MachineKeys folder fills up quickly

This post has been republished via RSS; it originally appeared at: IIS Support Blog articles.

MachineKeys folder stores certificate keys that are used by IIS. This folder my fill up with thousands of files in a short time due to a permission or application code related issue.


The permanent solution would be correcting permissions or fixing the code so that the keys in this folder are automatically removed. However, if the permanent fix is taking long time, you may need a practical way of removing old files in the meantime.


Open Command Prompt as Administrator and run the following command to remove files older than 90 days in the MachineKeys folder


ForFiles /p "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" /s /d -90 /c "cmd /c del @file /F /A:S"





Why is this folder filling up? There are four common reasons:


  • There is a permission issue that is preventing OS to remove files from that folder. Check this document for the permissions required
  • There is a code related issue. The application is not removing X.509 certificates after they are used
  • A security software is performing SSL check and preventing these files to be removed
  • Enterprise CA might be failing to respond the request

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.