Controlled Folder Access in Windows helps protect important files from ransomware and unauthorized changes. You can manage this feature using the Windows Security app, PowerShell, or Group Policy depending on your edition. Here’s a clean breakdown of each method.
Method 1: Windows Security App
Use the graphical interface to toggle Controlled Folder Access.
Steps
- Open Windows Security.
- Press Windows Key + I to open Settings.
- Go to Privacy & Security > Windows Security.
- Click Open Windows Security.
- Select Virus & threat protection.
- Click Manage ransomware protection.
- Toggle Controlled folder access.
- Set to On to enable.
- Set to Off to disable.
- Confirm with Yes if prompted by User Account Control.
Method 2: PowerShell
Use PowerShell commands to configure Controlled Folder Access.
Commands
Enable:
Set-MpPreference -EnableControlledFolderAccess Enabled
Disable:
Set-MpPreference -EnableControlledFolderAccess Disabled
Audit Mode (logs events without blocking):
Set-MpPreference -EnableControlledFolderAccess AuditMode
Method 3: Group Policy (Windows Pro, Enterprise, Education)
Use Group Policy for centralized configuration.
Steps
- Press Windows Key + R, type gpedit.msc, and press Enter.
- Navigate to:
- Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Controlled folder access
- Double-click Configure Controlled folder access.
- Choose:
- Enabled and set to Block to turn it on.
- Enabled and set to Disable to turn it off.
- Not Configured to use default behavior.
- Click Apply and OK.
Managing Controlled Folder Access in Windows ensures your files remain protected against ransomware and unauthorized changes. Use the Windows Security app for quick toggles, PowerShell for scripting, or Group Policy for enterprise-level control.
Tags
Windows