Geek Rewind

How to Enable or Disable Enhanced Security and Performance for batch and CMD files in Windows 11

Richard
Written byRichardTech Writer, IT Professional
Apr 17, 2026 2 min read

This tutorial shows you how to turn on or off enhanced security and performance for batch and CMD files in Windows 11.

Why Would You Want to Do This?

Starting with Windows 11 build 26220.7934 (Beta 25H2), build 26300.7939 (Dev 25H2), build 2610.8313 (RP 24H2), and build 26200.8313 (RP 25H2), Windows added a new security feature for batch files and Command Prompt scripts.

This feature makes batch files more secure. It stops batch files from changing while they’re running. This protects your computer from harmful code that tries to modify scripts during execution.

When you enable this mode, Windows only needs to check the file signature one time. Without this feature, Windows checks the signature for every single command in the batch file. This makes batch file processing faster and safer.

Policy authors can enable this mode by using the LockBatchFilesWhenInUse application manifest control, as documented in the Application Control for Business manifest schema.

What You Need

You must be signed in as an administrator to turn on or off this setting.

How to Enable or Disable This Feature

  1. [ADMIN PRIVILEGES REQUIRED] Add the following value to the Windows registry:
    • Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
    • Value name: LockBatchFilesWhenInUse
    • Type: DWORD
    • Data: Set to 0 (disabled) or 1 (enabled)

Alternatively, run the commands below on the Windows Terminal app as an administrator.

Enable:

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor" /v LockBatchFilesWhenInUse /t REG_DWORD /d 1 /f

Disable:

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor" /v LockBatchFilesWhenInUse /t REG_DWORD /d 0 /f

Summary

Windows 11 now lets administrators enable enhanced security and performance for batch and CMD files. This feature prevents batch files from changing while they run, making your system more secure. It also makes batch file processing faster because Windows only checks the file signature once instead of many times. To use this feature, you need admin access and must add a registry value called LockBatchFilesWhenInUse and set it to 1. To turn it off, set the value to 0.

Richard2452 articles

About the Author

Richard

Tech Writer, IT Professional

Richard, the owner and lead writer at Geek Rewind, is a tech enthusiast passionate about simplifying complex IT topics. His years of hands-on experience in system administration and enterprise IT operations have honed his ability to provide practical insights and solutions. Richard aims to make technology more accessible and actionable. He's deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions.

Expertise:Windows 11Ubuntu LinuxCMSApps and Browsers
View all articles by Richard →

Categories:

Tags:

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *