Windows 10 & 11 create tons of empty folders in System32

Wisewiz said:

Rick,

I use a bunch of those apps: Paint, People, Snip & Snatch, Calc, Notepad, Terminal, and the Store itself; not often (except for S & S), but occasionally. I don't see the connection between preventing the creation of empty folders and the use of Store apps. Can you clear that up for me? Do you expect that if I disable that task, I'll create a problem for myself? If so, how so?

Dan

TL;DR answer: Sorry but I just don't know for absolute sure. However, of the 204 logged events I captured, the OpCode results (in order of occurrence) are as follows:

• Info (14) x 134
• No OpCode data x 56
• Change State (17) x 2
• Dispatch Event (16) x 2
• Warning (13) x 8 (2 x Windows Update; 6 x Windows Store because a Microsoft Account could not be identified)
• Start (1) x 1 (Tried to start Windows Update service)
• Error (12) x 1 (because Windows Update was disabled)

There was not a single failure that I can attribute to having the Logon task disabled.

---

Background info:

I don't use any UWP (Store) apps and remove all the built-in bloatware (except for the Windows Store). All I know for certain are the events I captured the last time that the Logon task fired. These show the task began at 16/08/2021 10:34:01.188 and ended at 16/08/2021 10:35:32.488. During those ~1.5 minutes FullEventLogView identified 204 contiguous log entries.


Of those 204 entries, the source log Channels were as follows:

• Microsoft-Windows-Store/Operational x 150
• Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin x 19
• Microsoft-Windows-Time-Service/Operational x 10
• Application x 7
• System x 7
• Microsoft-Client-Licensing-Platform/Admin x 4
• Microsoft-Windows-TaskScheduler/Maintenance x 2
• Microsoft-Windows-SettingSync/Debug x 4
• Microsoft-Windows-StateRepository/Operational x 1

Checking the user context of these 204 events shows:

• User x 136
• NT AUTHORITY\LOCAL SERVICE x 34
• NT AUTHORITY\SYSTEM x 27
• No data x 7

This is what I've based my guess on that the Logon event involves the Windows Store and its Store-supplied apps. I've been unable to find any Microsoft documentation about Windows 10 Task Scheduler Event IDs so it's not clear when the event ended (nor whether it succeeded or failed). (Windows 10 doesn't use the same Task Scheduler Event IDs as Windows 7.)

It's also clear that you cannot just look at the Channel field but need to consider the Provider and Description fields as well. (If anyone wants to look at the captured events I can attach a CSV file.)

Going through the 204 entries line-by-line it appears that overall the Logon task does the following (in order of execution):

• Checks Network Cost Policy to determine whether the internet connection is metered.
• Checks whether an update scan is needed (this failed with a warning on mine because I have Windows Update disabled (and WaasMedic service is not installed).
• Checks the cached database of UWP apps and downloads an updated database as required.
• Checks each installed UWP app for updates and licenses (including Minecraft... which the Windows 10 Decrapifier script I use should have removed).
• Tries to capture the identity of the logged-on user.
• Checks the registry to determine the logged-on user's Microsoft Account used for the Windows Store. (This results in a Warning as I don't use a Microsoft Account.)
• Transmits the computed hardware GUID for checking activation.
• Compares local time with time.windows.com and corrects local time if necessary.
• Updates local store of 'banned' licenses (Function: OneStoreApplicationLicenseManager::RefreshBannedLicenses).
• Updates local lease using hardware GUID (I assume this means revalidates digital license).
• Updates the task's 'Last run' timestamp.
• Updates multiple 'Power.EnergyEstimationEngine' packages.

I use a customised Windows 10 Decrapifier script during OOBE (always clean installs, never upgrades) and then an AutoHotkey (AHK) script to configure new builds. At first I added a line of code to the AHK script to disable ProvTool's Logon task then, later, removed the line and - instead - added a similar PowerShell command to my customised Windows 10 Decrapifier script instead (after testing to ensure there were no adverse effects for me).

On family and friends' devices I use the following command in an elevated PowerShell console:

Code:

Get-ScheduledTask -TaskPath "\Microsoft\Windows\Management\Provisioning\" | Disable-ScheduledTask

This disables both ProvTool tasks - Logon and Cellular, as the screenshot shows:


(Note: If your device doesn't have an active LTE modem then this will have no effect at all, adverse or otherwise.)

To revert, just enter the following instead:

Code:

Get-ScheduledTask -TaskPath "\Microsoft\Windows\Management\Provisioning" | Enable-ScheduledTask

(The reason I also disable Cellular is that I have a Lenovo Thinkpad laptop with a built-in LTE modem. Whilst I only put a SIM in whilst away on holiday, I didn't want to wreck my mobile data plan by a potentially 'always on' cellular connection generating unintended additional data traffic outside of my control.)

Note: At first I thought that disabling Logon (and Cellular) may also affect the download of Spotlight images (a 'feature' that I always turn off). Not one of the 204 captured log events showed any mention/evidence of Spotlight images, nor even any registry check whether Spotlight was enabled).

Hope this helps...

Hi !

I deleted all of these folders and haven't had any issue at all, and I didn't disable the task “Logon”, and after almost three days, no sign of these empty folders

The only thing I did, was deleting all of them !???

Wisewiz said:

The task is set to only run at logon. Have you shut down and restarted the computer?

I just found this thread. Every day I start the PC from zero, and logon is automatic. I just removed 9006 empty folders. I do not see a notable effect on startup time.

Wisewiz said:

The task is set to only run at logon. Have you shut down and restarted the computer?

I have done many reboots, and they're not back, and the task is still activated on both of my laptops.

Pejole2165 said:

On an SSD this is actually a larger issue than people seem to realise as each folder, even though empty, is occupying cells that cannot then be re purposed, and as each folder occupies the minimum file allocation size regardless of the folders reported size this reduces available free space on the SSD. Even though SSD storage is coming down in price most people probably run smaller SSD drives than if they would have bought a spinner.

So do these empty folders decrease SSD lifespan the same as actual files written onto the disk? If so, this is a very disturbing thing.

steve108 said:

I have seen various references like this: Is it safe to delete Empty Folders or Zero-byte files in Windows 11/10? that say empty folders occupy no space.

I deleted thousands of empty folders based on this thread and didn't notice any significant free disk space increase.

I just created a test folder and put two empty folders inside it. Windows 10 File Explorer properties reports that the test folder has two empty folders inside it, but takes up 0 bytes on disk.

Okay, so the folder name and attributes have to be stored somewhere on the drive and take up some disk space, so the question is where and how much space

I think the answer is : Master File Table - an overview | ScienceDirect Topics
"The file and directory metadata is stored as an MFT entry that is 1024 bytes in size."

So that would be each empty folder takes up 1024 bytes in the MFT - if I follow this correctly.

Yeah, that's not a lot compared to how much a browser writes to a disk, and don't most of us install them on SSDs anyway.

But it is something, and in principle Windows should clean up after itself. Not that the cleanup matters anymore when the damage has already been done.