Deleted the inetpub folder on Windows 10/11: Here's what you need to do

After Windows 2025 April Patch Tuesday update for Windows 11, and 10, some of the users noticed a new C:\inetpub folder, an empty folder in their devices with Internet Information Systems not enabled, which made them suspicious and many of you might have deleted it.

What is inetpub folder?

Microsoft has confirmed that the folder is not malicious and is a part of a security fix for CVE-2025-21204, a privilege escalation vulnerability, and it must not be deleted, irrespective of the fact whether IIS is active.

In its MSRC advisory, Microsoft cautioned:

For systems with KB5055528 installed but %systemroot%\inetpub directory deleted, immediate remediation is required. If the inetpub directory has been deleted, you need to run the remediation script Set-InetpubFolderAcl.ps1.

While Microsoft is calling a part of security patch, some of the security researchers found out that this could help the threat actors to block the future security updates. However, if we check the MSRC log, it is categrozied as moderate severity, meaning this should be a matter of concern.

What can I do to restore it?

Microsoft has released a powershell script to restore the folder if you have deleted it. The script will be doing the following:

1. This script sets the security permissions on the directory inetpub. The script is designed to be run as an administrator.
2. If inetpub directory does not exist, it gets created and default IIS permissions are applied to the directory.
3. If an empty inetpub directory exists, the default IIS permissions are applied to the directory.
4. If inetpub directory exists and only contains the sub-directory DeviceHealthAttestation, default IIS permissions are applied to both directories.
5. If inetpub directory exists and contains any other sub-directories, the script exits without making any changes.

Remember that you need admin privileges to run the script and for more instructions, you can check out the powershell script here.