MachineKeys folder fills up quickly
Published Aug 24 2020 06:38 AM 25.8K Views

MachineKeys folder stores certificate keys that are used by IIS. This folder may fill up with thousands of files in a short time due to a permission or application code related issue.


The permanent solution would be correcting permissions or fixing the code so that the keys in this folder are automatically removed. However, if the permanent fix is taking long time, you may need a practical way of removing old files in the meantime.


Open Command Prompt as Administrator and run the following command to remove files older than 90 days in the MachineKeys folder



ForFiles /p "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" /s /d -90 /c "cmd /c del @file /F /A:S"






Why is this folder filling up? There are four common reasons:


  • There is a permission issue that is preventing OS to remove files from that folder. Check this document for the permissions required
  • There is a code related issue. The application is not removing X.509 certificates after they are used
  • A security software is performing SSL check and preventing these files to be removed
  • Enterprise CA might be failing to respond the request
Version history
Last update:
‎Aug 25 2020 07:33 AM
Updated by: