Source Code Leak

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Gibcfg - Doc From The Windows NT Source Code Leak

Uploaded by

Copyright:

Available Formats

Microsoft Internet

The parameters are classified into 3 categories:

n ADMIN CONFIGURABLE These parameters are best configured using admin

n CONFIGURABLE These parameters are optionally configurable. Currently no

n INTERNAL ANALYSIS These parameters are optionally configurable and

MICROSOFT CONFIDENTIAL 1 7/6/2019

MICROSOFT CONFIDENTIAL 3 7/6/2019

#define DEBUG_ERROR 0x00000008L

MICROSOFT CONFIDENTIAL 5 7/6/2019

Commonly Named Per Service Parameters

MSFTPSVC FTP Service

GOPHERSVC Gopher Service

W3SVC HTTP Service

0x00000001 - Allow anonymous (Gopher, FTP, HTTP)

0 No period. The logfile size is limited to LogFileTruncateSize bytes.

1 Open a new log file each day – Daily.

2 Open a new log file every week – Weekly.

3 Open a new log file every month - Monthly

MICROSOFT CONFIDENTIAL 7 7/6/2019

2 Log to ODBC data source

<Root Name>,<Host address>=<Physical path>,<User name>,<Access mask>

0x00000001 - Read access is allowed (FTP and HTT)

Deny IP List Key

<Dotted Decimal IP Network Subnet Mask> <Dotted Decimal IP Network Address>=

MICROSOFT CONFIDENTIAL 9 7/6/2019

Grant IP List Key

0 - uses LOGON32_LOGON_INTERACTIVE. Required access right is log on locally.

1 - uses LOGON32_LOGON_BATCH. Required access right is log on as a batch job.

2 - uses LOGON32_LOGON_NETWORK. Required access right is access this

FTP Service Parameters

MICROSOFT CONFIDENTIAL 11 7/6/2019

# define DEBUG_SERVICE_CTRL 0x00000001

# define DEBUG_SECURITY 0x00000010

# define DEBUG_CONNECTION 0x00000100

# define DEBUG_VIRTUAL_IO 0x00001000

# define DEBUG_SOCKETS 0x00010000

# define DEBUG_CRITICAL_PATH 0x10000000

Gopher Service Parameters

MICROSOFT CONFIDENTIAL 13 7/6/2019

# define DEBUG_GD_SERVICE_CTRL 0x00000001

# define DEBUG_GD_TAG 0x00000010

# define DEBUG_GD_CLIENT 0x00000100

# define DEBUG_GD_SOCKETS 0x00001000

HTTP Service Parameters

Script Map Key

.<Extension>=<Full Path to Script> %s %s

Extension: Is the extension prefixed by a period this extension is going to be

Default Load File REG_SZ

Dir Browse Control REG_DWORD

0x00000002 - Show Date

Filter DLLs REG_SZ

MICROSOFT CONFIDENTIAL 15 7/6/2019

Note setting a low value can significantly increase traffic at a site.

The special value 0xffffffff is used to disable this functionality.

0x00000001 - Use SSL if available

MICROSOFT CONFIDENTIAL 17 7/6/2019

MICROSOFT CONFIDENTIAL 19 7/6/2019

You might also like