Sujet : Re: About That “inetpub” Folder ...
De : nospam (at) *nospam* needed.invalid (Paul)
Groupes : comp.os.linux.advocacy alt.comp.os.windows-11Date : 10. Jun 2025, 06:14:27
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <1028evl$129fb$1@dont-email.me>
References : 1
User-Agent : Ratcatcher/2.0.0.25 (Windows/20130802)
On Mon, 6/9/2025 7:58 PM, Lawrence D'Oliveiro wrote:
Lately, a mysterious empty folder called “inetpub” has been appearing
on Windows machines after recent Microsoft security updates. Some were
old enough to remember that this folder was part of the installation
of Internet Information Server, which was Microsoft’s attempt to
compete with the open-source heavyweights in the web server world. It
was a product that was infamous for its security vulnerabilities, so
when people saw this familiar name reappear out of the dead past, it
was no surprise that some went “Aieeee! Security hole! Delete!
Delete!”.
But it turns out that this is no bug, it’s a feature! It is somehow a
required part of Microsoft’s current security mechanisms for Windows.
(How? Why? Nobody seems able to explain ...) And not only that, if you
delete it (accidentally or otherwise), you cannot simply fix things by
recreating a folder in the same location with the same name.
Instead, you have to go through the rigmarole of downloading and
running some PowerShell script that Microsoft helpfully provides
<https://www.tomshardware.com/software/windows/if-you-deleted-that-mysterious-windows-file-microsoft-told-you-not-to-theres-a-new-script-to-restore-it>.
Even running the script is not a straightforward process: it requires
the entry of several cumbersome and error-prone shell commands.
C:\>dir
Volume in drive C is W11HOME
Volume Serial Number is
Directory of C:\
Mon, 06/12/2023 03:19 AM <DIR> AMD
Thu, 11/24/2022 06:13 PM <DIR> boot
Sun, 07/17/2022 12:33 PM <DIR> cygwin
Mon, 05/23/2022 10:49 PM 12,288 DumpStack.log
Thu, 12/19/2024 07:57 PM <DIR> ESD
Wed, 04/09/2025 02:05 AM <DIR> inetpub <=== very pretty, I saw that...
Sat, 04/23/2022 11:17 PM <DIR> MinGW
Sat, 05/07/2022 01:24 AM <DIR> PerfLogs
Mon, 06/09/2025 11:07 PM <DIR> Program Files
Sat, 05/10/2025 06:40 PM <DIR> Program Files (x86)
Wed, 02/16/2022 11:06 AM 357,548 Reflect_Install.log
Wed, 05/28/2025 09:05 AM 94 rescuepe.log
Wed, 05/28/2025 08:00 AM <DIR> Temp
Thu, 09/22/2022 06:16 AM <DIR> Users
Wed, 05/14/2025 12:40 AM <DIR> Windows
I didn't spend more than about five seconds thinking about that when
I saw it. I just... moved on.
*******
I don't see anyone taking credit for this cheese&cracker spree.
https://www.powershellgallery.com/packages/Set-InetpubFolderAcl/1.0/Content/Set-InetpubFolderAcl.ps1 $sddlInetpub = "O:SYG:SYD:P(A;CIOI;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;BA)(A;CIOI;GRGX;;;BU)(A;CIOI;GA;;;CO)"
It's better to print them out stacked. Now, compare to the Security tab on the thing.
$sddlInetpub = "O:SYG:SYD:P
(A;CIOI;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)
(A;CIOI;GA;;;SY)
(A;CIOI;GA;;;BA)
(A;CIOI;GRGX;;;BU)
(A;CIOI;GA;;;CO)"
And roughly translated, that means:
"Don't fuck with me, I have the death sentence on twelve planets."
Apparently, that SID is well known (written on the bathroom wall at the pub).
S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 = Trusted Installer's SID
If they would only bring back FAT32, we wouldn't have to do this.
Paul
About That “inetpub” Folder ...
Re: About That “inetpub” Folder ...