C:\_SMSTaskSequence folder is left behind with permissions of everyone Full control over this folder only 50% of the times
When you run a task sequence on a machine, a "C:\_SMSTaskSequence" folder is created and ideally removed after the successfuly execution of the TS.
This is correctly locked down to Builtin\Administrators - Full Control NT Service\TrustedInstaller - Full control
But we have seen instances where about 50% of the time, even when the TS completes successfully, this folder is left behind and not cleaned up, with the error as below:
Execution engine result code: Success (0) Cleaning Up.
Cleaning up task sequence folder
Unable to delete file C:\_SMSTaskSequence\TSEnv.dat (0x80070005). Continuing.
Failed to delete directory 'C:\_SMSTaskSequence'
SetObjectOwner() failed. 0x80070005.
RemoveFile() failed for C:\_SMSTaskSequence\TSEnv.dat. 0x80070005.
RemoveDirectoryW failed (0x80070091) for C:\_SMSTaskSequence Deleting volume ID file C:\_SMSTSVolumeID...
Successfully unregistered Task Sequencing Environment COM Interface.
Executing command line: "C:\WINDOWS\CCM\TsProgressUI.exe" /Unregister
If we see this situation 50% of the times, this folder is left behind and with Full Control for Everyone causing a Security Concern.
Note: We have Sophos Endpoint Client Installed and have the exclusions in place and this doesn't occur if Sophos is not on the machine as per testing
There’s changes in the SCCM 1610 release – see https://docs.microsoft.com/en-us/sccm/core/plan-design/changes/whats-new-in-version-1610
While not listed in the documentation there we made changes to how we remove the _SMSTaskSequence folder on completion.
I’m marking this as completed as it’s now available. If there’s something I’ve missed please reuse the vote and I’ll address.
Hi Bob, we are running on SCCM 1806 and we still see this issue existing on our clients. do you have any further ideas we can look at?