SYSTEM security group keeps getting removed from %tmp% folder

IT Guy
IT Guy used Ask the Experts™
on
A Windows 10 64-bit domain joined computer has an issue where the SYSTEM security group keeps getting removed from the %tmp% folder. This temp folder is located within the default location of C:\Users\username\AppData\Local\Temp.

This creates issues such as programs not being able to upgrade and the user not being able to print.

This computer currently has all latest Windows 10 updates installed and according to Malwarebytes it is completely clean and doesn't have any malware or harmful software installed. the SFC and DISM commands have also been run and the event viewer logs don't display any serious issues or warnings.

While this issue can be fixed by adding the SYSTEM security group back within the  Security tab (with the full control permissions) it is a hassle to keep doing this.

What can be done to prevent this issue from occurring?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
This sound slike the domain has a registry change each time you sign into the network.

Does this happen when you log in locally
IT GuyNetwork Engineer

Author

Commented:
Yes this has been happening intermittently for all logon accounts on this computer both local and domain accounts.

What can be done to prevent this from happening?
Senior Systems Admin
Top Expert 2010
Commented:
Make sure Inheritance is enabled on the folder above the temp folder (AppData or Local). More than likely Inheritance was disabled on the folder's security settings. Go into the Advanced security window and check it out there. If Inheritance isn't enabled, the manual permission settings could get reset as part of a system or application process on reboot.
Distinguished Expert 2017

Commented:
Why do you want/need system to have access to user tmp space?
Anti-virus tools run a component under user credentials and have access to all user's space.

Local/temp is an equivalent to the %userprofiel%\local settings in a roaming profike setup this gets discarded when the roaming profile is copied out to the server on logoff and recreated on logon.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial