Article <maq0fjF8hnmU4@mid.individual.net>

Deutsch English Français Italiano
<maq0fjF8hnmU4@mid.individual.net>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: news.eternal-september.org!eternal-september.org!feeder3.eternal-september.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: vallor <vallor@cultnix.org>
Newsgroups: comp.os.linux.advocacy,alt.comp.os.windows-11
Subject: Re: About That =?UTF-8?B?4oCcaW5ldHB1YuKAnQ==?= Folder ...
Date: 10 Jun 2025 06:08:52 GMT
Lines: 99
Message-ID: <maq0fjF8hnmU4@mid.individual.net>
References: <1027sfb$qu5d$1@dont-email.me> <1028evl$129fb$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net zHgqqZk1kpDFRLzEYG8Gaw6oxVN0ahshfRwXdiUIs09qQ/fvS3
Cancel-Lock: sha1:vHU7J+28oUsuAD1PhzNtmu2v5AM= sha256:LkQraPL5hCL/z2yPWFARc2Q56vCCgqNToGniX/lXFko=
X-Face: +McU)#<-H?9lTb(Th!zR`EpVrp<0)1p5CmPu.kOscy8LRp_\u`:tW;dxPo./(fCl
 CaKku`)]}.V/"6rISCIDP`
User-Agent: Pan/0.163 (Hmm5; 68619563; Linux-6.14.10)

On Tue, 10 Jun 2025 01:14:27 -0400, Paul <nospam@needed.invalid> wrote in
<1028evl$129fb$1@dont-email.me>:

> On Mon, 6/9/2025 7:58 PM, Lawrence D'Oliveiro wrote:
>> Lately, a mysterious empty folder called “inetpub” has been appearing
>> on Windows machines after recent Microsoft security updates. Some were
>> old enough to remember that this folder was part of the installation
>> of Internet Information Server, which was Microsoft’s attempt to
>> compete with the open-source heavyweights in the web server world. It
>> was a product that was infamous for its security vulnerabilities, so
>> when people saw this familiar name reappear out of the dead past, it
>> was no surprise that some went “Aieeee! Security hole! Delete!
>> Delete!”.
>> 
>> But it turns out that this is no bug, it’s a feature! It is somehow a
>> required part of Microsoft’s current security mechanisms for Windows.
>> (How? Why? Nobody seems able to explain ...) And not only that, if you
>> delete it (accidentally or otherwise), you cannot simply fix things by
>> recreating a folder in the same location with the same name.
>> 
>> Instead, you have to go through the rigmarole of downloading and
>> running some PowerShell script that Microsoft helpfully provides
>> <https://www.tomshardware.com/software/windows/if-you-deleted-that-mysterious-windows-file-microsoft-told-you-not-to-theres-a-new-script-to-restore-it>.
>> 
>> Even running the script is not a straightforward process: it requires
>> the entry of several cumbersome and error-prone shell commands.
>> 
> 
> C:\>dir
>  Volume in drive C is W11HOME
>  Volume Serial Number is
> 
>  Directory of C:\
> 
> Mon, 06/12/2023  03:19 AM    <DIR>          AMD
> Thu, 11/24/2022  06:13 PM    <DIR>          boot
> Sun, 07/17/2022  12:33 PM    <DIR>          cygwin
> Mon, 05/23/2022  10:49 PM            12,288 DumpStack.log
> Thu, 12/19/2024  07:57 PM    <DIR>          ESD
> Wed, 04/09/2025  02:05 AM    <DIR>          inetpub   <=== very pretty, I saw that...
> Sat, 04/23/2022  11:17 PM    <DIR>          MinGW
> Sat, 05/07/2022  01:24 AM    <DIR>          PerfLogs
> Mon, 06/09/2025  11:07 PM    <DIR>          Program Files
> Sat, 05/10/2025  06:40 PM    <DIR>          Program Files (x86)
> Wed, 02/16/2022  11:06 AM           357,548 Reflect_Install.log
> Wed, 05/28/2025  09:05 AM                94 rescuepe.log
> Wed, 05/28/2025  08:00 AM    <DIR>          Temp
> Thu, 09/22/2022  06:16 AM    <DIR>          Users
> Wed, 05/14/2025  12:40 AM    <DIR>          Windows
> 
> I didn't spend more than about five seconds thinking about that when
> I saw it. I just... moved on.
> 
> *******
> 
> I don't see anyone taking credit for this cheese&cracker spree.
> 
> https://www.powershellgallery.com/packages/Set-InetpubFolderAcl/1.0/Content/Set-InetpubFolderAcl.ps1
> 
>     $sddlInetpub = "O:SYG:SYD:P(A;CIOI;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;BA)(A;CIOI;GRGX;;;BU)(A;CIOI;GA;;;CO)"
> 
> It's better to print them out stacked. Now, compare to the Security tab on the thing.
> 
> $sddlInetpub = "O:SYG:SYD:P
>                 (A;CIOI;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)
>                 (A;CIOI;GA;;;SY)
>                 (A;CIOI;GA;;;BA)
>                 (A;CIOI;GRGX;;;BU)
>                 (A;CIOI;GA;;;CO)"
> 
> And roughly translated, that means:
> 
>    "Don't fuck with me, I have the death sentence on twelve planets."

Could you translate that into something more technical?  (That guy ended up
with his buddy's arm on the barroom floor, and I'd like to avoid any
Imperial entanglements.)

Can I remove the ACL for the trusted installer, for example?  Hey, wait a second...

Okay, just had a conversation with ChatGPT, which says I can completely remove
the ACL and I won't have to worry about anything trying to use the funny directory.

What do you think?  Will that prevent scurrilous ruffians from haxoring my
Windows virtual machine?

> 
> Apparently, that SID is well known (written on the bathroom wall at the pub).
> 
>     S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464  =  Trusted Installer's SID
> 
> If they would only bring back FAT32, we wouldn't have to do this.
> 
>   Paul

-- 
-v System76 Thelio Mega v1.1 x86_64 NVIDIA RTX 3090Ti 24G
   OS: Linux 6.14.10 D: Mint 22.1 DE: Xfce 4.18 Mem: 258G
   "If you're not confused, you're not paying attention."