Unable to delete the content of "C:\Users\Your_User_Account\AppData\Local\Temp\~BootWiz".

book

Article ID: 197951

calendar_today

Updated On:

Products

Deployment Solution Management Platform (Formerly known as Notification Server)

Issue/Introduction

The customer noticed that he couldn't delete the content of "C:\Users\Your_User_Account\AppData\Local\Temp\~BootWiz".
When he tried to delete one of the folders under "~BootWiz", he got messages about no having administrator rights to proceed with the deletion.
When he tried to look at the content of those folders, he got:

  • "You don't currently have permission to access this folder".



Even when he was logged in as the AppID account (in this case as an example we will call it "svc_symantec"). This "svc_symantec" user was part of the Administrators group on the SMP server.

When we looked at the "C:\Users\svc_symantec\AppData\Local\Temp" folder, we can see that "svc_symantec" user had Full Control. However, when we looked at the actual files under any of the folders for "~BootWiz", this account was not present and didn't have rights:



The customer ran ProcMon from Microsoft, we could see the following every time that we tried to delete the contents of any of these folders:

High Resolution Date & Time: 24/08/2020 14:17:10,4268593
Event Class: File System
Operation: CreateFile
Result: ACCESS DENIED
Path: C:\Users\svc_symantec\AppData\Local\Temp\~bootwiz\00004ba4\image\Windows\System32\streamci.dll
TID: 340
Duration: 0.0000525
Desired Access: Read Attributes, Delete, Read Control, Synchronize
Disposition: Open
Options: Synchronous IO Non-Alert, Open Reparse Point
Attributes: n/a
ShareMode: Read, Write, Delete
AllocationSize: n/a

 

High Resolution Date & Time: 24/08/2020 14:17:58,1084738
Event Class: File System
Operation: CreateFile
Result: ACCESS DENIED
Path: C:\Users\svc_symantec\AppData\Local\Temp\~bootwiz\00004ba4
TID: 10340
Duration: 0.0000444
Desired Access: Synchronize
Disposition: Open
Options: 
Attributes: n/a
ShareMode: Read, Write, Delete
AllocationSize: n/a

Cause

The problem appears when our processes try to delete temporary files/folder under User's temporary folder, the account used doesn't have enough rights to do it.  BootWiz uses the Temp directory to create/extract the necessary files needed for Deployment Solution, then we just delete the created temporary folder.

However, it looks that something does not allow to delete, keeping the BootWiz files under the User's temporary folder.

Environment

Deployment Solution 8.5 RU3
ITMS 8.5 RU3

Resolution

Based on what we were able to troubleshoot, this issue is not with our product but with how Windows is propagating the necessary rights for the "svc_symantec" account in order to delete any of the files under this "C:\Users\svc_symantec\AppData\Local\Temp\~bootwiz" directory.

Find out if there is another process (like anti-virus, real-time scanner, etc) that could be preventing for deleting the temporary files or if you need to grant more permissions to the Account that you are using to install/upgrade.

In order to verify what could be causing the "Access Denied" (it seems that something does not allow to delete files exactly when our code tries to do it), try the following:

  1. In order to see what really happens with files, capture file operations using Process Monitor tool (https://docs.microsoft.com/en-us/sysinternals/downloads/procmon).
  2. Configure tool to monitor only temp folder where problematic files are located. For example:



  3. Start it before reproducing the issue and stop capturing as soon as it is reproduced.

    See what is missing for example in regard to permissions for the account that you are using (you could add Full Control to the account used or try a different account to delete the files, like the local administrator account) or if something is blocking the access to the Temp folder. 

Attachments