Windows 10 file system access and privacy

Some apps need to access your file system to allow you to take full advantage of the functionality they provide. Allowing an app to have file system access enables it to have access to the same files and folders to which you have access. The app must request this access, and you can choose to allow or deny the request.

Allowing access to your file system might give apps access to personal content that you want to manage. This is why we give you control over the files you share by letting you choose which apps you’ll allow to access your file system. If you give an app permission but change your mind later, you can turn off that app’s access to your file system by going to Start > Settings > Privacy > File system.

Note: File system access might be turned off already if you’re using a device assigned to you by your workplace, or if you’ve added a work account to your personal device. If that’s the case, you’ll see a message telling you that “Some settings are managed by your organization” at the top of the File system settings page.

How the file system access settings work

To allow or block file system access for a specific app and service

Go to Start , and then select > Settings > Privacy > File system.

Make sure Allow apps to access your file system is turned On.

Under Choose which apps can access your file system, choose the individual apps and services for which you want to allow or block file system access and change the settings to On or Off.

To deny file system access for most apps

Go to Start , and then select > Settings > Privacy > File system.

Make sure Allow apps to access your file system is turned Off. This will prevent apps from accessing your file system on that device while you’re signed in to it. If other people share the same device, they can still turn on file system access when they’re signed in with their own accounts.

Exceptions to the file system access privacy settings

Not all apps will appear under Choose which apps can access your file system. Certain Windows programs, such as those that are downloaded from the internet or installed with some type of media (such as a CD, DVD, or USB storage device) won’t appear in that list and are not affected by the Allow apps access your file system setting. To allow or deny file system access for one of these programs, check the settings in the program itself.

Windows 10 desktop apps and privacy

Desktop apps are a specific type of app that won’t ask for permission to access data associated with privacy settings in Windows 10 in the same way that a Microsoft Store app does. Some desktop apps may not even ask for permission to get access to personal data stored on your device. Desktop apps also won’t appear in the list of apps in the privacy settings pages that allows you to choose which apps can use data associated with that privacy setting.

What are desktop apps? They’re usually downloaded from the internet or installed with some type of media (such as a CD, DVD, or USB storage device). They’re launched using an .EXE or .DLL file, and they typically run on your device, unlike web-based apps (which run in the cloud).

Please read the privacy policies of any desktop app you install to learn more about how they might use personal data stored on your device. You should also check if the desktop apps you have installed have provided their own options to control access to personal data. To further reduce the risk that an app or service can access personal data when a privacy setting is off, you should only install apps and services from trusted sources.

There are varying degrees of exceptions to how a desktop app may access and use personal data on the device beyond the privacy controls available in Windows 10.

Location. Even when you’ve turned off the device location setting, some third-party apps and services could use other technologies (such as Bluetooth, Wi-Fi, cellular modem, etc.) to determine your device’s location with varying degrees of accuracy. Microsoft requires third-party software developers that develop apps for our Microsoft Store or develop apps using Microsoft tools to respect the Windows location settings unless you’ve provided any legally required consent to have the third-party developer determine your location. For more comprehensive protection of your location, you could consider disabling radio-based components of your device such as Wi-Fi, Bluetooth, cellular modem, and GPS components, which might be used by an app to determine your precise location. However, doing so will also impair other experiences such as calling (including emergency calling), messaging, internet connectivity, and connecting to peripheral devices like your headphones.

Camera, Microphone, and other privacy settings tied directly to a peripheral device. Some desktop apps may not be affected by turning off these privacy settings. For example, an app that also installs a driver could interact directly with your camera or microphone hardware, bypassing the ability of Windows to control the access. For more comprehensive protection of your personal data associated with these settings, you could consider disabling these devices, such as disconnecting or disabling your camera or microphone.

Other privacy settings. For other privacy settings not mentioned above, there are no steps you can take to ensure desktop apps do not access personal data without your awareness unless you choose not to install or use the app.

File access permissions

Universal Windows Platform (UWP) apps can access certain file system locations by default. Apps can also access additional locations through the file picker, or by declaring capabilities.

Locations that all apps can access

When you create a new app, you can access the following file system locations by default:

Application install directory

The folder where your app is installed on the user’s system.

There are two primary ways to access files and folders in your app’s install directory:

You can retrieve a StorageFolder that represents your app’s install directory, like this:

You can then access files and folders in the directory using StorageFolder methods. In the example, this StorageFolder is stored in the installDirectory variable. You can learn more about working with your app package and install directory from the App package information sample on GitHub.

You can retrieve a file directly from your app’s install directory by using an app URI, like this:

When GetFileFromApplicationUriAsync completes, it returns a StorageFile that represents the file.txt file in the app’s install directory ( file in the example).

The «ms-appx:///» prefix in the URI refers to the app’s install directory. You can learn more about using app URIs in How to use URIs to reference content.

In addition, and unlike other locations, you can also access files in your app install directory by using some Win32 and COM for Universal Windows Platform (UWP) apps and some C/C++ Standard Library functions from Microsoft Visual Studio.

The app’s install directory is a read-only location. You can’t gain access to the install directory through the file picker.

Application data locations

The folders where your app can store data. These folders (local, roaming and temporary) are created when your app is installed.

There are two primary ways to access files and folders from your app’s data locations:

Use ApplicationData properties to retrieve an app data folder.

For example, you can use ApplicationData.LocalFolder to retrieve a StorageFolder that represents your app’s local folder like this:

If you want to access your app’s roaming or temporary folder, use the RoamingFolder or TemporaryFolder property instead.

After you retrieve a StorageFolder that represents an app data location, you can access files and folders in that location by using StorageFolder methods. In the example, these StorageFolder objects are stored in the localFolder variable. You can learn more about using app data locations from the guidance on the ApplicationData class page, and by downloading the Application data sample from GitHub.

You can retrieve a file directly from your app’s local folder by using an app URI, like this:

When GetFileFromApplicationUriAsync completes, it returns a StorageFile that represents the file.txt file in the app’s local folder ( file in the example).

The «ms-appdata:///local/» prefix in the URI refers to the app’s local folder. To access files in the app’s roaming or temporary folders use «ms-appdata:///roaming/» or «ms-appdata:///temporary/» instead. You can learn more about using app URIs in How to load file resources.

In addition, and unlike other locations, you can also access files in your app data locations by using some Win32 and COM for UWP apps and some C/C++ Standard Library functions from Visual Studio.

You can’t access the local, roaming, or temporary folders through the file picker.

Removable devices

Additionally, your app can access some of the files on connected devices by default. This is an option if your app uses the AutoPlay extension to launch automatically when users connect a device, like a camera or USB thumb drive, to their system. The files your app can access are limited to specific file types that are specified via File Type Association declarations in your app manifest.

Of course, you can also gain access to files and folders on a removable device by calling the file picker (using FileOpenPicker and FolderPicker) and letting the user pick files and folders for your app to access. Learn how to use the file picker in Open files and folders with a picker.

For more info about accessing an SD card or other removable devices, see Access the SD card.

Locations that UWP apps can access

User’s Downloads folder

The folder where downloaded files are saved by default.

By default, your app can only access files and folders in the user’s Downloads folder that your app created. However, you can gain access to files and folders in the user’s Downloads folder by calling a file picker (FileOpenPicker or FolderPicker) so that users can navigate and pick files or folders for your app to access.

You can create a file in the user’s Downloads folder like this:

DownloadsFolder.CreateFileAsync is overloaded so that you can specify what the system should do if there is already an existing file in the Downloads folder that has the same name. When these methods complete, they return a StorageFile that represents the file that was created. This file is called newFile in the example.

You can create a subfolder in the user’s Downloads folder like this:

DownloadsFolder.CreateFolderAsync is overloaded so that you can specify what the system should do if there is already an existing subfolder in the Downloads folder that has the same name. When these methods complete, they return a StorageFolder that represents the subfolder that was created. This file is called newFolder in the example.

Accessing additional locations

In addition to the default locations, an app can access additional files and folders by declaring capabilities in the app manifest or by calling a file picker to let the user pick files and folders for the app to access.

Apps that declare the AppExecutionAlias extension have file-system permissions from the directory that they are launched from in the console window, and downwards.

Retaining access to files and folders

When your app retrieves a file or folder via a picker, a file activation, a drag-and-drop operation, etc. it only has access to that file or folder until the app is terminated. If you would like to automatically access the file or folder in the future, you can add it to the FutureAccessList so that your app can readily access that item in the future. You can also use the MostRecentlyUsedList to easily manage a list of recently-used files.

Capabilities for accessing other locations

The following table lists additional locations that you can access by declaring one or more capabilities and using the associated Windows.Storage API.

Location	Capability	Windows.Storage API
All files that the user has access to. For example: documents, pictures, photos, downloads, desktop, OneDrive, etc.	broadFileSystemAccess This is a restricted capability. Access is configurable in Settings > Privacy > File system. Because users can grant or deny the permission any time in Settings, you should ensure that your app is resilient to those changes. If you find that your app does not have access, you may choose to prompt the user to change the setting by providing a link to the Windows 10 file system access and privacy article. Note that the user must close the app, toggle the setting, and restart the app. If they toggle the setting while the app is running, the platform will suspend your app so that you can save the state, then forcibly terminate the app in order to apply the new setting. In the April 2018 update, the default for the permission is On. In the October 2018 update, the default is Off. If you submit an app to the Store that declares this capability, you will need to supply additional descriptions of why your app needs this capability, and how it intends to use it. This capability works for APIs in the Windows.Storage namespace. See the Example section at the end of this article for an example of how to enable this capability in your app. Note: This capability is not supported on Xbox.	n/a
Documents	documentsLibrary Note: You must add File Type Associations to your app manifest that declare specific file types that your app can access in this location. Use this capability if your app: — Facilitates cross-platform offline access to specific OneDrive content using valid OneDrive URLs or Resource IDs — Saves open files to the user’s OneDrive automatically while offline	KnownFolders.DocumentsLibrary
Music	musicLibrary Also see Files and folders in the Music, Pictures, and Videos libraries.	KnownFolders.MusicLibrary
Pictures	picturesLibrary Also see Files and folders in the Music, Pictures, and Videos libraries.	KnownFolders.PicturesLibrary
Videos	videosLibrary Also see Files and folders in the Music, Pictures, and Videos libraries.	KnownFolders.VideosLibrary
Removable devices	removableStorage Note You must add File Type Associations to your app manifest that declare specific file types that your app can access in this location. Also see Access the SD card.	KnownFolders.RemovableDevices
Homegroup libraries	At least one of the following capabilities is needed. — musicLibrary — picturesLibrary — videosLibrary	KnownFolders.HomeGroup
Media server devices (DLNA)	At least one of the following capabilities is needed. — musicLibrary — picturesLibrary — videosLibrary	KnownFolders.MediaServerDevices
Universal Naming Convention (UNC) folders	A combination of the following capabilities is needed. The home and work networks capability: — privateNetworkClientServer And at least one internet and public networks capability: — internetClient — internetClientServer And, if applicable, the domain credentials capability: — enterpriseAuthentication Note: You must add File Type Associations to your app manifest that declare specific file types that your app can access in this location.	Retrieve a folder using: StorageFolder.GetFolderFromPathAsync Retrieve a file using: StorageFile.GetFileFromPathAsync

Example

This example adds the restricted broadFileSystemAccess capability. In addition to specifying the capability, the rescap namespace must be added, and is also added to IgnorableNamespaces .

For a complete list of app capabilities, see App capability declarations.