Windows 11 Enhances Security with New Access Controls for System Files
Microsoft has recently introduced a pivotal security enhancement in Windows 11, aiming to fortify the operating system against unauthorized access to critical system files. This update, part of the January 2026 non-security preview (KB5074105), specifically targets the Storage settings menu—a component that provides detailed insights into drive usage, temporary files, and system-reserved storage.
Strengthening System Security
Prior to this update, any user with access to an unlocked Windows session could navigate to Settings > System > Storage and view comprehensive details about hard drive utilization. This included interactions with temporary files and a breakdown of installed applications and system files. Such unrestricted access posed potential security risks, especially in environments where multiple users share a single device.
With the implementation of KB5074105, Windows 11 versions 24H2 and 25H2 now enforce a mandatory User Account Control (UAC) prompt when accessing the Storage settings. This means that if a user without administrative privileges attempts to access these settings, they are required to provide valid administrative credentials to proceed. This measure effectively mitigates risks associated with unauthorized data manipulation or inadvertent system configuration changes by unprivileged users.
Technical Specifications and Deployment
The update is currently in the C-release phase, serving as an optional preview that allows administrators to test the changes before they are incorporated into the mandatory Patch Tuesday security update scheduled for February. This phased deployment strategy ensures that any potential issues can be identified and addressed before the broader rollout.
In addition to the security enhancements, KB5074105 introduces updates to the underlying AI framework integrated into Windows 11. These updates affect the Copilot+ PC experiences, specifically updating the models used for local processing. The update refreshes the Image Search, Content Extraction, Semantic Analysis, and Settings Model components to version 1.2601.1268.0. These enhancements aim to improve the efficiency and accuracy of local AI workloads, ensuring they remain aligned with the operating system’s latest security protocols.
Administrative Considerations
Administrators deploying this update should be aware that it includes a Servicing Stack Update (SSU), KB5074104. The SSU is crucial for ensuring the device allows for reliable installation of future cumulative updates. It’s important to note that once the SSU is installed, it cannot be removed. However, the cumulative portion of the update can be removed using the `DISM /Remove-Package` command if compatibility issues arise within the enterprise environment. As of now, Microsoft has stated that they are not aware of any known issues affecting this release.
Implications for Users and Organizations
This security enhancement underscores Microsoft’s commitment to providing a secure computing environment for its users. By restricting access to critical system settings, the update reduces the risk of unauthorized changes that could compromise system stability or security. For organizations, this means an added layer of protection against potential internal threats or accidental misconfigurations by employees.
Users are encouraged to install the update promptly to benefit from these security improvements. Administrators should also review their current user access policies to ensure they align with the new security measures introduced in this update.
Conclusion
The introduction of mandatory UAC prompts for accessing the Storage settings in Windows 11 represents a significant step forward in enhancing system security. By requiring administrative credentials for such access, Microsoft effectively minimizes the risk of unauthorized interactions with critical system files. This update, along with the enhancements to the AI framework, reflects Microsoft’s ongoing efforts to provide a secure and efficient operating system for all users.
