How to Allow or Deny Apps Access to File System in Windows 10/11

This tutorial includes step-by-step instructions for how to allow or deny app file system access in Windows 10 and Windows 11 using the Settings app and Registry Editor. It includes guides for using the Windows Settings app as well as the Windows Registry Editor to control file system permissions for Universal Windows Platform (UWP) apps, including those installed from the Microsoft Store.

How to check which apps have file system access Windows 10 and Windows 11

To view the current File system access settings, and apps that have been granted or denied access, follow these steps:

On Windows 11:

• Right-click on the Start button and click Settings
• Click on Privacy & security in the sidebar
• Scroll past the Windows permissions to the App permissions section
• Locate and click on File system

On Windows 10:

• Right-click on the Start button and select Settings
• Click Privacy
• In the navigation sidebar, scroll to the App permissions section and click on File system

Here, on both Windows 10 and Windows 11, you will see the option to allow file system access for your entire device (allowing any user to manage file system access for apps themselves), and the option to allow file system access for apps for your current user account. Below this is a list of any apps that have requested file system access, and a toggle that will be enabled if access was allowed.

How to allow or deny apps access to the file system for all users on your Windows PC

Using the Windows Settings app

To globally deny apps access to the file system and prevent users from granting this permission for your entire device, follow these steps while logged in as an administrator:

On Windows 11:

• Follow the steps for how to check app permissions shown above to reach the App permissions screen in the Windows Settings app
• Change the File system access setting at the top of the window to Off

Windows 10:

• Follow the instructions showing how to check app permissions displayed above to reach the App permissions screen in the Windows Settings app
• Under Allow access to the file system on this device press the Change button
• Toggle the option to Off

Using the Windows Registry Editor

The steps for using the Registry Editor are the same for both Windows 10 and Windows 11:

• Open the Windows Registry Editor while logged in as an administrator
• Navigate to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess
• Double-click on the Value item and change its value to Allow or Deny app access to the file system globally

How to allow or deny apps access to the file system for the current user

Using the Windows Settings app

To deny all apps running as the current user from accessing the file system, or re-enable access so that permissions can be granted to apps individually, follow these steps on both Windows 10 and Windows 11 devices:

• Ensure that app access is enabled for all users by following the steps detailed above
• Enable or disable the Let apps access your file system option in the App permissions section of the Windows Settings app

Using the Windows Registry Editor

You can also do this from the Registry Editor:

• Open the Windows Registry Editor while logged in as an administrator
• Navigate to Computer\ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess
• Double-click on the Value item and change its value to Allow or Deny app access to the file system for the current user

How to manage file system access for individual apps

When both Allow access to the file system on this device and Let apps access your file system are enabled, you can specify which apps have broad file system access from the App permissions section of the Windows Settings app. This configuration is per-user.

Using the Windows Registry Editor

The configuration for the individual apps listed in the Settings app is stored in the Windows Registry in the key:

Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess

Each Microsoft Store (UWP) app that has requested file system access will have its own registry entry here. You can manually allow or deny access for these apps once they appear in this key.

Security risks of granting broad file system access in Windows 10 & 11

It’s critical to consider the security implications of granting an app access to the entire file system on your device. You should only allow apps with a good reputation that you trust, and that you have obtained from official sources.

Allowing a malicious app access to your files could result in a privacy breach if it accesses and transmits the contents of sensitive files, or the corruption or deletion of important files like financial documents or sentimental photos. Malware infections that result in data loss are one of the key reasons you should regularly back up your PC.

Apps that expect file system access but are not granted it may behave unexpectedly. However, you should not rush to grant access if you do not think it is justified or do not have full confidence in the reputation of either the developer or source of the application.

Managing app permissions and data security in enterprise

Managing access to data, including managing Windows file system access for apps, is a key responsibility of IT departments. It is increasingly vital that sensitive data is protected from both accidental disclosure, corruption, and tampering.

NinjaOne Endpoint Security gives you full control over what resources your users (and the apps they use) can access, and helps you identify and remediate potential security issues before they have a chance to become a full-blown data breach.