This tutorial includes step-by-step instructions for how to allow or deny apps access to file system in Windows 10 and Windows 11. It includes guides for using the Windows Settings app as well as the Windows Registry Editor to control file system permissions for Universal Windows Platform (UWP) apps, including those installed from the Microsoft Store.
How to check which apps have file system access Windows 10 and Windows 11
To view the current File system access settings, and apps that have been granted or denied access, follow these steps:
On Windows 11:
- Right-click on the Start button and click Settings
- Click on Privacy & security in the sidebar
- Scroll past the Windows permissions to the App permissions section
- Locate and click on File system
On Windows 10:
- Right-click on the Start button and select Settings
- Click Privacy
- In the navigation sidebar, scroll to the App permissions section and click on File system
Here, on both Windows 10 and Windows 11, you will see the option to allow file system access for your entire device (allowing any user to manage file system access for apps themselves), and the option to allow file system access for apps for your current user account. Below this is a list of any apps that have requested file system access, and a toggle that will be enabled if access was allowed.
How to allow or deny apps access to the file system for all users on your Windows PC
Using the Windows Settings app
To globally deny apps access to the file system and prevent users from granting this permission for your entire device, follow these steps while logged in as an administrator:
On Windows 11:
- Follow the steps for how to check app permissions shown above to reach the App permissions screen in the Windows Settings app
- Change the File system access setting at the top of the window to Off
Windows 10:
- Follow the instructions showing how to check app permissions displayed above to reach the App permissions screen in the Windows Settings app
- Under Allow access to the file system on this device press the Change button
- Toggle the option to Off
Using the Windows Registry Editor
The steps for using the Registry Editor are the same for both Windows 10 and Windows 11:
- Open the Windows Registry Editor while logged in as an administrator
- Navigate to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess
- Double-click on the Value item and change its value to Allow or Deny app access to the file system globally
How to allow or deny apps access to the file system for the current user
Using the Windows Settings app
To deny all apps running as the current user from accessing the file system, or re-enable access so that permissions can be granted to apps individually, follow these steps on both Windows 10 and Windows 11 devices:
- Ensure that app access is enabled for all users by following the steps detailed above
- Enable or disable the Let apps access your file system option in the App permissions section of the Windows Settings app
Using the Windows Registry Editor
You can also do this from the Registry Editor:
- Open the Windows Registry Editor while logged in as an administrator
- Navigate to Computer\ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess
- Double-click on the Value item and change its value to Allow or Deny app access to the file system for the current user
How to manage file system access for individual apps
When both Allow access to the file system on this device and Let apps access your file system are enabled, you can specify which apps have broad file system access from the App permissions section of the Windows Settings app. This configuration is per-user.
Using the Windows Registry Editor
The configuration for the individual apps listed in the Settings app is stored in the Windows Registry in the key:
Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess
Each app will have its own entry which can be managed. Apps will only appear once they have requested access and have either been approved or denied.
Understanding app file system access in Windows 10
It’s critical to consider the security implications of granting an app access to the entire file system on your device. You should only allow apps with a good reputation that you trust, and that you have obtained from official sources.
Allowing a malicious app access to your files could result in a privacy breach if it accesses and transmits the contents of sensitive files, or the corruption or deletion of important files like financial documents or sentimental photos. Malware infections that result in data loss are one of the key reasons you should regularly back up your PC.
Apps that expect file system access but are not granted it may behave unexpectedly. However, you should not rush to grant access if you do not think it is justified or do not have full confidence in the reputation of either the developer or source of the application.
Managing app permissions and data security in enterprise
Managing access to data, including managing Windows file system access for apps, is a key responsibility of IT departments. It is increasingly vital that sensitive data is protected from both accidental disclosure, corruption, and tampering.
NinjaOne Endpoint Security gives you full control over what resources your users (and the apps they use) can access, and helps you identify and remediate potential security issues before they have a chance to become a full-blown data breach.
FAQ
Does denying file system access affect app performance?
Denying an app file system access will not impact its performance, however the app may behave unexpectedly if it cannot access files it needs.
Can I control file system access via Group Policy or PowerShell?
You can use PowerShell or Group Policy to deploy the Registry settings to control file system access for apps.
What’s the difference between file system access and Documents/Pictures/Videos/Music/Downloads folder access?
File system access gives an app full access to all the files on your device, rather than limiting it to the Pictures, Videos, Music, or Downloads folders in your user profile.
