Ensuring System Integrity: Enabling Controlled Access in Windows
Ensuring System Integrity: Enabling Controlled Access in Windows
Controlled folder access is a feature of the Windows Security antivirus app on Microsoft desktop platforms. That feature forestalls ransomware by preventing modifications to files in protected folders. Enabling controlled folder access prevents untrusted apps, malware or otherwise, from changing files within protected directories.
Controlled folder access is an extra security feature in Windows 10 and 11 that some users appreciate. Ransomware isn’t something to be taken lightly, and enabling that feature will keep system and user files extra safe. These are four ways you can enable controlled folder access in Windows.
Disclaimer: This post includes affiliate links
If you click on a link and make a purchase, I may receive a commission at no extra cost to you.
How to Turn On Controlled Folder Access in Windows Security
The Controlled folder access setting is buried within ransomware protection in the Windows Security app. However, it’s easy to find and turn that option on/off when you know where it is. This is how to turn on the Windows Security’s app Controlled folder access option.
- To view the Windows Security app, double-click its shield system tray icon.
- Select Windows Security’sVirus & threat protection tab.
- ClickManage ransomware protection to reach theControlled folder access setting.
- Now turn on theControlled folder access option to enable that feature.
Controlled folder access protects your Documents, Videos, Pictures, and Music user folders when enabled. To view the list of protected user directories, clickProtected folder . You can add more to the list by clicking theAdd protected folder button, choosing a directory, and clickingSelect Folder .
How to Turn on Controlled Folder Access With PowerShell
Windows PowerShell gives you an alternative method to enable and disable controlled folder access by executing commands. You can turn on controlled folder access with PowerShell as follows:
- To activate a file search tool, pressWin + S .
- InputPowerShell within the activated search utility.
- Open PowerShell in an elevated mode by selectingRun as administrator .
- To enable controlled folder access, input this command text and hitEnter :
Set-MpPreference -EnableControlledFolderAccess Enabled
- You can disable controlled folder access by executing this command:
Set-MpPreference -EnableControlledFolderAccess Disabled
How to Enable Controlled Folder Access With Group Policy Editor
If you have Windows 11 Pro or Enterprise edition, you can enable controlled folder access with Group Policy Editor. Group Policy Editor also includes some extra configuration settings for controlled folder access, which is a bonus. This is how to turn on controlled folder access via GPE.
If you’re on Windows Home, the Group Policy Editor won’t appear by default. Check outhow to access the Group Policy Editor in Windows Home to get around this.
Bring up the search tool in Windows and entergpedit.msc there.
Selectgpedit.msc tobring up the Group Policy Editor .
ClickComputer Configuration >Administrative Templates inside Group Policy Editor’s left pane.
Double-clickWindows Components to expand it.
Click the arrows for expandingMicrosoft Defender Antivirus andMicrosoft Defender Exploit Guard .
SelectControlled Folder Access to view policy settings for that feature.
Then double-clickConfigure Controlled folder access to view that setting’s window.
Select the Configure Controlled folder access window’sEnabled radio button.
ClickBlock on the drop-down menu to select the strictest CFA mode. However, you can also select alternativeAudit Mode ,Block disk notification only , andAudit disk notification only options for enabling controlled folder access.
SelectApply in the Configure Controlled folder access window.
Click the Configure Controlled folder access window’sOK button.
How to Turn on Controlled Folder Access From the Windows Context Menu
Alternatively, you can create a context menu shortcut for enabling/disabling controlled folder access. Then you’ll be able to access a Turn on Control folder access setting directly from the desktop area of Windows. You can add such a CFA option to the right-click menu by setting up and running a registry script like this:
- Open Notepad.
- Then select this script text, and press theCtrl +C key combination:
`Windows Registry Editor Version 5.00
; Created by: Shawn Brink
; Created on: July 19th 2018
[HKEY_CLASSES_ROOT\DesktopBackground\Shell\ControlledFolderAccess]
“HasLUAShield”=””
“Icon”=”%ProgramFiles%\Windows Defender\EppManifest.dll,-101”
“MUIVerb”=”Turn On or Off Control folder access”
“Position”=”Bottom”
“SubCommands”=””
[HKEY_CLASSES_ROOT\DesktopBackground\Shell\ControlledFolderAccess\shell\001flyout]
“MUIVerb”=”Turn on Control folder access”
“HasLUAShield”=””
“Icon”=”%ProgramFiles%\Windows Defender\EppManifest.dll,-101”
[HKEY_CLASSES_ROOT\DesktopBackground\Shell\ControlledFolderAccess\shell\001flyout\command]
@=”PowerShell -windowstyle hidden -Command "Start-Process cmd -ArgumentList ‘/s,/c,start PowerShell.exe Set-MpPreference -EnableControlledFolderAccess Enabled’ -Verb RunAs"“
[HKEY_CLASSES_ROOT\DesktopBackground\Shell\ControlledFolderAccess\shell\002flyout]
“MUIVerb”=”Turn off Control folder access”
“HasLUAShield”=””
“Icon”=”%ProgramFiles%\Windows Defender\EppManifest.dll,-101”
[HKEY_CLASSES_ROOT\DesktopBackground\Shell\ControlledFolderAccess\shell\002flyout\command]
@=”PowerShell -windowstyle hidden -Command "Start-Process cmd -ArgumentList ‘/s,/c,start PowerShell.exe Set-MpPreference -EnableControlledFolderAccess Disabled’ -Verb RunAs"“`
3. Paste that script into Notepad by clicking in that app’s window and pressingCtrl +V .
4. Next, pressCtrl +Shift +S to view Notepad’s “Save as” window.
5. Set theSave as type option toAll files .
- TypeTurn on Control folder access.reg inside the file name box.
- Select to save the script to the desktop location.
- ClickSave to add theTurn on Control folder access registry file to the desktop.
- Close the Notepad editor, and double-click theTurn on Control folder access.reg file on the desktop.
- SelectYes to confirm you trust the script.
Now you can enable controlled folder access from the Windows context menu.
Right-click any clear area of the desktop and selectShow more options on Windows’ context menu. Move the cursor over theTurn On or Off Control folder access submenu. ClickTurn on Control folder access to enable that Windows Security feature.
If you ever want to remove the controlled folder access context menu option, you can do so by deleting the registry key for it. This is how to delete the key for theTurn On or Off Control folder access submenu:
- Launch the Registry Editor (our guide foropening the Regedit registry app includes various methods).
- Go to this registry key location:
HKEY_CLASSES_ROOT\DesktopBackground\Shell\ControlledFolderAccess
- Right-click the Controlled Folder Access key to selectDelete .
- ClickYes to erase that key.
How to Set Controlled Folder Access Exceptions
The problem with controlled folder access is that it can stop legitimate apps from accessing required files when they need to. That can be an especially big issue for Windows gaming since untrusted games often can’t save progress with controlled folder access enabled. In-game settings can also reset when that feature is turned on.
Fortunately, controlled folder access has an exclusion (exception) list for adding trusted apps. It won’t block any trusted apps on that list from modifying files within protected folders. You can add software to the CFA exclusion list as follows:
- Bring up theControlled folder access setting in Windows Security as covered in steps one to three of the first method above.
- Click the Allow an app through Controlled folder access navigation link.
- Press the+ Add an allowed app button.
- ClickBrowse all apps on the menu that appears.
- Select the EXE (application) file for a game or other software you want to exclude from controlled folder access.
- ClickOpen to add the selected game or software.
Enable Controlled Folder Access for Greater Ransomware Protection
Turning on controlled folder access in Windows 10 and 11 with the above methods will give files on your PC an extra layer of protection from malware. It makes little difference how you enable that feature, but you can select more configuration options by using Group Policy Editor. Adding controlled folder access context menu settings also gives you a more direct way to toggle that feature on/off as required.
Also read:
- [Updated] Ditching Vimeo The Ultimate List of Excellent Alternatives
- 2024 Approved From Raw to Refined The Essential Guide to Podcast Editing with GarageBand
- Delete Gmail Account With/Without Password On OnePlus 11 5G
- Expand Your Windows Experience with the New Start11 Start Menu for ARM-Based Computers
- Expert Tips: Cracking Credential Vault Code
- Forgotten The Voicemail Password Of Vivo Y100A? Try These Fixes
- How to Unlock and Fix Frozen Screensaver on PC
- Is AppleCare+ Really Worth It?
- Seamless File Merging Techniques for Modern Windows Users
- Steam Presents: The Perfect Seasonal Video Games
- The Definitive Guide to Eliminating Chrome's Flickering Problem on Your PC
- Unblocking Access: Adobe PS Not Opening in Latest Windows
- What's Delayed: Immortals Fenyx Rising Release Solved
- Win Users' Picks: Optimal Torrent Tools
- Title: Ensuring System Integrity: Enabling Controlled Access in Windows
- Author: David
- Created at : 2024-11-24 20:23:50
- Updated at : 2024-11-27 23:53:18
- Link: https://win11.techidaily.com/ensuring-system-integrity-enabling-controlled-access-in-windows/
- License: This work is licensed under CC BY-NC-SA 4.0.