Catroot and catroot2 are Windows operating system folders that are required for the Windows Update process. When you run Windows Update, the catroot2 folder stores the signatures of the Windows Update package and helps in its installation.
The Cryptographic service makes use of the %windir%\System32\catroot2\edb.log file for the updating process. The updates are stored in the SoftwareDistribution folder which are then used by Automatic Updates to carry out the updating process.
Resetting or deleting the contents pf the catroot2 folder has been known to fix several Windows Update problems.
If you receive a Access Denied or Open in another program message when you go on to delete the catroot2 folder, it ii possible because the Cryptographic service is making use of the log file.
Reset catroot2 folder in Windows 11/10
To reset the catroot2 folder do this:
Open an elevated Command Prompt, type the following command one after the other and hit Enter:
net stop cryptsvc
xcopy %systemroot%\system32\catroot2 %systemroot%\system32\catroot2.old /s
Next, delete all the contents of the catroot2 folder.
Having done this, in the CMD windows, type the following and hit Enter:
net start cryptsvc
Your catroot folder will be reset, once you start Windows Update again.
TIP: Our portable freeware FixWin allows you to reset this and most other Windows settings or functions with a single click.
NOTE: Please do not delete or rename the Catroot folder. The Catroot2 folder is automatically recreated by Windows, but the Catroot folder is not recreated if the Catroot folder is renamed.
If you find that the catroot or catroot2 folder is missing or does not recreate if you accidentally deleted it, you can create a new folder with this name in the System32 folder, restart your computer and then run Windows Update.
Why can’t I rename Catroot2 folder?
Catroot2 folder is required by Windows for the Update process. If issues occur while installing Windows Updates, renaming this folder can fix the problem. You cannot rename this folder until the Windows Update, Cryptographic, and Background Intelligent Transfer services are running. Hence, if you want to rename Catroot2 folder, stop these three services first. After renaming the folder, you can start these services again.
Is it safe to delete Catroot2 folder?
Catroot2 folder is required by Windows for installing updates. Deleting the contents of the Catroot2 folder helps fix Windows Update issues. If you delete it, Windows will create it automatically. However, we never recommend you delete the Catroot2 folder. Instead of deleting it, you can delete its contents.
Want to learn more about the following folders?
$SysReset folder | $Windows.~BT & $Windows.~WS folders | $WinREAgent folder | WinSxS folder | REMPL folder | ProgramData folder | System32 and SysWOW64 folders | Panther folder.
Andy Wurst says
In keeping with the premise of providing commands to accomplish a catroot2 reset, I am suggesting that the following commands could replace the generic instruction of “Next, delete all the contents of the catroot2 folder” NOTE: If these instructions are included in a batch file, then %i should be replace with %%i
FOR /D %i IN (%systemroot%system32catroot2*) DO RD /S /Q “%i”
DEL /Q %systemroot%system32catroot2*.*
Finally, for the poor souls who followed Microsoft’s instructions under KB971058 (like me) by renaming the catroot2 folder – simply re-creating the catroot2 folder won’t help you. You must also restore the necessary privileges for the CryptSvc to access it. The commands to create the folder and assign permissions are:
icacls.exe c:windowssystem32catroot2 /grant “NT SERVICECryptSvc:(OI)(CI)(F)”
Diederik Werken says
couldn’t you just rename catroot2.bak back to catroot2? That worked for me luckily.
Mark Windsor says
I found a weird work around. If I attempt to rename the catroot2 folder to catroot2.old in c:windowssystem32 and get to the “folder in use try again” dialog box then run the net stop cryptSvc. Next, immediately “retry” the rename, it worked! It seems even though you stop cryptSvc, it starts back quickly but if you actuate the moment of rename instantly after stopping the cryptSvc service, it renames the folder. This gymnastic is a lot easier than a safe mode boot.