Microsoft details a technique that allows you to restore the "inetpub" folder, which was empty but not at all useless.
Clubic is the source of this information, based on a publication by Microsoft itself, and it's not uninteresting for any users who may have been a little hasty. Indeed, following the release of several Windows 11 updates, some users have noticed the appearance of a hidden folder at the root of their PC's system disk. This folder, dubbed "inetpub", is perfectly empty and seems to have remained so for some time now. What's more, the folder is linked to an inactive service (IIS) on the system. That's all it took for some "courageous" people to try deleting this folder, especially as Microsoft hasn't documented it in the slightest.
Mistake, terrible mistake! Microsoft has since clarified that "inetpub" is an important folder in the deployment of security patches. Admittedly, the folder is empty, but it is used by Windows 11 to determine that security patches, and in particular the one for the CVE-2025-21204 flaw, are correctly in place. It should therefore not have been deleted, and not having it on a machine's system disk prevents it from working properly. You then think that all you have to do is recreate the said folder and the system won't notice a thing. Second mistake! Windows 11 not only needs to be able to check that the folder is present, it also needs to rely on authorizations which, as Clubic explains, are defined in ACLs(Access Control Lists), but these settings are not automatically restored when the folder is recreated manually.
© Clubic
In fact, to go back to the way things were, you need to rely on a tool provided by Microsoft, which will take care of restoring everything without having to activate the IIS service - a rather bastardized solution, but the only one found so far to get around the problem. Microsoft suggests using a Powershell script published on May 28. To use it, open Powershell in administrator mode and enter the commands below:
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
Install-Script -Name Set-InetpubFolderAcl -Force
Powershell can then ask you to install NuGet, which you accept with the "O" command. Next, you need to execute the script you downloaded.
© Clubic
Set-InetpubFolderAcl
As Clubic points out, the above command may not be recognized. If this is the case, then you can call it up by specifying its full path:
& " C:\Program Files\WindowsPowerShell\Scripts\Set-InetpubFolderAcl.ps1 "
We haven't yet tried this out at DriversCloud, but if Microsoft is to be believed, the script should then restore the "inetpub" folder, but above all all the parameters attached to it, so that the security patch can be correctly applied.
