This article was previously published under Q173658
Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
IMPORTANT: This article contains information about editing the registry.Before you edit the registry, make sure you understand how to restore it ifa problem occurs. For information about how to do this, view the "Restoringthe Registry" Help topic in Regedit.exe or the "Restoring aRegistry Key" Help topic in Regedt32.exe.
After you remove the Log on Locally right for a user on a computer runningMicrosoft Internet Information Server (IIS), the user may still be able tolog on to his or her Microsoft Exchange Server mailbox via MicrosoftOutlook Web Access. This behavior is temporary and depends on the length oftime that user tokens are cached on the server.
For performance reasons, user tokens are cached by IIS and updated at 15-minute intervals. The first time a user logs on via a Web browser, theuser's user token is created. If the Log on Locally right is subsequentlyrevoked, the user can still access the mailbox for approximately 15minutes.
To work around this problem, do one of the following:
Restart all the IIS services (Gopher, FTP, and WWW). This will refresh the token cache on the IIS computer. For performance reasons, this is the preferred method if updates are infrequent.-or-
Change the default interval for the token cache by editing the Microsoft Windows NT registry.
WARNING: Using Registry Editor incorrectly can cause serious problems thatmay require you to reinstall your operating system. Microsoft cannotguarantee that problems resulting from the incorrect use of Registry Editorcan be solved. Use Registry Editor at your own risk.
For information about how to edit the registry, view the "Changing Keys AndValues" Help topic in Registry Editor (Regedit.exe) or the "Add and DeleteInformation in the Registry" and "Edit Registry Data" Help topics inRegedt32.exe. Note that you should back up the registry before you edit it.
Start Registry Editor (Regedt32.exe).
From the HKEY_LOCAL_MACHINE subtree, go to the following subkey: