How Windows Terminal Server Uses Temporary Folders

Administrators may notice that temporary session files may have permissions set for users who are not currently logged on to the computer. This behavior is by design, and does not pose a security risk to these folders or to the computer.

This article applies to computers that are using the default configuration and not Flattemp.exe to configure temporary folders.

The following algorithm is used to assign and reuse temporary folders with Terminal Servers and with computers that are running Terminal Services:

• When a user logs on to the Terminal Server or a Terminal Services session, a temporary folder is created for the user in the C:\Temp folder. This temporary folder uses the user's session ID.
• Only the System account, members of the Administrators group, and members of the User group have change permissions for this folder.
• If the user closes the session and a program still has file handles open, the files are retained in the temporary folder. This behavior is by design, and it allows for recovery. This behavior also occurs in programs such as Microsoft Word, which has the Auto Recovery feature.
• If there are no file handles still open, the folder still exists with no files in it.
• When a user logs back on, the computer will see if the user had a temporary folder assigned to them that had files in it. If a folder exists, the user retains that folder.
• If a user logs back on to the computer and there are no folders that contain files that are assigned to that user, Windows assigns an available empty temporary folder to that user. When this occurs, the permissions on this folder are changed to the current user.

For additional information about how to configure temporary folders for Terminal Services or Terminal Servers, click the article numbers below to view the articles in the Microsoft Knowledge Base: