Windows 11 KB5074105 Storage UAC: Cleanup impact and automation workarounds

Microsoft’s January preview update for Windows 11 — identified as KB5074105 (OS Build 26200.7705) — quietly hardens access to the Storage settings by invoking User Account Control (UAC) when you open Settings > System > Storage, and that change has a direct, practical side effect: the Temporary files scanner can hide admin-only cleanup categories unless Settings is elevated. At the same time, the update bundles visible feature work — notably expanded Cross Device Resume for Android apps and a usability improvement for Smart App Control — but the Storage UAC change has already created friction for everyday cleanup workflows and automation, especially for users who relied on Settings to remove Windows Update files and similar system-level items.

Background / Overview​

Microsoft published KB5074105 at the end of January 2026 as a preview cumulative update for Windows 11 versions 25H2 and 24H2. The release contains a long list of fixes — from Explorer stability and Start menu corrections to expanded device integration features — and it explicitly documents a new behavior: when a user attempts to open the Storage page in Settings, Windows will display a UAC prompt to help ensure that only authorized Windows users can access system files. That sentence in the official notes is short, but consequential.
Community testing and early reporting show a consistent pattern after installing the preview: if you open Storage without elevating Settings, the Temporary files section will not list certain cleanup buckets that require administrative privileges (for example, Windows Update Cleanup and some driver-package cleanup entries). When Settings is elevated — i.e., after consenting to the UAC prompt — those admin-only items reappee (cleanmgr.exe) still shows Windows Update cleanup options when it is run elevated, which explains why some users see a discrepancy between the two tools.

---

Why Microsoft made the change​

Microsoft’s public rationale is straightforward: Storage settings enumerate and surface system locations and cleanup handlers that historically let a signed-in standard user see and, in some cases, interact with system-level components. Exposing that surface without an elevation boundary increases the chance a non-privileged account — or an attacker with limited local access — could enumerate or remove system files inadvertently or maliciousl is a typical least privilege hardening: put a consent boundary around a UI that touches system-level artifacts.
From a hardening perspective this is sensible. It aligns Storage with other admin-only management interfaces and reduces casual exposure to sensitive system internals. From a user-experugh, it’s a change that was not obvious to many people and it breaks an expectation: opening Settings shouldn’t normally require elevation for common maintenance tasks. That mismatch is the root of the present controversy.

---

The exact behavior observed (what changes in practice)​

• Opening Settings > System > Storage now triggers a UAC prompt on systems where UAC is enabled; decline the prompt and Storage remains non-elevated.
• When Settings runs non-elevated, the Temporary files scanner hides cleanup buckets that require administrative enumeration, such as:
• Windows Update Cleanup
• Windows upgrasionally device driver package cleanup entries
• Other system-only cleanup buckets.
• Running Disk Cleanup as administrator and selecting “Clean up system files” still lists those same items; the legacy t remains a reliable way to see admin-only cleanup categories.
• Automation or scripts that assumed the Settings UI would enumerate all cleanup buckets without elevation must be adapted: either run as SYSTEM or invoke elevated tools (cleanmgr, DISM) or management APIs.

This difference is not necessarily a bug; Microsoft frames it as an intentionaBut because the practical result is that a common maintenance path has different visible options depending on whether the app is elevated, many users will experience confusion and broken workflows until guidance or product UX changes are provided.

---

Technical explanation: why the discrepancy exists​

The Storage page and the Temporary files scanner rely on a set of cleanup handlers and enumeration code paths. Some of those handlers require administrative privileges to enumerate or remove items — especially those that interact with Windows Update components, the component store (WinSxS), or installer caches. Historically, Settings ran non-elevated and presented a mixed list: user-level temporary items alongside some system items that Settings could enumerate with the privileges of the current user.
With KB5074105, Microsoft changed the Security Identifier (SID) or token boundary for Storage enumeration: when Settings is elevated it loads the admin-only handlers; when non-elevated it either cannot load them or the code em. Disk Cleanup, when elevated, still loads the system handlers and so continues to show the admin-only buckets. The result is a privilege-dependent UI surface. Community tracing and reproduction confirm this technical model.

---

Cross-check: Microsoft’s documentation and independent reporting​

• Microsoft lists KB5074105 and calls out the new Storage UAC behavior in the Windows 11 release notes, showing the change is official and intentional.
• Independnve reproduced the behavior and documented the UX discrepancy between Settings and Disk Cleanup, notably noting that the Temporary files UI hides Windows Update cleanup unless Settings is elevated. Multiple community threads and tech outlets reported this immediately after the preview dropoft’s official notes and independent community tests converge on the same explanation, the technical claim is well-supported: the UAC change is intentional and the “missing” temporary-file options are the expected side effect of running Settings as a non-elevated process.

---

Practical implicationistrators​

For home/power users​

• If you use Settings > System > Storage > Temporary files to remove Windows Update files, expect a UAC prompt. Accepting it will restore the full list; declining means you won’ts in the list.
• If you prefer a single-step cleanup and wish to avoid the UAC prompt, launch Disk Cleanup (cleanmgr.exe) as administrator and choose “Clean up system files” to access Windows Update cleanup and related entries.
• You can also run DISM cleanup operations from an elevated Command Prompt or PowerShell to reclaim WinSe space: dism.exe /online /cleanup-image /startcomponentcleanup (and optionally /resetbase). Those commands must be run elevated and the latter is irreversible with respect to uninstalling superseded updates.

For IT admins and managed environments​

• The hardening reduces the chance that aadvertently remove update components. That’s good for compliance and stability in many enterprise scenarios. It prevents helpdesk confusion arising from casual removals of system files.
• However, process and automation that relied on Settings to enumerate or remove system cleanup items must be adjusted. Recommended approaches:
• Run cleanup tasks from elevated scheduled tasks or use management tooling (Intune, SCpts) that run as SYSTEM.
• Use a scripted DISM cleanup flow for component-store reclamation.
• Use Disk Cleanup elevated in runbooks for one-off helpdesk tasks.

---

Step-by-step guidance: how to reclaim update and system space now​

• Check whether KB5074105 is installed: run winver and confirm OS build 26200.7705 (25H2) or the corresponding 24H2 build. If you are testing the optional preview, this package shows up under Optional updates.
• If you prefer a GUI route:
• Prk Cleanup.
• Right-click Disk Cleanup and choose “Run as administrator.”
• Select C: and then click “Clean up system files.”
• Check Windows Update Cleanup, Delivery Optimization Files, and other system entries you want to remove, then click OK.
• For a command-line reclaim (elevated Command Prompt / PowerShell):
• Run: dism.exe /online /cleanuntcleanup
• To remove superseded component versions (irreversible), run: dism.exe /online /cleanup-image /startcomponentcleanup /resetbase
• Note: /resetbase will prevent uninstalling prior cumulative updates. Use with caution.
• To automate scheduled cleanup without prompting users:
• Configure a scheduled task that runs elevatese DISM or a wrapped cleanmgr invocation in that task.
• Alternatively, configure Storage Sense centrally for routine cleanup of user-level temporary items, while reserving DISM for deeper system reclamation.

---

UX and security tradeoffs — critical analysis​

This change is the textbook example of a security/usability tradeoff:

• Security win: The UAC boundary reduces uno system internals and helps prevent accidental or malicious deletions tied to system stability and update integrity. For shared, kiosk, or enterprise devices this is a meaningful hardening.
• Usability pain: For home users and power users who expect a consistent Settings experience, the change is disruptive. The Storage pane no longer provides parity with Disk Cleanup unless the ution, which is an extra step and a source of confusion. Many users don’t recognize that a missing option is privilege-related; they simply see a “loss” of functionality.
• Automation fragility: Scripts and helpdeed on the old behavior must be refactored — a real cost for organizations that automated maintenance flows using Settings as a programmatic surface.

Microsoft’s decision to harden the Storage surface likely reflects an overall strategy: put elevated boundaries around UI surfaces that can materially affect system state. That’s defensible. The key failure mode is not the security change itself, but the lack of UI guidance and default belp users transition. Without clearer on-screen messaging and management guidance, the change looks like a regression to many.

---

Workarounds, mitigations, and recommended rollout practices​

• For home users who want the old single-click flow: train yourself (or your household) to run Disk Cleanup as ad system cleanups, or accept the UAC prompt when opening Storage. Both are straightforward and supported.
• For IT teams:
• Pilot KB5074105 in a representative ring before broad deployment.
• Update support documentation and helpdesk scriAC prompt and to include Disk Cleanup and DISM instructions as fallback procedures.
• If automation must use Settings’ enumerations, move those automation flows to els or otherwise run them as SYSTEM via your management tooling.
• For script authors: do not rely on non-elevated Settings enumeration to detect system-only cleanup targets. Use elevated DISM queries or well-supported man race conditions and privilege surprises.

---

The broader feature context in KB5074105​

KB5074105 isn’t limited to Storage hardening. The preview also expands Cross Device Resume (Resume) to more Android apps and vendors, enabling seamless continuation of tasks such as music playback or Microsoft 365 Copilot-based document editing from supported phones to Windows PCs; the feature requires Link to Windows / Phone Link and vendor entitlements for device support (Samsung, Xiaomi, OPPO, HONOR, vivo are called out; iPhone is not supported). Microsoft’s Cross Device Resume documentation spells out prerequisites and supported workflows for developers and users.
Another meaningful change: Smart App Control (SAC) can — in preview builds — be toggled on or off without requiring a clean install. That addresses a longstanding user friction point where disabling SAC previously prevented it from being re-enabled without reinstalling or resetting Windows. Microsoft is rolling that change out in stages. Independent coverage and Microsoft’s own preview notes confirm SAC’s toggleability is part of the KB’s feature set.
These additional features show that KB5074105 is a mixed bag: meaningful user-facing improvements and important security hardenings landed in the same package, which increases the chance that a benign-looking fix (hardening a Settings page) creates surprise for users who came for unrelated fixes.

---

Known limitations and unverifiable claims​

• Microsoft’s published notes explicitly describe the Storage UAC behavior and other fixes in the KB; community reproductions match those notes, so the central claim that Storage now prompts for UAC and that Temporary files can hide admin-only items is verifiable.
• Some online posts have claimed large, undeletable “Windows Update Cleanup” payloads (multi-GB) that persist after cleanup; this class of complaints has appeared historically and may be caused by checkpoint-update mechanics, partial cleanup, or corrupt caches. While anecdotal reports exist, the exact frequency and scale vary by machine and scenario; treat extreme-size claims cautiously and verify them on-device before acting. Community archives and forum posts document specific instances but they are situationally dependent.
• If you see system instability or missing UI after preview installs, those may be unrelated regressions or device-specific interactions; Microsoft’s known-issues list and the Windows release-health pages should be consulted for fixed/ongoing problems. KB5074105 fixes a number of Explorer and sign-in issues but preview packages can also introduce unexpected regressions, which is why piloting is recommended.

---

Final assessment and recommendation​

KB5074105 is a consequential preview release: it fixes stability problems, expands useful cross-device integration, and introduces a defensible security hardening for Storage. The Storage UAC checkpoint is an intentional design change to reduce privilege exposure — and the behavioral outcome (Temporary files hiding admin-only options when Settings is non-elevated) is a predictat design.
For most users the practical mitigation is simple: either accept the UAC prompt when opening Storage or use an elevated Disk Cleanr deeper system cleanup. For administrators and automation authors, the change is a reminder that UI surfaces are not stable pro if you depend on them, run your tasks elevated or use management APIs built for automation.
Recommendations, succinct:

• Home users: run Disk Cleanup as administrator or accept the UAC prompt to get full cleanup options.
• Power users: use DISM for component-store reclamation when you need irreversible reductions, and understand the trade-offs of /resetbase.
• IT admins: pilot KB5074105, update helpdesk runbooks, and move automation to elevated scheduled tasks or management tooling.

KB5074105 demonstrates a necessary tension in modern OS design: security hardence often pull in opposite directions. Microsoft chose to tighten the gate around Storage; the community’s next job is to adapt workflows, update documentation, and give Microsoft feedback on where the UX needs clearer signposts. Until the company provides more UI guidance or refined tooling, the two practical takeaways for users are to elevate when you need admin-level cleanup and to use proven elevated tools — Disk Cleanup and DISM — for dece.
Conclusion: the Storage UAC prompt is a security-first change with real usability consequences. It’s intentional and supported by Microsoft’s KB; it will help some threat models while inconveniencing others. Know your cleanup tools, update your automation to run elevated, and pilot preview updates before broad deployment — those simple practices will keep your machines tidy without surprising “missing” cleanup options.

---

Source: FilmoGaz Windows 11 Requires Admin Access, Disrupts Temporary Files Cleanup

 

[ChatGPT]

Microsoft’s January preview cumulative update KB5074105 changes how Storage cleanup works in Windows 11: it introduces a UAC elevation boundary for the Settings > System > Storage pane that intentionally hides administrator-only cleanup buckets (including the familiar Windows Update Cleanup) unless Settings is run elevated, and that behavioral change has immediate consequences for everyday cleanup workflows, automation, and help‑desk procedures.

Background / Overview​

Windows 11 preview update KB5074105 (reported as OS Build 26200.7705 for 25H2 and corresponding 24H2 builds) arrived in late January 2026 as an optional cumulative preview with a list of fixes and a short but consequential note: opening the Storage page in Settings now triggers a User Account Control (UAC) prompt. That simple change reclassifies Storage as a privileged UI surface and filters what non‑elevated sessions can enumerate or remove.
The most visible, immediate side effect reported by community testers and early adopters is that the Temporary files scanner in Settings can now hide admin-only cleanup categories — notably Windows Update Cleanup and some driver-package cleanup entries — when Settings is not elevated. Legacy tools that are explicitly elevated, such as Disk Cleanup (cleanmgr.exe) with “Clean up system files” or DISM servicing commands, still show and can remove those items. That mismatch between Settings (non‑elevated) and legacy elevated tools is the crux of the usability disruption users are experiencing.

---

What KB5074105 changed (concrete behavior)​

• Opening Settings > System > Storage now displays a UAC consent dialog before rendering the Storage content. If the user accepts, Settings runs elevated and enumerates both user and admin cleanup buckets. If the user declines, the Storage view remains non‑elevated and hides admin-only buckets.
• The Temporary files scanner in a non‑elevated Settings session omits items that require administrative enumeration, such as:
  • Windows Update Cleanup
  • Some device driver package cleanup entries
  • Various other system-only cleanup categories
    Disk Cleanup run as administrator continues to display these categories.
• KB5074105 also bundles unrelated fixes and feature work (Explorer stability fixes, cross-device resume enhancements, Smart App Control tweaks), but the Storage UAC change is what produced the most immediate user-facing friction.

These behaviors are described in Microsoft’s release notes and reflected in independent community testing and reporting; the consensus from the field is that the storage UAC gating is intentional rather than an accidental regression.

---

Technical explanation: why the discrepancy exists​

At a platform level, the Storage pane enumerates storage handlers and cleanup providers that may interact with system-level artifacts. Some of these handlers require administrative privileges to safely query or delete data from protected locations such as the component store (WinSxS), SoftwareDistribution, or certain installer caches. The Settings app now respects process token boundaries: when elevated it loads admin-only handlers, and when non-elevated it does not, resulting in a privilege-dependent UI surface. Legacy tools or servicing utilities explicitly run elevated still have access to those handlers.
This is a classic least‑privilege hardening: by placing a consent boundary around a UI that touches system internals, Microsoft reduces opportunities for accidental or malicious removal of critical system artifacts. The tradeoff is that a once-low-friction maintenance path—clicking into Settings to remove update leftovers—now requires an elevation step or a different elevated tool.

---

Impact on end users and home power users​

The Storage UAC gate changes common maintenance workflows in ways some users will find frustrating and others will welcome:

• For users who routinely click Settings > System > Storage > Temporary files to remove Windows Update files or Delivery Optimization cache, the UI now prompts for elevation. If they decline, the Windows Update Cleanup option is simply not listed. The immediate, visible effect is confusion: “Where did my Windows Update cleanup option go?”
• If you accept the UAC prompt, Settings will show the full list and behave as before. Declining forces you to use an alternate, elevated tool.
• Disk Cleanup (cleanmgr.exe) remains a dependable fallback: right‑click it and choose Run as administrator, select the system drive, then click Clean up system files to see Windows Update cleanup options. Many power users will adopt this as their default route until Microsoft clarifies or adjusts the Settings experience.
• For automated flows or scripts that assumed the Settings UI would enumerate everything without elevation, those scripts will break or produce incomplete results. That includes user-created maintenance scripts and some third‑party cleanup utilities that invoke Settings endpoints without an elevated token.

Practical takeaway for home users: if you need to remove Windows Update artifacts and you don’t want to accept a UAC prompt in Settings, run Disk Cleanup elevated or run DISM servicing commands from an elevated command prompt or PowerShell.

---

Command-line and automated alternatives (what works now)​

When Settings hides admin-only cleanup categories, the supported elevated methods still function. Use these carefully and understand tradeoffs, especially for irreversible operations.

1. Disk Cleanup (UI, elevated)
   • Press Start, type Disk Cleanup.
   • Right‑click Disk Cleanup and choose “Run as administrator”.
   • Select the system drive (usually C, then click “Clean up system files”.
   • Select Windows Update Cleanup, Delivery Optimization Files, or other categories as needed.
2. DISM component store cleanup (administrative command prompt / PowerShell)
   • To reclaim component-store space:
     dism.exe /online /cleanup-image /startcomponentcleanup
   • To permanently remove superseded component versions (irreversible for uninstalling those updates):
     dism.exe /online /cleanup-image /startcomponentcleanup /resetbase
   • Important: /ResetBase prevents uninstalling previously superseded updates; use only when you are certain you no longer need to roll back.
3. Storage Sense and Cleanup recommendations
   • Storage Sense can be configured to run automatically and clear many user-level temporary items. It is useful for routine maintenance but does not replace elevated servicing commands for WinSxS or update rollback data.
4. Scheduled elevated tasks or management tooling
   • For unattended automation, convert any Settings-based cleanup automation to run as SYSTEM or with administrative tokens (e.g., scheduled tasks set to run with highest privileges, Intune/Configuration Manager run-as-system operations). This avoids asking end users for elevation interactively.

---

Enterprise and IT administration implications​

From an IT perspective, KB5074105’s hardening is largely defensible and beneficial, but it requires operational adjustments:

• Benefit: the change reduces the risk that standard users (or an attacker with a standard token) can enumerate or remove system-level artifacts through a convenient UI. That reduces accidental removals and aligns the Storage pane with other admin-only management surfaces.
• Risk: runbooks and automation that targeted Settings for enumeration or cleanup must be revised to run elevated or to use supported servicing APIs. Failure to do so will result in incomplete cleanup and potential support tickets.
• Recommended actions for IT teams:
  • Audit automation and scripts for assumptions about Settings visibility.
  • Convert Settings-based automation to scheduled tasks running as SYSTEM or to management tooling actions (Intune, SCCM) that execute with proper privileges.
  • Update help‑desk KBs and user guidance so frontline staff and family members know to run Disk Cleanup elevated or to accept the UAC prompt when using Settings for full cleanup.

Enterprises that embrace the security rationale will accept the minor friction; high-volume support shops should plan brief education and scripted alternatives to avoid a spike in tickets.

---

Security analysis: benefits and tradeoffs​

This change sits at a classic security/usability tradeoff intersection.
Benefits

• Reduced attack surface for local information discovery: Hiding system-level cleanup handlers from un‑elevated processes prevents low-privilege users or malware from trivially enumerating or removing update artifacts.
• Alignment with least-privilege principles: Elevation for privileged maintenance surfaces reduces time windows where elevated tokens are available or misuseable.
• Better fit for managed devices: Devices in enterprise, kiosk, or shared contexts benefit from preventing casual tampering without additional GPO/MDM configuration.

Risks and downsides

• User friction and confusion: Many users expect Settings to be frictionless. A UAC prompt on a routine maintenance pane is unexpected and will generate confusion until guidance is widespread.
• Automation and tooling breakage: Scripts and third‑party tools that assumed Settings would enumerate all buckets without elevation must be updated, or they will silently miss admin-only categories.
• Communication gap: Microsoft’s public note on the change is brief; when security hardenings land without clear user guidance they can generate disproportionate support volume. The community’s reaction has focused less on the security rationale and more on the change’s communication and operational impact.

Overall, the hardening is defensible from a security standpoint, but Microsoft and IT teams must close the documentation and communication gaps quickly to minimize support friction.

---

Practical recommendations (what users and admins should do now)​

Follow this prioritized checklist depending on your role and risk tolerance.
For home/power users

• If you need to remove Windows Update files via Settings, accept the UAC prompt when asked; Settings will then display the admin-only cleanup categories. If you prefer not to elevate Settings every time, run Disk Cleanup as administrator: right‑click Disk Cleanup → Run as administrator → Clean up system files.
• To reclaim WinSxS and component-store space, run DISM from an elevated prompt. Use /ResetBase only when you no longer need to uninstall previous updates.
• Use Storage Sense for regular, low-risk cleanup, but understand it does not touch deeper component-store artifacts.

For IT administrators

1. Audit and update automation that uses Settings for enumeration or cleanup.
2. Convert runbooks to run as SYSTEM or via management tooling that executes elevated.
3. Update support documentation and prepare short, clear user instructions to handle the UAC prompt and advise on elevated alternatives (Disk Cleanup, DISM).
4. Test DISM /StartComponentCleanup and /ResetBase in a lab before deploying widely; /ResetBase is irreversible for uninstalling superseded updates.

For help desks and frontline support

• Prepare a short script or prebuilt elevated Disk Cleanup task you can run for users who decline elevation.
• Train staff to explain the security rationale briefly and show the elevated Disk Cleanup or DISM alternatives.

---

Known caveats and unverifiable claims​

• Some reporting and community summaries include numbers or timelines (for example, claims about precise OS build numbers, rollout dates to security updates, or exact reserved storage reductions). While community traces list OS Build 26200.7705 for the preview and reference a late‑January 2026 preview release, always verify the build installed on a specific device with winver and cross‑check Microsoft’s official KB page for the canonical build and rollout notes. The community documentation supports the behavioral model described here, but specific per‑device behavior (reserved storage size, exact cleanup timings) can vary. Treat device-specific figures as provisional until confirmed on the target device.
• Some fringe claims — such as precise percentages for installation speedups or exact megabyte savings for every device — derive from lab tests and Microsoft internal metrics and will vary in real-world deployments. Those performance numbers are plausible and reported elsewhere, but they are not central to the Storage UAC change itself; treat them as supplemental context rather than settled fact.

---

Long-term view: is this change likely to stick?​

The Storage UAC boundary fits a wider platform trend: Microsoft is progressively treating diagnostic and management surfaces that touch system internals as privileged. That pattern is visible in other recent hardenings and in the push toward improved Administrator Protection semantics. For that reason, it’s reasonable to expect the change — or a close variant of it — to remain in place long-term. However, Microsoft can and often does refine UX around security prompts; the company may adjust the Settings flow to reduce confusion (for example, by offering clearer in‑pane messaging or an explicit “Show system-only items” button that triggers elevation) if support volume or user feedback warrants it. Until such refinements appear, IT teams and users should treat the elevation requirement as the default behavior and plan accordingly.

---

Conclusion​

KB5074105’s UAC‑gated Storage pane is a small technical change with outsized human consequences: it is a defensible security hardening that reduces casual exposure of system internals, but it also breaks an established, low‑friction cleanup path for many users. The immediate practical effect is simple and fixable — accept the UAC prompt in Settings, run Disk Cleanup as administrator, or use elevated DISM commands — but the broader implications for automation, user education, and help‑desk workflows are significant and require action.
If you manage devices, update automation now. If you support family or non‑technical users, add a two-line how‑to for elevated Disk Cleanup to your support library. And if you are an everyday user who wants to remove Windows Update leftovers without repeatedly accepting prompts, set up a single elevated scheduled task or use the Disk Cleanup elevated flow to keep maintenance quick and safe. The security rationale is sound; the operational gaps are solvable — they simply need predictable guidance and a small amount of administrative housekeeping.

---

Source: Windows Report https://windowsreport.com/windows-1...leanup-windows-update-files-no-longer-listed/