Custom folder icons painstakingly crafted with desktop.ini files have vanished without a trace for thousands of Windows users. The culprit: security updates released on or after June 9, 2026, that silently instruct Windows Explorer to ignore desktop.ini files bearing the Mark of the Web (MotW). What was designed as a hardening measure against malicious payloads has instead thrown a wrench into workflows reliant on visual folder customization.

Microsoft confirmed the change in a quietly published support document, noting that the update “may stop some custom folder icons and localized folder display names from appearing.” The bypass is deliberate—Windows now scrutinizes the zone identifier attached to desktop.ini files fetched from the internet, network shares, or any untrusted source. If the file carries the MotW, Explorer pretends it doesn’t exist. The result: folders revert to their default yellow manila, and localized names like “Documents” can disappear, replaced by raw filenames.

The updates at the center of this turmoil are KB5039212 for Windows 11 version 24H2 (builds 22631.4751 and later) and KB5039211 for Windows 10 22H2 (build 19045.5432). Windows Server 2022 and 2025 received analogous patches. The change isn’t a bug—it’s a security feature introduced to close a long-standing attack vector where adversaries could weaponize desktop.ini to execute code or obscure malicious content. Yet the collateral damage is substantial.

Why desktop.ini? A Brief Technical Primer

desktop.ini is a hidden system file that Windows Explorer parses to define a folder’s appearance. It can specify a custom icon (via the .IconFile and .IconIndex keys), localized display names (via .LocalizedResourceName), tooltips, and even custom columns. For power users, it’s the backbone of personalized file organization. For IT admins, it’s a tool to brand departmental shares. For years, placing a properly formatted desktop.ini in any folder was enough to transform its look.

Microsoft’s security team, however, decided that this convenience came with unacceptable risk. The MotW is an NTFS alternate data stream (Zone.Identifier) that Windows adds to files downloaded from the internet or certain network paths. It’s what triggers SmartScreen warnings and restricts macros in Office documents. By extending MotW enforcement to desktop.ini, the operating system now treats icon configuration files with the same suspicion as executables. The rational: a malicious desktop.ini could reference a payload disguised as an icon file or trigger a buffer overflow in a third-party icon handler.

The Immediate Impact: Broken Icons, Lost Localization

The most visible symptom is icon loss. Users who organized project folders by color-coded custom icons—red for urgent, green for approved—now see a sea of identical blank folders. Those who relied on localized folder names in multilingual environments, such as a shared drive with “Rapports” mapped to “Reports” via desktop.ini, find the display names reverted to the physical folder name. “My entire network drive turned into a cryptic mess,” posted one user on the WindowsForum thread that exploded within hours of the update’s rollout. “Seven years of custom icons, gone.”

The problem isn’t limited to network drives. Local folders inherited desktop.ini from a previous network copy, or those stored in cloud-synced folders like OneDrive that carry the MotW from being downloaded on a new machine, are also affected. Even files manually unblocked may regain the MotW if re-synced or moved across volumes with default security settings.

Microsoft’s support document specifies three scenarios where desktop.ini processing is now blocked:

  • The desktop.ini file itself has the Mark of the Web attached.
  • The folder containing the desktop.ini has the MotW (and the desktop.ini lacks a zone identifier that explicitly allows processing).
  • The folder is on a network share that isn’t mapped as a trusted intranet site.

Microsoft’s Stance: Security Trumps Convenience

Microsoft has been transparent about the trade-off. “The June 2026 Windows security updates introduce a defense-in-depth improvement that may affect how Windows displays certain content defined in desktop.ini files,” the KB article states. It recommends several mitigations but emphasizes that the default behavior is the new secure baseline. The company points out that custom icons and names are cosmetic, whereas a compromised desktop.ini could lead to credential theft or remote code execution.

Dozens of historical CVEs support Microsoft’s caution. In 2023, a vulnerability (CVE-2023-32636) allowed an attacker to inject malicious code through crafted desktop.ini files in network shares. In 2024, a zero-day exploited the Shell Icon Overlay Identifier to escalate privileges. The MotW restriction closes off these vectors by treating desktop.ini as potentially dangerous unless explicitly trusted.

Workarounds: Regaining Visual Customization

For users willing to accept the risk, Microsoft provides two official ways to restore the old behavior. The first is manual and file-specific: right-click the desktop.ini file, select Properties, check “Unblock” on the General tab if present, and click OK. This strips the MotW and allows Explorer to process the file. However, this must be repeated for every affected desktop.ini, and the setting may not persist if the file is later re-created by a sync service.

The second, more scalable method is a new Group Policy setting introduced alongside the update. Navigate to Computer Configuration > Administrative Templates > Windows Components > File Explorer and enable the policy “Allow processing of desktop.ini files from all locations.” This completely disables the MotW check for desktop.ini across the system, effectively reverting to pre-June 2026 behavior. The corresponding registry key is:

HKLM\Software\Policies\Microsoft\Windows\Explorer
DWORD: DisableDesktopIniMotwCheck = 1

A restart of Windows Explorer or the entire system is required for the policy to take effect. Enterprise administrators can push this via domain Group Policy, though Microsoft strongly recommends restricting its application to internal, trusted networks.

Unofficial workarounds have also emerged. Some users report success by recreating the desktop.ini file locally from scratch, as locally born files typically don’t inherit the MotW. Others strip the Zone.Identifier stream with PowerShell: Remove-Item -Path 'folder\desktop.ini' -Stream Zone.Identifier. This hides the exact same action as unblocking via the GUI but can be automated across folders with Get-ChildItem -Recurse -Filter desktop.ini | Unblock-File.

The Security Trade-Off: How Risky Is It to Re-Enable?

Disabling the MotW check for desktop.ini reopens the very attack surface that Microsoft aimed to close. If a user or script downloads a malicious desktop.ini from the internet—perhaps inside a ZIP archive masquerading as icon themes—Windows could honor it, leading to code execution. The risk escalates in environments where users browse the web or open attachments on the same machine that hosts sensitive data.

IT security specialists advise a layered approach. Instead of blanket disabling via Group Policy, whitelist specific folders or network shares using the “Intranet Zone” settings. Servers and paths added to the Local Intranet zone in Internet Options are treated as trusted, and MotW restrictions on desktop.ini are relaxed for those locations. This preserves security for internet-facing folders while restoring functionality for internal network drives.

Another strategy is to rely on icon customization through libraries or shortcuts, which don’t use desktop.ini files. But that workaround is less flexible and cannot replicate the per-folder granularity that desktop.ini offers.

Community Reaction: Frustration and Creative Fixes

On WindowsForum, the megathread has amassed over 4,000 replies in three days. The tone oscillates between exasperation and ingenuity. “Microsoft, you broke my desktop!” railed one user whose meticulously arranged architecture portfolio lost all its thematic folder icons. Another lamented the impact on accessibility: “I use colored folders to navigate my drives because of poor vision. Now everything looks the same.”

But among the complaints, a hive-mind of solutions has coalesced. A PowerShell script that recursively unblocks desktop.ini files on a drive gained over 2,000 upvotes. A batch file that toggles the Group Policy reg key lets users switch between secure and legacy modes on demand. One enterprising developer even released a lightweight shell extension that serves custom icons from a separate, unblocked database, bypassing desktop.ini entirely.

The discussion has also surfaced an important nuance: localized folder names in system folders like Documents, Music, and Pictures rely on desktop.ini files that are pre-installed by Windows. In some configurations, these files became blocked after the update, causing the folders to display as “Pictures” instead of “Images” on French systems, or “Bilder” on German ones. This bug, acknowledged by Microsoft, affects a subset of non-English installations and requires reapplying the display language pack.

The Bigger Picture: A New Era of Windows File Handling

The June 2026 update is not an isolated tweak but part of a broader Microsoft initiative to harden the shell against abuse. “Smart App Control, phishing safeguards in Defender, and now desktop.ini restrictions all point to a philosophy where whatever the user sees in Explorer must be trusted end-to-end,” said an analyst at a major cybersecurity firm who requested anonymity. “It’s a paradigm shift that will frustrate power users, but given the volume of malware that abuses shell features, it’s understandable.”

Looking ahead, Microsoft may introduce a more granular framework: per-folder zones that allow desktop.ini processing on network paths while keeping internet downloads blocked, for instance. The current binary Group Policy switch is a blunt instrument, and community feedback is likely to push for a middle ground. For now, the onus is on users and admins to weigh the convenience of custom icons against the security implications.

In the short term, the advice is pragmatic. “If your workflow depends on custom folder icons, either implement the workaround or start transitioning to icon management tools that don’t use desktop.ini,” recommends the WindowsForum’s top-voted solution post. “But know that you’re trading a little security for a lot of usability. In a strictly intranet scenario, that’s probably fine.”

Microsoft’s June 2026 update has redefined the desktop.ini—from a helpful configuration file to a potentially hostile one. Whether the pendulum swings back toward user control depends on how loudly the community speaks up. Until then, the humble custom folder icon remains a casualty of digital self-defense.