Ensuring System Integrity: Enabling Controlled Access in Windows

Ensuring System Integrity: Enabling Controlled Access in Windows

David Lv13

Ensuring System Integrity: Enabling Controlled Access in Windows

Controlled folder access is a feature of the Windows Security antivirus app on Microsoft desktop platforms. That feature forestalls ransomware by preventing modifications to files in protected folders. Enabling controlled folder access prevents untrusted apps, malware or otherwise, from changing files within protected directories.

Controlled folder access is an extra security feature in Windows 10 and 11 that some users appreciate. Ransomware isn’t something to be taken lightly, and enabling that feature will keep system and user files extra safe. These are four ways you can enable controlled folder access in Windows.

Disclaimer: This post includes affiliate links

If you click on a link and make a purchase, I may receive a commission at no extra cost to you.

How to Turn On Controlled Folder Access in Windows Security

The Controlled folder access setting is buried within ransomware protection in the Windows Security app. However, it’s easy to find and turn that option on/off when you know where it is. This is how to turn on the Windows Security’s app Controlled folder access option.

  1. To view the Windows Security app, double-click its shield system tray icon.
  2. Select Windows Security’sVirus & threat protection tab.
    The Manage ransomware protection
  3. ClickManage ransomware protection to reach theControlled folder access setting.
    The Controlled folder access option
  4. Now turn on theControlled folder access option to enable that feature.

Controlled folder access protects your Documents, Videos, Pictures, and Music user folders when enabled. To view the list of protected user directories, clickProtected folder . You can add more to the list by clicking theAdd protected folder button, choosing a directory, and clickingSelect Folder .

The Add a protected folder button

How to Turn on Controlled Folder Access With PowerShell

Windows PowerShell gives you an alternative method to enable and disable controlled folder access by executing commands. You can turn on controlled folder access with PowerShell as follows:

  1. To activate a file search tool, pressWin + S .
  2. InputPowerShell within the activated search utility.
  3. Open PowerShell in an elevated mode by selectingRun as administrator .
  4. To enable controlled folder access, input this command text and hitEnter :
    Set-MpPreference -EnableControlledFolderAccess Enabled
    The enable controlled folder access command
  5. You can disable controlled folder access by executing this command:
    Set-MpPreference -EnableControlledFolderAccess Disabled

How to Enable Controlled Folder Access With Group Policy Editor

If you have Windows 11 Pro or Enterprise edition, you can enable controlled folder access with Group Policy Editor. Group Policy Editor also includes some extra configuration settings for controlled folder access, which is a bonus. This is how to turn on controlled folder access via GPE.

If you’re on Windows Home, the Group Policy Editor won’t appear by default. Check outhow to access the Group Policy Editor in Windows Home to get around this.

  1. Bring up the search tool in Windows and entergpedit.msc there.

  2. Selectgpedit.msc tobring up the Group Policy Editor .

  3. ClickComputer Configuration >Administrative Templates inside Group Policy Editor’s left pane.
    Administrative Templates in Group Policy Editor

  4. Double-clickWindows Components to expand it.

  5. Click the arrows for expandingMicrosoft Defender Antivirus andMicrosoft Defender Exploit Guard .

  6. SelectControlled Folder Access to view policy settings for that feature.

  7. Then double-clickConfigure Controlled folder access to view that setting’s window.
    The Controlled Folder Access policy in Group Policy Editor

  8. Select the Configure Controlled folder access window’sEnabled radio button.

  9. ClickBlock on the drop-down menu to select the strictest CFA mode. However, you can also select alternativeAudit Mode ,Block disk notification only , andAudit disk notification only options for enabling controlled folder access.
    The Configure the guard my folders feature drop-down menu

  10. SelectApply in the Configure Controlled folder access window.

  11. Click the Configure Controlled folder access window’sOK button.

How to Turn on Controlled Folder Access From the Windows Context Menu

Alternatively, you can create a context menu shortcut for enabling/disabling controlled folder access. Then you’ll be able to access a Turn on Control folder access setting directly from the desktop area of Windows. You can add such a CFA option to the right-click menu by setting up and running a registry script like this:

  1. Open Notepad.
  2. Then select this script text, and press theCtrl +C key combination:
    `Windows Registry Editor Version 5.00

; Created by: Shawn Brink

; Created on: July 19th 2018

; Tutorial: https://www.tenforums.com/tutorials/114389-add-turn-off-controlled-folder-access-context-menu-windows-10-a.html

[HKEY_CLASSES_ROOT\DesktopBackground\Shell\ControlledFolderAccess]

“HasLUAShield”=””

“Icon”=”%ProgramFiles%\Windows Defender\EppManifest.dll,-101”

“MUIVerb”=”Turn On or Off Control folder access”

“Position”=”Bottom”

“SubCommands”=””

[HKEY_CLASSES_ROOT\DesktopBackground\Shell\ControlledFolderAccess\shell\001flyout]

“MUIVerb”=”Turn on Control folder access”

“HasLUAShield”=””

“Icon”=”%ProgramFiles%\Windows Defender\EppManifest.dll,-101”

[HKEY_CLASSES_ROOT\DesktopBackground\Shell\ControlledFolderAccess\shell\001flyout\command]

@=”PowerShell -windowstyle hidden -Command "Start-Process cmd -ArgumentList ‘/s,/c,start PowerShell.exe Set-MpPreference -EnableControlledFolderAccess Enabled’ -Verb RunAs"“

[HKEY_CLASSES_ROOT\DesktopBackground\Shell\ControlledFolderAccess\shell\002flyout]

“MUIVerb”=”Turn off Control folder access”

“HasLUAShield”=””

“Icon”=”%ProgramFiles%\Windows Defender\EppManifest.dll,-101”

[HKEY_CLASSES_ROOT\DesktopBackground\Shell\ControlledFolderAccess\shell\002flyout\command]

@=”PowerShell -windowstyle hidden -Command "Start-Process cmd -ArgumentList ‘/s,/c,start PowerShell.exe Set-MpPreference -EnableControlledFolderAccess Disabled’ -Verb RunAs"“`
3. Paste that script into Notepad by clicking in that app’s window and pressingCtrl +V .
The controlled folder access registry script
4. Next, pressCtrl +Shift +S to view Notepad’s “Save as” window.
5. Set theSave as type option toAll files .
The All files option

  1. TypeTurn on Control folder access.reg inside the file name box.
  2. Select to save the script to the desktop location.
  3. ClickSave to add theTurn on Control folder access registry file to the desktop.
  4. Close the Notepad editor, and double-click theTurn on Control folder access.reg file on the desktop.
    The registry script confirmation dialog
  5. SelectYes to confirm you trust the script.

Now you can enable controlled folder access from the Windows context menu.

Right-click any clear area of the desktop and selectShow more options on Windows’ context menu. Move the cursor over theTurn On or Off Control folder access submenu. ClickTurn on Control folder access to enable that Windows Security feature.

If you ever want to remove the controlled folder access context menu option, you can do so by deleting the registry key for it. This is how to delete the key for theTurn On or Off Control folder access submenu:

  1. Launch the Registry Editor (our guide foropening the Regedit registry app includes various methods).
  2. Go to this registry key location:
    HKEY_CLASSES_ROOT\DesktopBackground\Shell\ControlledFolderAccess
  3. Right-click the Controlled Folder Access key to selectDelete .
    The Delete key option
  4. ClickYes to erase that key.

How to Set Controlled Folder Access Exceptions

The problem with controlled folder access is that it can stop legitimate apps from accessing required files when they need to. That can be an especially big issue for Windows gaming since untrusted games often can’t save progress with controlled folder access enabled. In-game settings can also reset when that feature is turned on.

Fortunately, controlled folder access has an exclusion (exception) list for adding trusted apps. It won’t block any trusted apps on that list from modifying files within protected folders. You can add software to the CFA exclusion list as follows:

  1. Bring up theControlled folder access setting in Windows Security as covered in steps one to three of the first method above.
  2. Click the Allow an app through Controlled folder access navigation link.
  3. Press the+ Add an allowed app button.
    The Add an allowed app button
  4. ClickBrowse all apps on the menu that appears.
    The Browse all apps option
  5. Select the EXE (application) file for a game or other software you want to exclude from controlled folder access.
  6. ClickOpen to add the selected game or software.

Enable Controlled Folder Access for Greater Ransomware Protection

Turning on controlled folder access in Windows 10 and 11 with the above methods will give files on your PC an extra layer of protection from malware. It makes little difference how you enable that feature, but you can select more configuration options by using Group Policy Editor. Adding controlled folder access context menu settings also gives you a more direct way to toggle that feature on/off as required.

Also read:

  • Title: Ensuring System Integrity: Enabling Controlled Access in Windows
  • Author: David
  • Created at : 2024-11-24 20:23:50
  • Updated at : 2024-11-27 23:53:18
  • Link: https://win11.techidaily.com/ensuring-system-integrity-enabling-controlled-access-in-windows/
  • License: This work is licensed under CC BY-NC-SA 4.0.