AdminUsers: REG_SZ

Default not set in the registry.

Specifies a list of user names, separated by semicolons. A user who has gained user access must be listed in this key to gain Administrator access.

Security Note:
User names in this list identify the administrators of the site who have access to all virtual roots hosted on this Web site, including the restricted sites. Choose these users carefully and ensure that they set proper passwords, otherwise their accounts could be used to gain access to restricted sites.

For more information, see Web Server Authentication and Permissions.

Basic: REG_DWORD

Default setting is zero (0). If this value is nonzero, the Web Server uses Basic authentication for client connections.

Enables Basic authentication, which enables the client browser to send the user identifier and password to the server.

Security Note:
When Basic authentication is enabled, the client browser sends the user identifier and password to the server in clear text. In addition, all data sent between the client and the browser is in clear text and therefore vulnerable to packet sniffing. You should consider using SSL to help protect sensitive information. For more information about SSL, see SSL Support.

For more information, see Web Server Authentication and Permissions.

BasicRealm: REG_SZ

Specifies the string that the Web Server will send to clients as its Basic realm when performing basic authentication. If this registry value is not set, the Web Server will default to using the string "Microsoft-WinCE".

DefaultPage: REG_SZ

Default not set in the registry. If the value is not present in the registry, the Web Server will use "default.htm;index.htm".

Specifies a list of page names, separated by semicolons, that indicates names interpreted by the Web Server to be default pages. When browsing a directory, the Web Server traverses this list searching for a file of the same name in the directory. If the file exists, it is sent to the client. If no matching file exists, the Web Server sends a directory listing or returns an error, depending on whether directory browsing is enabled. If more than one DefaultPagefile name is matched, the Web Server uses the first matching file name.

For more information, see ISAPI Filters.

DirBrowse: REG_DWORD

Default setting is zero (0). If this value is set to nonzero, directory browsing is allowed. If this value is not set in the registry, directory browsing is turned off.

Turns on the Web Server's ability to provide local directory browsing.

Security Note:
When directory browsing is allowed, the local file system is exposed to a remote browser through HTTP. Users can view file lists and download files depending on virtual root and authentication registry settings. Since enabling directory browsing increases the potential attack surface, you should enable directory browsing only when necessary.

Filter DLLs: REG_SZ

Default not set in the registry.

Specifies a list of DLL names, separated by commas, that identifies the filters to use. For more information, see ISAPI Filters.

IsEnabled: REG_DWORD

If the value is not set in the registry, the Web Server is enabled. If the value is set to zero (0), the Web Server does not accept connections from the network, even from the local host.

For more information, see Starting and Stopping the Web Server.

LogFileDirectory: REG_SZ

Default setting is "\windows\www" directory. If the name is not set or if the specified directory is inaccessible, no logging is performed.

Specifies the name of the directory where the logging files are created.

MaxConnections: REG_DWORD

Default is not set in the registry. If the value is not set in the registry, MaxConnectionswill default to 10.

Specifies the maximum number of simultaneous connections to the Web site. After the maximum number of connections is established, additional client requests will be sent a message: 503 – Server Too Busy.

Security Note:
Setting the value too small can block user access to the site. However, if the value is too large the Web Server will consume more system resources. Based on your deployment model, choose this number appropriately.

MaxHeaderSize: REG_DWORD

Default setting is 48 KB in the registry.

Specifies the maximum number of bytes that the Web Server will read of HTTP headers. If the header size exceeds this value, the Web Server will terminate the session and return a message to the client: 400 - Bad Request.

MaxLogSize: REG_DWORD

Default setting is 32 KB. If this value is not set in the registry, or if it is set to zero (0), no logging is performed.

Specifies the maximum size, in bytes, that a log file can become before it is rolled over.

NTLM: REG_DWORD

Default setting is 1. If this value is set to nonzero, the Web Server uses NTLM authentication for client browser connections. Also, if this value is nonzero, the failure of Basic authentication forces NTLM authentication.

If the value is not set in the registry, NTLM is not used.

Security Note:
Although the client browser sends the password to the server in encrypted format, all data sent between the client and the browser is in clear text and therefore vulnerable to packet sniffing. You should consider using SSL to help protect sensitive information. For more information about SSL, see SSL Support.

For more information, see Web Server Authentication and Permissions.

Port: REG_DWORD

Default setting is 80. This port receives HTTP connections. Do not set the port to zero (0). When the Web Server is running from Services.exe, which is the default, this value is ignored and Services.exe becomes the super server.

PostReadSize: REG_DWORD

If the value is not set in the registry, PostReadSizewill default to 48 KB. The Web Server uses a minimum value of 8192 bytes (8 KB). If the value in the registry is less than 8 KB, the value is ignored and the Web Server will use 8 KB.

Specifies the maximum number of bytes that the Web Server reads when receiving POST data. To read more data, you must use a raw data filter or call ReadClientin an ISAPI extension.

ScriptMap: REG_SZ

Default is not set in the registry.

Identifies the name and value pairs that specify file extensions and scripts. For more information, see ISAPI Script Mapping.

Note:
Windows Mobile does not support wildcards in file extension names. For example, you cannot map *.dll to an ISAPI DLL.

ScriptUnloadDelay: REG_DWORD

Default is not set in the registry. If the value is not set in the registry, ScriptUnloadDelaywill default to 1800000 (30 minutes).

Specifies the length of time, in milliseconds, that the Web Server will leave ISAPI extensions and the ASP interpreter loaded in the cache after the last server use.

ServerID: REG_SZ

Default is not set in the registry. If the value is not set in the registry, ServerIDwill default to "Microsoft-WinCE/X.Y", where X is the major version and Y is the minor version of Windows Embedded CE-based device.

If ServerIDis set, the Web Server returns the specified server name in the response header.

Identifies the server name that is included when the Web Server generates HTTP response headers. The response header includes a field name "Server: ". Optionally, you can include the software version number or any similar information in the string.

Security Note:
To avoid revealing the server software information to malicious users, you may want to create a custom server name that obfuscates the Web Server and operating system versions.