If You Killed Your Inetpub Folder You Can Fix It With One Simple Microsoft PowerShell Script

Don’t Get Your Hackles Up By Fixing Your ACLs Manually

Microsoft pushed out an update that seemed to include a wee mistake, the creation of a blank C:\Inetpub folder on all machines, even those without Internet Information Services (IIS) installed.  If you did  have IIS installed then there were files in C:\Inetpub to resolve a serious vulnerability.  Many technically inclined users took offence to the existence of this empty folder and took it upon themselves to delete it.  This wasn’t as simple as a delete though, they needed to take ownership of the folder from SYSTEM as administrative privileges weren’t sufficient to remove the offending folder.  

Unfortunately, Microsoft did this on purpose and stated that deleting C:\Inetpub could cause issues for future Windows Updates and could indeed make you vulnerable to attacks.  There was a bug with the way in which Windows Update may follow symbolic links on unpatched devices, allowing a local attacker to “escalate permissions and manipulate or perform file management operations in the context of the NT AUTHORITY\SYSTEM account.”   This is, how they say, a bad thing.

If you haven’t deleted C:\Inetpub then you are good to go, otherwise visit Bleeping Computer for a link to the PowerShell script that fixes the issue.  Make sure it is from powershellgallery and not some random Git repository!