Carpeta Inetpub Windows: Cómo Restaurarla Correctamente

inetpub folder Windows and its security function

An empty folder in the Windows root directory often raises suspicions. Even more so if it appears after an update and has a name that many users associate with web servers. That happened with inetpubSome saw it on the system drive, found no files inside, and deleted it thinking it was unnecessary leftover data.

In this case, appearances are deceiving. The folder may be empty and still be part of a security mitigation. It's not there for the user to access. It's there because Windows expects it to exist with specific permissions.

You shouldn't have deleted this folder from Windows, here's how to recover it.

What you should decide before touching it

Microsoft intentionally creates the folder inetpub on the Windows installation drive.
You should not delete the folder inetpub to protect the security of your equipment.
And at You deleted it by mistake, you can restore it with an official PowerShell script.

The frustrating part is that Windows doesn't explain it when it appears. It's simply there, visible, with a technical name and no context for the user. This lack of explanation is what turns a legitimate mitigation tool into a folder that many end up treating as system junk.

Why did inetpub appear even though IIS was never activated?

La palabra inetpub This isn't new to Windows. It's linked to Internet Information Services, or IIS, the component that allows you to host websites and applications from the system. If IIS is active, the folder may contain subfolders such as history, logs and temp.

But here's the nuance: after the KB5055523 updates for Windows 11 and KB5055518 for Windows 10, inetpub It also started appearing on computers where IIS was not enabled. That's why it seemed like a bug.

Carpeta inetpub visible en la unidad C del sistema Windows.

The difference between an "IIS folder" and a "folder created by a security update" is important. In the first case, it's part of a web service. In the second, it acts as part of a security fix related to permissions, paths, and internal Windows operations. They appear the same to the user; for the system, they serve different purposes.

Microsoft clarified the case in the documento oficial de soporte KB5055523When installing the update, Windows creates a folder %systemdrive%\inetpubeven if IIS is not enabled.

The reason is related to CVE-2025-21204. This vulnerability affected the Windows process elevation service and could exploit symbolic links to manipulate file management operations within the Windows Servicing Stack. Simply put, it was a trust issue regarding the paths and permissions Windows uses when working with sensitive files.

Therefore, the key issue isn't whether the folder appears empty. The key issue is who created it, where it's located, and what permissions it has.

The trap of creating a new inetpub manually

If you've already deleted the folder, creating another one with the same name seems like a reasonable solution. It's not entirely so.

Una carpeta llamada inetpub A folder created by the user doesn't necessarily have the same permissions as the folder generated by the update. And in this case, permissions aren't a minor detail: they're part of the reason the folder exists.

Puedes comprobarlo desde el Explorador si añades la columna "Owner"The folder created by Microsoft appears with an owner SystemA manually created folder is usually associated with the user who created it.

Columna Propietario en el Explorador de Archivos mostrando que Sistema es propietario.

If the folder is still in the Recycle Bin, restoring it from there might be enough. Otherwise, there are two common approaches: enabling IIS or using the official script. Enabling IIS can recreate the structure, but it also adds components and subfolders specific to a web server. For someone who doesn't use IIS, this is more noise than necessary.

Casilla de Servicios de Información de Internet activada en características de Windows.

The cleanest option is the official Microsoft scriptbecause it restores the folder with the appropriate permissions without forcing you to fully activate IIS.

Open PowerShell as administrator and run:

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

Pantalla de PowerShell con el código para el bypass de ejecución.

Then install the script:

Install-Script -Name Set-InetpubFolderAcl -Force

Si PowerShell pide instalar el proveedor NuGet, responde con AND and press Enter. Then repeat the installation command.

Mensaje de requerimiento del proveedor NuGet en PowerShell.

Ejemplo de comando para crear la carpeta inetpub con permisos especiales en PowerShell.

If you see “Command Not Found” or the script is not called correctly from the console, run it with the full path:

& "C:\Program Files\WindowsPowerShell\Scripts\Set-InetpubFolderAcl.ps1"

When finished, check the drive where Windows is installed. The folder inetpub It should be there again, no longer as an improvised folder, but with the configuration that mitigation expects.

Monitor mostrando el escritorio de Windows 11.

No hay mucho más que hacer con inetpubIt doesn't take up significant space, requires no maintenance, and doesn't mean you have a web server running in the background. Its function, in this context, is more subtle: to be present wherever Windows needs it.

The lesson is less obvious than the problem: at the root of the system, an empty folder isn't always just a remnant. Sometimes it's a security measure that goes unnoticed until it's gone.