$NtUninstallKB.............$

[nic]

I have quite a few folders in C:\Windows\ named;
$NtUninstallKB.............$ coloured blue.
I assume these folders and files are uninstalled during
update installation.
Are they safe to delete?
Thank you in anticipation.

 

[Ramesh [MVP]]

More Information: $Uninstall folders - Description:
http://www.mvps.org/sramesh2k/Hotfix_backup.htm

--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k


I have quite a few folders in C:\Windows\ named;
$NtUninstallKB.............$ coloured blue.
I assume these folders and files are uninstalled during
update installation.
Are they safe to delete?
Thank you in anticipation.

 

[Kelly]

Some of the Hotfixes (Mostly security updates) do not have an uninstall
feature, these will not appear in the Add and Remove list. If a Hotfix does
appear in the Add and Remove list then it can be uninstalled just like any
other program.

If you uninstall the Hotfix, you will lose the benefits of that patch. This
should only be done if you can determine that you are experiencing negative
effects from the particular Hotfix.

If you simply do not want them to appear in the Add and Remove list and you
are sure that you will not need the uninstall option, you can remove items
from that list by using a registry tweak.

Automated Edit:

Remove Hotfixes from Add or Remove (Line 193)
http://www.kellys-korner-xp.com/xp_tweaks.htm

Manual Edit: Go to Start/Run/Regedit and navigate to this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall

Expand this branch and look at the list. The Hotfixes are all listed by a
"Q" number that corresponds to the entry in the Add and Remove list. Make
sure that you back up each Key before deleting it.

Select the key and then select File/Export and include the Q number in the
name of the file. Right click the entries you want to remove and select
Delete.

 

[cquirke (MVP Win9x)]

More Information: $Uninstall folders - Description:
http://www.mvps.org/sramesh2k/Hotfix_backup.htm

Is it possible to relocate these off C:?

We have a policy of keeping C: small and lean for performance and
other reasons. Wads of accumulated undo material such as this clog up
the system, and we'd prefer this to be located on F:, which is the
last and slowest volume on the HD set aside for such "cold storage".

-------------------- ----- ---- --- -- - - - -

Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.

 

[Ramesh [MVP]]

Though I've not tried this practically, there should be no problems. But the important point is that the 'Uninstall String' registry will still point to the C:\ (example C:\WINDOWS\$NtUninstallKBnnnnnn$\spuninst\spuninst.exe. Other option is to burn these to a CD and copy it back to the C:\ drive if/when you plan to uninstall a hotfix.

--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k

More Information: $Uninstall folders - Description:
http://www.mvps.org/sramesh2k/Hotfix_backup.htm

Is it possible to relocate these off C:?

We have a policy of keeping C: small and lean for performance and
other reasons. Wads of accumulated undo material such as this clog up
the system, and we'd prefer this to be located on F:, which is the
last and slowest volume on the HD set aside for such "cold storage".

-------------------- ----- ---- --- -- - - - -

Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.

 

[cquirke (MVP Win9x)]

Though I've not tried this practically, there should be no problems. But the important
point is that the 'Uninstall String' registry will still point to the C:\ (example C:\WINDOWS\
$NtUninstallKBnnnnnn$\spuninst\spuninst.exe.

Perhaps a useful PowerToy would automate moving the info to a
different destination, and updating the registry pointers accordingly?

Other option is to burn these to a CD and copy it back to the C:\ drive if/when
you plan to uninstall a hotfix.

Makes sense, yes. Would be nice if one could preset the location
these things are saved to (similar to shell folders); that would be
the most elegant solution IMO.

--------------- ----- ---- --- -- - - -

Dreams are stack dumps of the soul

 

[Ramesh [MVP]]

Perhaps a useful PowerToy would automate moving the info to a different destination, and updating the registry pointers accordingly?

Good idea, another difficulty here is the inconsistent naming conventions followed. It may be Qnnnnnn or KBnnnnnn sometimes. Another instance : "C:\windows\$NtUninstallKB823980_RTM$" referenced in the registry as:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB823980
and not
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB823980_RTM$

Therefore, reading the folders programatically and mapping them to it's registry key (or Vice-Versa) might prove erroneous sometimes. (to my knowledge). Would be great if a specific naming convention is followed both for the Uninstall folders & the Uninstall registry key. There may be some great minds who can make this possible, inspite of the above hurdles.
Yup. That's a great idea as well.

--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k

Though I've not tried this practically, there should be no problems. But the important
point is that the 'Uninstall String' registry will still point to the C:\ (example C:\WINDOWS\
$NtUninstallKBnnnnnn$\spuninst\spuninst.exe.

Perhaps a useful PowerToy would automate moving the info to a
different destination, and updating the registry pointers accordingly?

Other option is to burn these to a CD and copy it back to the C:\ drive if/when
you plan to uninstall a hotfix.

Makes sense, yes. Would be nice if one could preset the location
these things are saved to (similar to shell folders); that would be
the most elegant solution IMO.

 

[cquirke (MVP Win9x)]

On Tue, 20 Apr 2004 14:58:08 +0530, "Ramesh [MVP]"

Good idea, another difficulty here is the inconsistent naming conventions followed.
It may be Qnnnnnn or KBnnnnnn sometimes. Another instance :
"C:\windows\$NtUninstallKB823980_RTM$" referenced in the registry as:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB823980
and not
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB823980_RTM$

OK... tho I guess the uninstaller has to tie these together. At this
point one is tempted to wave the %variable% notion about ;-)

Therefore, reading the folders programatically and mapping them to it's registry key
(or Vice-Versa) might prove erroneous sometimes.

Is a patch-specific uninstaller or uninstall script, then - else the
same uninstall logic would be expected to have the same problem?

Patch naming conventions are a biggie, especially where different
patch .EXE for different OSs have exactly the same file name. There's
value in 8.3 conformity, which restricts you to (now that patches are
monthly) something like AAyymmii.EXE where ii is an index number.

Ideally, any .EXE patch should start off with a self-documenting
dialog, stating what OS or product it's for, what the threshold and
not-needed versions are, and perhaps a "more info" button that pulls
up the /kb article. Resist the temptation to link that to a web site;
ASCII (even Unicode) is cheap, stick it inside

Beyond that, the challenge is to have a way of authenticating the
patch is genuine and unmodified. "Unmodified" is easy, but "genuine"
(i.e. not a malware look-alike) is less so.

With all of those ducks in place, patch re-distribution and
re-usability (important in DUN, offline/production/predelivery or
dare-not-connect situations) just got a whole lot better!

Yup. That's a great idea as well.

If I could add one "shell folder", it would be "Suspect". All
downloads, archive workspace, IM and email attachments etc. would go
there and you could point a tiered layer of on-demand av at it (.bat,
QuickLaunch and Start /W are your friends)

This is in fact what I've been doing since Win95 now, and NTFS
issues/opportunities potentially add value to the concept. For
example, locating this in FATxx space means it can be scanned from a
DOS-based AV without running ?infected Windows; even if you can't
catch the active malware that way, you could get pointers towards what
you may be dealing with and do some research for caveats.

As it is, MS's shell folder approach has no clue that incoming
material really should NOT be dumped into the data and backup space.
MS even recommends dumping arb .EXE (e.g. downloaded self-installing
archives) in the data set to stop SR fiddling with them <grr>

Potential result (as I've seen ITW):
- unexplained catastrophic file system corruption
- rebuild software, restore data backup
- malware restored along with the data
- repeat and fade

-------------------- ----- ---- --- -- - - - -

Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.

 

[Vodum]

>> Perhaps a useful PowerToy would automate moving the info to a different
>> destination, and updating the registry pointers accordingly?

Although not an official Microsoft PowerToy, the Update Cleanup software utility will take care of deleting these unnecessary $NtUninstallKB hotfix backup folders. You can get a copy of Update Cleanup at PCShareware.com ( http://www.pcshareware.com/update.htm )

Vodum Ipsis

-------------------------------

If you want to recapture your youth, just cut off his allowance. -- Al Bernstein