Strange Hidden Temp Directory

  • Thread starter Thread starter Bob Dietz
  • Start date Start date
B

Bob Dietz

That is the temp folder in the system account.

http://support.microsoft.com/kb/120929
*********************************************************************
* The system account and the administrator account (Administrators *
* group) have the same file privileges, but they have different *
* functions. The system account is used by the operating system *
* and by services that run under Windows. There are many services *
* and processes within Windows that need the capability to log on *
* internally (for example during a Windows installation). *
* The system account was designed for that purpose; it is an *
* internal account, does not show up in User Manager, cannot be *
* added to any groups, and cannot have user rights assigned to it. *
* On the other hand, the system account does show up on an NTFS *
* volume in File Manager in the Permissions portion of the *
* Security menu. By default, the system account is granted full *
* control to all files on an NTFS volume. Here the system account *
* has the same functional privileges as the administrator account. *
*********************************************************************
 
During a virus scan I discovered 1357 file, 78 folders in

C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temp

231 MB (242,298,880 bytes)

Some of these files relate to programs not even on the computer anymore. I
think they should be deleted by since there are in a hidden system directory
I am cautious. Any help?
 
You can delete anything in the Temp folder in...
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temp
and
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet
Files\Content.IE5

If in doubt, reboot, then empty out the Temp folder.

%systemroot%\System32\Config\SystemProfile. This profile is always loaded,
and is a link to HKEY_USERS\.DEFAULT.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
Wes,

What about

C:\WINDOWS\system32\config\systemprofile\Favorites and

C:\WINDOWS\system32\config\systemprofile\Start Menu

Could they be emptied too ?

Thanks,
Interested Reader
 
Interested Reader,

I would not empty...
C:\WINDOWS\system32\config\systemprofile\Start Menu
unless it looks like it has something fishy in there.

In the past I've had to copy stuff from there for MY Start Menu.

You can also empty the Favorites folder here...
C:\WINDOWS\system32\config\systemprofile\Favorites

I can't see the System adding items to the Favorites folder. I can see the
System using the Temp folder.

Trojans, viruses or scumware is probably why one would have items in
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temp
or
C:\WINDOWS\system32\config\systemprofile\Favorites

%systemroot%\system32\config\systemprofile is SID S-1-5-18.

SID is Security identifier. Security identifiers (SIDs) are numeric values
that identify a user or group.

S-1-5-18 is An identity that is used locally by the operating system and by
services configured to log on as LocalSystem. A service account that is
used by the operating system.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
Thanks.

Interested Reader,

I would not empty...
C:\WINDOWS\system32\config\systemprofile\Start Menu
unless it looks like it has something fishy in there.

In the past I've had to copy stuff from there for MY Start Menu.

You can also empty the Favorites folder here...
C:\WINDOWS\system32\config\systemprofile\Favorites

I can't see the System adding items to the Favorites folder. I can
see the System using the Temp folder.

Trojans, viruses or scumware is probably why one would have items in
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temp
or
C:\WINDOWS\system32\config\systemprofile\Favorites

%systemroot%\system32\config\systemprofile is SID S-1-5-18.

SID is Security identifier. Security identifiers (SIDs) are numeric
values that identify a user or group.

S-1-5-18 is An identity that is used locally by the operating system
and by services configured to log on as LocalSystem. A service
account that is used by the operating system.


In
Click to expand...
 
Wes,

Sorry, I should have been more forthcoming.

I'm running an HP machine with OEM Windows XP Home.

There's nothing fishy in systemprofile's Favorites or Start Menu, it's just
that originally they looked very much the same as Default User.

I concluded that either systemprofile was created from Default User, like
any other new User, or that systemprofile was where things might have been
stored during XP setup before Default User was created.

I've already cleaned out some stuff I didn't want from Default User, and
thought I'd clean the same stuff out of systemprofile.

Given what you said about SID S-1-5-18, and that nobody can console logon to
it, I can't see any reason to have anything in systemprofile's Favorites or
Start menu.

But then, XP isn't always based on reason.

Kangaroo (Interested Reader).
 
When I was running XP Home I deleted C:\Documents and Settings. Yes, it's
possible to do that. ;-) The whole enchillada. I recreated a bunch of
things from C:\WINDOWS\system32\config\systemprofile.

I finally bit the bullet and reinstalled. But I was curious if I could
resurrect a bunch of stuff and I did.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
Wes, thanks again, I'll give systemprofile a bit of a cleanout and see what
happens.

Kangaroo
 
Kangaroo,

Keep having fun! :-)

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
Back
Top