Temp folder writing permission by itself

[JohnnyR2D2]

Hello,

I have just recently clean - re-installed my system - it's Windows 8 Pro x64. I have one dedicated SSD hard drive to be used by the OS and most of the applications which means Disk C is the system drive where I keep all installed programs and it's about 250 gigs in size. All the other HDs are used to keep all my documents, games, backups and other stuff. Now, from time to time when I try to run WinZip or an installer of some sort I get different kinds of error message which always come to this: the app has no access to temp folder. I went to the Temp folder located at C:\Users\<Username>\AppData\Local\Temp and noticed that the Security Tab of that folder only contains the following users:

Everyone with low permissions (read and write)
Administrators with Full control.

I've checked in two other different computers in my home with the same OS installed and those computers has three users instead of two listed in the security Tab (SYSTEM, Administrators and the machine user with full access to that folder).

I then changed the security permissions of that folder to match the other computers meaning that I removed the Everyone and added the SYSTEM and the machine user (myself).

Now the funny part - everything works perfectly after that change but couple hours again all of the sudden the issue returns and guess what? it changes the permission by itself back to what were before (Everyone and Administrators).

I ran the Kaspersky which is my AV and other malware programs such as Spybot and Malwarebytes and they couldn't find anything in my computer.

I'm at a loss here. I consider myself to be fairly experienced computer user, but that kind of behavior is beyond my comprehension. Does anyone have any clue what I might be doing wrong? Maybe some policy in the registry or GPedit?

As a tip - nothing new was installed in my computer that was not installed in my previous version which was Windows 7 Ultimate x64.

Here is a quick log for the paths I have in my system

Microsoft Windows [Version 6.2.9200]
(c) 2012 Microsoft Corporation. All rights reserved.

C:\Users\Gabriel>set
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Gabriel\AppData\Roaming
CLASSPATH=.;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=R2-D2
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Gabriel
LOCALAPPDATA=C:\Users\Gabriel\AppData\Local
LOGONSERVER=\\R2-D2
NUMBER_OF_PROCESSORS=8
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32
\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-St
atic;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Media Too
ls\MKVToolNix;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Fil
es (x86)\Intel\OpenCL SDK\2.0\bin\x64
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=2a07
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
SAN_DIR=C:\Program Files\Hardware and Drive Tools\SiSoftware Sandra Business 201
3
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Gabriel\AppData\Local\Temp
TMP=C:\Users\Gabriel\AppData\Local\Temp
USERDOMAIN=R2-D2
USERDOMAIN_ROAMINGPROFILE=R2-D2
USERNAME=Gabriel
USERPROFILE=C:\Users\Gabriel
windir=C:\Windows

C:\Users\Gabriel>


Thanks in Advance,

J

 

[Soda-88]

Try booting with full admin rights and redoing the procedure you've already done (adding your user account in permissions).

1) Control Panel > User accounts > Change UAC settings - drop the slider to the bottom
2) Type 'Local Security Policy' in start screen/menu search and press enter
3) Go to Local Policies > Security Options, scroll to the bottom and set 'User Account Control: Run all administrators in Admin Approval Mode' to Disabled
4) Restart PC when prompted
5) Re-add your user account to Temp permissions and re-enable the option from step 3, else you won't be able to use Modern apps

 

[JohnnyR2D2]

Thanks Soda,

Just before read your message I had done the procedure to add my my user account permissions AGAIN so i will rather wait for the issue to happen again which will happen between today and tomorrow and then I will do your suggestion. That way I can be sure that your suggestion worked.

 

[Loophole4]

One thought might be if the temp directory was deleted it might cause the permission issue when and how the folder is created. You could look at the creation date and time.

 

[JohnnyR2D2]

Was not deleted at anytime. Checked already and the creation dates from when I installed the OS. Wish I can see when the permissions were modified.

When the issue happened this morning the only thing I did different was to unchecked the special permission under the Everyone user. When I did that the user Everyone just disappeared so I added my user and SYSTEM again and so far the issue didn't happened again.

 

[aaab]

Have a look at the local security policy.

 

[JohnnyR2D2]

Hello everyone

It's really weird but the issue didn't happen again so far. As I mentioned before what I was doing during the last 20 days which is the time I'm having this problem I was removing the Everyone user and adding SYSTEM and my User account into the security Tab of the folder properties.

What I did different yesterday just before create this topic was to instead of removing the Everyone user I unchecked the special permission which automatically deleted the Everyone user and then I added the SYSTEM and my user account as I usually was doing.

The issue could be related to the "special permissions" been checked? What program did that? That question remains unanswered....

Regardless I'm still monitoring every hour to see if the issue returns and will let everyone knows before close the topic.

Thanks so far to all of you

 

[JohnnyR2D2]

Just happened again so I did what Soda-88 suggested.







Let's see what it goes and if this will fix this problem once and for all

 

[JohnnyR2D2]

Well...

Soda-88 suggestion last three days and the problem returned. Really annoying :-(

 

[eliot22]

I have the same problem. But I noticed that the permissions go back automatically on the first boot up of every day. So if I change permissions and reboot, everything is fine. But when I turn the computer on the next morning, the permissions revert back to the exact way it is on your computer. I discovered that if I disabled my Norton antivirus before turning off the computer at night, the permissions do not self-revert the next morning. So I think what is happening is that the antivirus might be reducing the permissions of the temp folder because viruses tend to run from that location. Since you said you have computers that don't have this problem, do they have the same antivirus program?

 

[JohnnyR2D2]

yes, they do have the same anti-virus. One thing I just realized is that the issue seems to appear after I use WinZip or WinRAR. Anyways, what I did today was to give both programs administrator rights. I navigate into their instillation folders and right click on the executable. From there, compatibility tab and I've checked run as administrator.

Let's see if the issue returns.

 

[Petithomme]

Hi,
Any news on this issue? I'm suspecting a virus, rather than an anti-virus problem. I hope I'm wrong.
Google "google drive python dll" to see another thread about the same issue.

 

[JohnnyR2D2]

No news :-(

Actually my last attempt which was give WinZip administrator rights didn't work. The issue came back last night.

What you mean by virus? I've google it for python.dll and couldn't find anything relevant related to this issue. Also I don't use Google drive.

Just to be sure I ran KIS in my entire computer and it couldn't find anything :-( however the behavior seems to be a virus.

 

[johnbl]

make a batch file that writes a few bytes to a file in the temp directory one time a minute then loops until it fails to write then have it pop up a error when it fails. Maybe you can find what is triggering the change right when it happens

- maybe look to see if you have a task in the scheduler that is making the change

 

[JohnnyR2D2]

Will try the batch option cause there is nothing unusual in the Task Scheduler or Startup

 

[johnbl]

I would just echo the time to a file in the batch file, then use waitfor command to wait
then loop until I get a error making a file, then maybe change the screen colors so I notice the failure.

time /T >foo.txt (path to your temp file)
waitfor noevent /t 30

 

[helpfulUSR]

Same error here. Very annoying and it keeps reverting by itself. One thing I notice is you may not add/set the accounts for temp folder directly. Instead it inherits from the user/<username> permissions level. Not sure if it's relevant, since the problem still returns itself after I set the inheritance. Haven't tried disabling UAC before setting it though.

 

[eliot22]

Hi,
Any news on this issue? I'm suspecting a virus, rather than an anti-virus problem. I hope I'm wrong.
Google "google drive python dll" to see another thread about the same issue.

The python dll issue has to do with Google Drive. This permissions issue prevents Google Drive from starting because that python file needs to be created in the Temp folder but can't. I have since switched to Microsoft SkyDrive because it doesn't use the Temp folder at all. But I would still like to get to the bottom of this.

 

[JohnnyR2D2]

I have UAC completely disabled as well SmartScreen. It reverts by itself every two days or so or something is triggering the change and I couldn't figure what it is :-(

 

[johnbl]

you can dump the ACL of the files in %temp% to a file when everything is working, then dump it to another file when you get the failures. Then do a diff between the two files and see what actual ACL has changed.

something like
cd %temp%
icals.exe *.* > goodlist.txt
then do it again to a different output file when you hit the problem. and Diff the files

 

[eliot22]

I am the smartest man alive!! I kid of course, but I did find the culprit. Adobe Acrobat. Every time I open a PDF, the security settings on my temp folder are changed a few seconds later. I reset the folder permissions and tried again 4 times. It happened every time. I am using Adobe Acrobat Pro XI. So I'm gonna mess with the settings to see if I can figure out if I can stop it.

 

[JohnnyR2D2]

LOL....

Great finding because I'm also using Acrobat Pro XI. I will try to find something in the settings too.

 

[JohnnyR2D2]

Just tested and it's indeed Adobe Acrobat XI. I not even opened a PDF, just opened Acrobat itself. Unfortunately looking into the Acrobat preferences (settings) I couldn't find anything that explains this behavior.

 

[JohnnyR2D2]

Just found a thread about this here:

http://answers.microsoft.com/en-us/windows/forum/windows_8-security/cant-install-any-applications/7fc00c13-c91e-4288-99f3-133f957930c2 and here http://forums.adobe.com/message/5033519

No solution yet

 

[helpfulUSR]

I confirm that the problem is reproduced too. Windows 7 x64, Adobe Acrobat 11.0.1. The PDF needs to stay open for a while for this to happen - wouldn't work if just open and immediately close it.