Are there any negative effects of disabling the Last Access timestamp?

In Windows, you can disable the last accessed timestamp by setting NtfsDisableLastAccessUpdate to 1, for instance by executing this from the command line (the computer must be restarted before it takes effect):

fsutil behavior set disablelastaccess 1

I want to do so there is less disk activity on c:\$logfile.

Might this cause any negative effects or problems?


You wouldn't be able to tell if someone else was reading your files - for example if you had some sensitive data.

I can't think of an OS level command that would need last accessed. Backups check last modified and date created for example. But see @mythokia's answer for one case that might.

Given that it's disabled by default in Windows 7 (thanks @AndrejaKo) and Vista that indicates that (unless there are other changes to compensate) it's OK to turn it off.

I've just thought of a reason why it might be disabled in the new OSes. These have the new Windows Search installed by default. This scans the selected directories for changes and re-indexes new and changed files. This would have written lots of events to the log which might be a reason for disabling it. There's more information on why they stopped updating the Last Access time from Vista onwards in MSDN blog post Why doesn't the file system have a function that tells you the number of files in a directory?.


Some defragmentation programs do use last access as one of the variables of their algorithms. An example would be O&O Defrag.