After installing the May 2023 Windows 11 update (KB5089549), some users noticed a new folder named "SecureBoot" inside the Windows system directory. This addition has raised questions, especially since the same update has caused installation issues on certain machines. The folder's purpose, however, is directly linked to an important security measure: Secure Boot certificates are set to expire in June 2023. Microsoft is proactively distributing new certificates via Windows Update, and this folder plays a role in helping IT professionals manage that process. Below, we answer common questions about this folder, its contents, and what it means for different types of users.
What Is the SecureBoot Folder in Windows 11?
The SecureBoot folder appears under C:\Windows on devices that receive the May 2023 cumulative update. It is not a sign of malware or a system glitch; rather, it's a legitimate directory added by Microsoft. The folder contains sample scripts designed to help organizations monitor and automate the deployment of updated Secure Boot certificates. While home users may notice it, the folder itself is passive—it doesn't run any processes or change system behavior on its own. Its primary audience is IT professionals who manage multiple devices within a corporate network.
Why Did Microsoft Add This Folder Now?
Secure Boot certificates are cryptographic keys that verify the integrity of the boot process, protecting against rootkits and low-level malware. These certificates have an expiration date, and the current set is due to expire in June 2023. If a system continues using outdated certificates after that point, Secure Boot will no longer function, leaving the PC more vulnerable to attacks. To prevent this, Microsoft is rolling out new certificates through Windows Update. The SecureBoot folder was added to assist IT admins in verifying and pushing these updates across their organization efficiently, especially in environments where manual updates are impractical.
What Scripts Are Inside the SecureBoot Folder?
According to Microsoft's support documentation, the folder includes example scripts intended for IT professionals. These scripts can detect the current status of Secure Boot certificate updates on each machine and automate the deployment of new certificates. They are designed to work with a safe rollout mechanism in Active Directory environments, allowing administrators to gradually push updates while monitoring for issues. The folder essentially provides a starter toolkit for enterprise management, not something the average Windows user would need to interact with. The scripts are not executed automatically; they must be run by a system administrator.
Who Should Use These Scripts?
The scripts in the SecureBoot folder are specifically aimed at organizations with IT staff who actively manage updates across a fleet of devices. In a business or school setting, hundreds or thousands of computers may need certificate updates simultaneously. The scripts help automate this process, reducing manual work and ensuring all machines stay protected. For individual home users, the scripts are irrelevant—you don't need to run them, install anything extra, or even open the folder. Microsoft states the folder is for "eligible devices," meaning those with the right system architecture and update level, but the scripts themselves are optional tools for enterprise use.
Do Home Users Need to Do Anything With the SecureBoot Folder?
No, home users can safely ignore the SecureBoot folder. It does not alter system performance, consume resources, or require any action. The folder's presence simply indicates that the May update was installed successfully. Microsoft has not suggested that home users should engage with the scripts, and doing so without proper knowledge could cause unintended changes. The key takeaway is to keep Windows Update running automatically, as the new Secure Boot certificates will be delivered through normal updates. As long as your system is up to date, you'll be protected after the June expiration.
Can I Delete the SecureBoot Folder?
While you might be tempted to delete the folder to free up a tiny amount of disk space, Microsoft does not recommend removal. The folder is a system component, and future Windows updates may check for its existence. If the Windows Update process expects to find the SecureBoot folder and it's missing, you could encounter unexpected error messages or update failures. The folder is harmless and negligible in size, so the safest approach is to leave it in place. Deleting it does not provide any benefit and introduces risk of update complications down the line.
What Happens If I Delete the SecureBoot Folder?
If you delete the SecureBoot folder, the immediate effect is likely nothing—your system will continue to function normally. However, during future cumulative update installations, Windows Update may look for that folder as a reference point. Its absence could trigger error codes that prevent the update from installing correctly or cause the system to flag a missing component. This is especially important because Microsoft may add more scripts or rely on this directory in upcoming releases. To avoid potential troubleshooting headaches, it's best to not delete it. If you have already removed it, consider using System File Checker (sfc /scannow) or restore from a backup to bring it back.