Главная » Linux

Windows folder properties security

Содержание
  1. Protect important folders with controlled folder access
  2. What is controlled folder access?
  3. How does controlled folder access work?
  4. Why controlled folder access is important
  5. Windows system folders are protected by default
  6. Requirements for controlled folder access
  7. Review controlled folder access events in the Microsoft Defender Security Center
  8. Review controlled folder access events in Windows Event Viewer
  9. View or change the list of protected folders
  10. Применение базовой политики аудита к файлу или папке Apply a basic audit policy on a file or folder
  11. Give permissions to files and folders in Windows 10
  12. Replies (24) 

Protect important folders with controlled folder access

Applies to:

What is controlled folder access?

Controlled folder access helps protect your valuable data from malicious apps and threats, such as ransomware. Controlled folder access protects your data by checking apps against a list of known, trusted apps. Supported on Windows Server 2019 and Windows 10 clients, controlled folder access can be turned on using the Windows Security App, Microsoft Endpoint Configuration Manager, or Intune (for managed devices).

Scripting engines are not trusted and you cannot allow them access to controlled protected folders. For example, PowerShell is not trusted by controlled folder access, even if you allow with certificate and file indicators.

Controlled folder access works best with Microsoft Defender for Endpoint, which gives you detailed reporting into controlled folder access events and blocks as part of the usual alert investigation scenarios.

Controlled folder access blocks don’t generate alerts in the Alerts queue. However, you can view information about controlled folder access blocks in the device timeline view, while using advanced hunting, or with custom detection rules.

How does controlled folder access work?

Controlled folder access works by only allowing trusted apps to access protected folders. Protected folders are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, and so on, are included in the list of controlled folders.

Controlled folder access works with a list of trusted apps. Apps that are included in the list of trusted software work as expected. Apps that are not included in the list are prevented from making any changes to files inside protected folders.

Apps are added to the list based upon their prevalence and reputation. Apps that are highly prevalent throughout your organization and that have never displayed any behavior deemed malicious are considered trustworthy. Those apps are added to the list automatically.

Apps can also be added manually to the trusted list by using Configuration Manager or Intune. Additional actions, such as adding a file indicator for an app, can be performed from the Security Center Console.

Why controlled folder access is important

Controlled folder access is especially useful in helping to protect your documents and information from ransomware. In a ransomware attack, your files can get encrypted and held hostage. With controlled folder access in place, a notification appears on the computer where an app attempted to make changes to a file in a protected folder. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.

The protected folders include common system folders (including boot sectors), and you can add more folders. You can also allow apps to give them access to the protected folders.

Читайте также:  Restore from windows backup server

You can use audit mode to evaluate how controlled folder access would impact your organization if it were enabled. You can also visit the Windows Defender Test ground website at demo.wd.microsoft.com to confirm the feature is working and see how it works.

Controlled folder access is supported on the following versions of Windows:

Windows system folders are protected by default

Windows system folders are protected by default, along with several other folders:

  • c:\Users\ \Documents
  • c:\Users\Public\Documents
  • c:\Users\ \Pictures
  • c:\Users\Public\Pictures
  • c:\Users\Public\Videos
  • c:\Users\ \Videos
  • c:\Users\ \Music
  • c:\Users\Public\Music
  • c:\Users\ \Favorites

You can configure additional folders as protected, but you cannot remove the Windows system folders that are protected by default.

Requirements for controlled folder access

Review controlled folder access events in the Microsoft Defender Security Center

Defender for Endpoint provides detailed reporting into events and blocks as part of its alert investigation scenarios.

You can query Microsoft Defender for Endpoint data by using Advanced hunting. If you’re using audit mode, you can use advanced hunting to see how controlled folder access settings would affect your environment if they were enabled.

Review controlled folder access events in Windows Event Viewer

You can review the Windows event log to see events that are created when controlled folder access blocks (or audits) an app:

  1. Download the Evaluation Package and extract the file cfa-events.xml to an easily accessible location on the device.
  2. Type Event viewer in the Start menu to open the Windows Event Viewer.
  3. On the left panel, under Actions, select Import custom view. .
  4. Navigate to where you extracted cfa-events.xml and select it. Alternatively, copy the XML directly.
  5. Select OK.

The following table shows events related to controlled folder access:

Event ID Description
5007 Event when settings are changed
1124 Audited controlled folder access event
1123 Blocked controlled folder access event

View or change the list of protected folders

You can use the Windows Security app to view the list of folders that are protected by controlled folder access.

  1. On your Windows 10 device, open the Windows Security app.
  2. Select Virus & threat protection.
  3. Under Ransomware protection, select Manage ransomware protection.
  4. If controlled folder access is turned off, you’ll need to turn it on. Select protected folders.
  5. Do one of the following steps:
    • To add a folder, select + Add a protected folder.
    • To remove a folder, select it, and then select Remove.

Windows system folders are protected by default, and you cannot remove them from the list.

Применение базовой политики аудита к файлу или папке Apply a basic audit policy on a file or folder

Область применения Applies to

Политики аудита можно применять к отдельным файлам и папок на компьютере, задав тип разрешения для записи успешных попыток доступа или неудачных попыток доступа в журнале безопасности. You can apply audit policies to individual files and folders on your computer by setting the permission type to record successful access attempts or failed access attempts in the security log.

Для выполнения этой процедуры необходимо войти в систему в качестве члена встроенной группы администраторов или иметь права на управление аудитом и журналом безопасности. To complete this procedure, you must be signed in as a member of the built-in Administrators group or have Manage auditing and security log rights.

Применение или изменение параметров политики аудита для локального файла или папки To apply or modify auditing policy settings for a local file or folder

Выберите и удерживайте (или щелкните правой кнопкой мыши) **** файл или папку, для аудита, выберите «Свойства», а затем выберите вкладку «Безопасность». Select and hold (or right-click) the file or folder that you want to audit, select Properties, and then select the Security tab.

Выберите «Дополнительные». Select Advanced.

В диалоговом окне «Дополнительные **** параметры безопасности» выберите вкладку «Аудит» и выберите «Продолжить». In the Advanced Security Settings dialog box, select the Auditing tab, and then select Continue.

Выполните одно из следующих действий. Do one of the following:

  • Чтобы настроить аудит для нового пользователя или группы, выберите «Добавить». To set up auditing for a new user or group, select Add. Select Select a principal, type the name of the user or group that you want, and then select OK. Select Select a principal, type the name of the user or group that you want, and then select OK.
  • Чтобы удалить аудит для существующей группы или пользователя, выберите группу или имя пользователя, выберите «Удалить», ****»ОК» и пропустите остальную часть этой процедуры. To remove auditing for an existing group or user, select the group or user name, select Remove, select OK, and then skip the rest of this procedure.
  • Чтобы просмотреть или изменить аудит для существующей группы или пользователя, выберите ее имя и выберите «Изменить». To view or change auditing for an existing group or user, select its name, and then select Edit.

В поле «Тип» указать действия, которые необходимо проверить, выбрав соответствующие флажки: In the Type box, indicate what actions you want to audit by selecting the appropriate check boxes:

  • Для аудита успешных событий выберите «Успешно». To audit successful events, select Success.
  • Для аудита событий сбоя выберите «Сбой». To audit failure events, select Fail.
  • Для аудита всех событий выберите «Все». To audit all events, select All.

В поле «Применяется к» выберите объекты, к которым будет применяться аудит событий. In the Applies to box, select the object(s) to which the audit of events will apply. К ним можно отнести следующие. These include:

  • Только эта папка This folder only
  • Эта папка, вложенные папки и файлы This folder, subfolders and files
  • Эта папка и вложенные папки This folder and subfolders
  • Эта папка и файлы This folder and files
  • Только в папки и файлы Subfolders and files only
  • Только в подкаченики Subfolders only
  • Только файлы Files only

По умолчанию для аудита выбраны следующие базовые разрешения: By default, the selected Basic Permissions to audit are the following:

  • Чтение и выполнение Read and execute
  • Список содержимого папки List folder contents
  • Read Read
  • Кроме того, с помощью выбранного сочетания аудита можно выбрать любое сочетание следующих разрешений: Additionally, with your selected audit combination, you can select any combination of the following permissions:
    • Полный контроль Full control
    • Изменение Modify
    • Write Write

Перед тем как настроить аудит файлов и папок, необходимо включить аудит доступа к объектам. Before you set up auditing for files and folders, you must enable object access auditing. Для этого определите параметры политики аудита для категории событий доступа к объектам. To do this, define auditing policy settings for the object access event category. Если не включить аудит доступа к объекту, при настройках аудита файлов и папок вы получите сообщение об ошибке, и никакие файлы и папки не будут проверяться. If you don’t enable object access auditing, you’ll receive an error message when you set up auditing for files and folders, and no files or folders will be audited.

Give permissions to files and folders in Windows 10

Original title: REad only

Windows 10 has set all my files and folders to read only. I am not able to turn this off. Is there a trick to this as right clicking and unchecking read only I get you need admin rights message and it doesn’t work. This is causing some games and programs I have to not work correctly.

Replies (24) 

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Thank you for posting in Microsoft Community. I understand your concern and I’ll be glad to assist you.

Please follow through.

    In Windows Explorer, right-click the file or folder you want to work with.

From the pop-up menu, select Properties, and then in the Properties dialog box click the Security tab.

In the Name list box, select the user, contact, computer, or group whose permissions you want to view. If the permissions are dimmed, it means the permissions are inherited from a parent object.

Turn off UAC (User Account Control)

Before you can do anything, you must turn off the UAC, or you will be locked out of the following steps.

1) Start -> Settings -> Control Panel -> User Accounts
2) Click «Change User Account Control Settings»
3) Move slider all the way down to «Never Notify»
4) Reboot

2) Take Ownership

Yes take ownership. Even though you are logged on as an Administrator, you can’t change files that don’t belong to you. The Program Files folder is set to the Trusted Installer group and the Administrator doesn’t have the rights to change anything. So now we have to claim all the files and folders.

1) Open Windows Explorer
2) R-Click on Program Files -> Properties -> Security Tab
3) Click Advanced -> Owner
4) Click Edit
5) Select Administrators -> Put a checkmark in Replace owner on subcontainers & objects -> Apply
6) Wait a while.
7) When it finishes, Click OK on all boxes to close everything

3) Fix Permissions

Now that you own the files, you have to give yourself permission to modify them

1) R-Click on Program Files -> Properties -> Security Tab
2) Click Advanced -> Change Permission
3) Select Administrators (any entry) -> Edit
4) Change the Apply To drop down box to This Folder, Subfolder & Files
5) Put check in Full Control under Allow column -> OK -> Apply
6) Wait some more.
7) When it finishes, the dialog boxes may hide behind the Explorer window. Minimize it and click OK on all the the dialog boxes

Hope this post helps. Get back to us for further queries. We are happy to help.

Читайте также:  Olympus image share для windows
Оцените статью
© 2024 Советы по настройке компьютера