Article <1028evl$129fb$1@dont-email.me>

Deutsch English Français Italiano
<1028evl$129fb$1@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: Paul <nospam@needed.invalid>
Newsgroups: comp.os.linux.advocacy,alt.comp.os.windows-11
Subject: =?UTF-8?Q?Re:_About_That_=e2=80=9cinetpub=e2=80=9d_Folder_...?=
Date: Tue, 10 Jun 2025 01:14:27 -0400
Organization: A noiseless patient Spider
Lines: 78
Message-ID: <1028evl$129fb$1@dont-email.me>
References: <1027sfb$qu5d$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 10 Jun 2025 07:14:30 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="394aa293a7ee5c0723ef7cc6688deec8";
	logging-data="1123819"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX18FZLetD46h69/DDSRPGljl7dq/fObbDCg="
User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802)
Cancel-Lock: sha1:W/FYLVcKzafCLvsgwG+ynG5HDX0=
In-Reply-To: <1027sfb$qu5d$1@dont-email.me>
Content-Language: en-US

On Mon, 6/9/2025 7:58 PM, Lawrence D'Oliveiro wrote:
> Lately, a mysterious empty folder called “inetpub” has been appearing
> on Windows machines after recent Microsoft security updates. Some were
> old enough to remember that this folder was part of the installation
> of Internet Information Server, which was Microsoft’s attempt to
> compete with the open-source heavyweights in the web server world. It
> was a product that was infamous for its security vulnerabilities, so
> when people saw this familiar name reappear out of the dead past, it
> was no surprise that some went “Aieeee! Security hole! Delete!
> Delete!”.
> 
> But it turns out that this is no bug, it’s a feature! It is somehow a
> required part of Microsoft’s current security mechanisms for Windows.
> (How? Why? Nobody seems able to explain ...) And not only that, if you
> delete it (accidentally or otherwise), you cannot simply fix things by
> recreating a folder in the same location with the same name.
> 
> Instead, you have to go through the rigmarole of downloading and
> running some PowerShell script that Microsoft helpfully provides
> <https://www.tomshardware.com/software/windows/if-you-deleted-that-mysterious-windows-file-microsoft-told-you-not-to-theres-a-new-script-to-restore-it>.
> 
> Even running the script is not a straightforward process: it requires
> the entry of several cumbersome and error-prone shell commands.
> 

C:\>dir
 Volume in drive C is W11HOME
 Volume Serial Number is

 Directory of C:\

Mon, 06/12/2023  03:19 AM    <DIR>          AMD
Thu, 11/24/2022  06:13 PM    <DIR>          boot
Sun, 07/17/2022  12:33 PM    <DIR>          cygwin
Mon, 05/23/2022  10:49 PM            12,288 DumpStack.log
Thu, 12/19/2024  07:57 PM    <DIR>          ESD
Wed, 04/09/2025  02:05 AM    <DIR>          inetpub   <=== very pretty, I saw that...
Sat, 04/23/2022  11:17 PM    <DIR>          MinGW
Sat, 05/07/2022  01:24 AM    <DIR>          PerfLogs
Mon, 06/09/2025  11:07 PM    <DIR>          Program Files
Sat, 05/10/2025  06:40 PM    <DIR>          Program Files (x86)
Wed, 02/16/2022  11:06 AM           357,548 Reflect_Install.log
Wed, 05/28/2025  09:05 AM                94 rescuepe.log
Wed, 05/28/2025  08:00 AM    <DIR>          Temp
Thu, 09/22/2022  06:16 AM    <DIR>          Users
Wed, 05/14/2025  12:40 AM    <DIR>          Windows

I didn't spend more than about five seconds thinking about that when
I saw it. I just... moved on.

*******

I don't see anyone taking credit for this cheese&cracker spree.

https://www.powershellgallery.com/packages/Set-InetpubFolderAcl/1.0/Content/Set-InetpubFolderAcl.ps1

    $sddlInetpub = "O:SYG:SYD:P(A;CIOI;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;BA)(A;CIOI;GRGX;;;BU)(A;CIOI;GA;;;CO)"

It's better to print them out stacked. Now, compare to the Security tab on the thing.

$sddlInetpub = "O:SYG:SYD:P
                (A;CIOI;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)
                (A;CIOI;GA;;;SY)
                (A;CIOI;GA;;;BA)
                (A;CIOI;GRGX;;;BU)
                (A;CIOI;GA;;;CO)"

And roughly translated, that means:

   "Don't fuck with me, I have the death sentence on twelve planets."

Apparently, that SID is well known (written on the bathroom wall at the pub).

    S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464  =  Trusted Installer's SID

If they would only bring back FAT32, we wouldn't have to do this.

  Paul