This article is contributed. See the original author and article here.

MachineKeys folder stores certificate keys that are used by IIS. This folder my fill up with thousands of files in a short time due to a permission or application code related issue.


The permanent solution would be correcting permissions or fixing the code so that the keys in this folder are automatically removed. However, if the permanent fix is taking long time, you may need a practical way of removing old files in the meantime.


Open Command Prompt as Administrator and run the following command to remove files older than 90 days in the MachineKeys folder


ForFiles /p "C:ProgramDataMicrosoftCryptoRSAMachineKeys" /s /d -90 /c "cmd /c del @file /F /A:S"





Why is this folder filling up? There are four common reasons:


  • There is a permission issue that is preventing OS to remove files from that folder. Check this document for the permissions required
  • There is a code related issue. The application is not removing X.509 certificates after they are used
  • A security software is performing SSL check and preventing these files to be removed
  • Enterprise CA might be failing to respond the request

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

%d bloggers like this: