XP My Network Places access right

I'm using WinXP and have several computer connected through a router.

How do I prevent people from viewing the shared directories?

I don't want everybody on the network be able to see each other's shared directory, they need to enter some kind of access password (set by the owner of the shared directory) or being granted the access right by the administrator in order to do so.

Can this be done?
jay28leeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

abu_deepCommented:
With Microsoft Windows XP, you can share files and documents with other users on your computer and with other users on a network. There is a new user interface (UI) named Simple File Sharing and a new Shared Documents feature. This article describes the new file sharing UI and discusses the following topics:

http://support.microsoft.com/default.aspx?scid=kb;en-us;304040

but in short With file sharing in Windows XP, you can configure five levels of permissions. Level 1 is the most private and secure setting, and Level 5 is the most public and changeable (non-secure) setting. You can configure Levels 1, 2, 4, and 5 by using the Simple File Sharing UI. To do this, right-click the folder, and then click Sharing and Security to open the Simple File Sharing UI. To configure Level 3, copy a file or folder into the Shared Documents folder under My Computer. This configuration does not change when you turn on or turn off Simple File Sharing.

• Level 1: My Documents (Private)
 
• Level 2: My Documents (Default)
 
• Level 3: Files in shared documents available to local users
 
• Level 4: Shared Files on the Network (Readable by Everyone)
 
• Level 5: Shared Files on the Network (Readable and Writable by Everyone)


NOTES

• By default, files that are stored in My Documents are at Level 2.
• Levels 1, 2, and 3 folders are available only to a user who is logging on locally. Users who log on locally include a user who logs on to a Windows XP Professional-based computer from a Remote Desktop (RDP) session.
• Levels 4 and 5 folders are available to users who log on locally and remote users from the network
======================================================
Level 1: My Documents (Private)
The owner of the file or folder has read and write permission to the file or folder. Nobody else may read or write to the folder or the files in it. All subfolders that are contained in a folder that is marked as private remain private unless you change the parent folder permissions.

If you are a Computer Administrator and create a user password for your account by using the User Accounts Control Panel tool, you are prompted to make your files and folder private.

Note The option to make a folder private (Level 1) is only available to a user account in its own My Documents folder.

To configure a folder and all the files in it to Level 1, follow these steps: 1. Right-click the folder, and then click Sharing and Security.
2. Select the Make this Folder Private check box, and then click OK.
Local NTFS Permissions: • Owner: Full Control
• System: Full Control
Network Share Permissions: • Not Shared
==================================================
Level 2 (Default): My Documents (Default)
The owner of the file or folder and local Computer Administrators have read and write permission to the file or folder. Nobody else may read or write to the folder or the files in it. This is the default setting for all the folders and files in each user's My Documents folder.

To configure a folder and all the files in it to Level 2, follow these steps: 1. Right-click the folder, and then click Sharing and Security.
2. Make sure that both the Make this Folder Private and the Share this folder on the network check boxes are cleared, and then click OK.
Local NTFS Permissions: • Owner: Full Control
• Administrators: Full Control
• System: Full Control
Network Share Permissions: • Not Shared
==================================================
Level 3: Files in shared documents available to local users
Files are shared with users who log on to the computer locally. Local Computer Administrators can read, write, and delete the files in the Shared Documents folder. Restricted Users can only read the files in the Shared Documents folder. In Windows XP Professional, Power Users may also read, write, or delete any files in the Shared Documents Folder. The Power Users group is only available in Windows XP Professional. Remote users cannot access folders or files at Level 3. To permit remote users to access files, you must share them out on the network (Level 4 or 5).

To configure a file or a folder and all the files in it to Level 3, start Microsoft Windows Explorer, and then copy or move the file or folder to the Shared Documents folder under My Computer.

Local NTFS Permissions:• Owner: Full Control  
• Administrators: Full Control
• Power Users: Change
• Restricted Users: Read
• System: Full Control
Network Share Permissions: • Not Shared
==================================================
Level 4: Shared on the Network (Read Only)
Files are shared for everyone to read on the network. All local users, including the Guest account, can read the files, but they cannot modify the contents. Any user can read and change your files.

To configure a folder and all the files in it to Level 4, follow these steps:1. Right-click the folder, and then click Sharing and Security.
2. Click to select the Share this folder on the network check box
3. Click to clear the Allow network users to change my files check box, and then click OK.
Local NTFS Permissions: • Owner: Full Control  
• Administrators: Full Control
• System: Full Control
• Everyone: Read
Network Share Permissions: • Everyone: Read
==================================================
Level 5: Shared on the network (Read and Write)
This level is the most available and least secure access level. Any user (local or remote) can read, write, change, or delete a file in a folder shared at this access level. Microsoft recommends that this level be used only for a closed network that has a firewall configured. All local users including the Guest account can also read and modify the files.

To configure a folder and all the files in it to Level 5, follow these steps:1. Right-click the folder, and then click Sharing and Security
2. Click to select the Share this folder on the network check box, and then click OK.
Local NTFS Permissions: • Owner: Full Control  
• Administrators: Full Control
• System: Full Control
• Everyone: Change
Network Share Permissions: • Everyone: Full Control
Note All NTFS permissions that refer to Everyone include the Guest account.

All the levels that this article describes are mutually exclusive. Private folders (Level 1) cannot be shared unless they are no longer private. Shared folders (Level 4 and 5) cannot be made private until they are unshared.

If you create a folder in the Shared Documents folder (Level 3), share it on the network, and then permit network users to change your files (Level 5), the permissions for Level 5 are effective for the folder, the files in that folder, and the child folders. The other files and folders in the Shared Documents folder remain configured at Level 3.

Note The only exception is if you have a folder (SampleSubFolder) that is shared at Level 4 inside a folder (SampleFolder) that is shared at Level 5. Remote users have the correct access level to each of the shared folders. Locally logged-on users have writable (Level 5) permissions to the parent (SampleFolder) and child (SampleSubFolder) folders.
Guidelines
Microsoft recommends that you only share folders on the network that remote users on other computers must access. Microsoft recommends that you do not share the root of your system drive. When you do this your computer is more vulnerable to malicious remote users. The Sharing tab of the drive's Properties dialog box contains a warning when you try to share a root folder (for example, C:\). To continue, you must click the If you understand the risk but still want to share the root of the drive, click here link. Only computer administrators can share the root of the drive.

Files on a read-only device such as a CD-ROM shared at Level 4 or 5 are only available if the CD-ROM is in the CD-ROM drive. Any CD-ROM that is in the CD-ROM drive is available to all users on the network.

A file's permission may differ from the containing folder if one of the following conditions is true: • You use the move command at a command prompt to move a file into the folder from a folder on the same drive that has different permissions.
• You use a script to move the file into the folder from a folder on the same drive that has different permissions.
• You run Cacls.exe at a command prompt or a script to change file permissions.  
• Files existed on the hard disk before you installed Windows XP.
• You changed a file's permissions while Simple File Sharing was turned off on Windows XP Professional.
Note NTFS permissions are not maintained on file move operations when you use Windows Explorer with Simple File Sharing turned on.

If you turn on and turn off Simple File Sharing, the permissions on files are not changed. The NTFS and share permissions do not change until you change the permissions in the interface. If you set the permissions with Simple File Sharing enabled, only Access Control Entries (ACEs) on files that are used for Simple File Sharing are affected. The following ACEs in the Access Control List (ACL) of the files or folders are affected by the Simple File Sharing interface: • Owner
• Administrators
• Everyone
• System

0
jay28leeAuthor Commented:
This "Simple File Sharing" doesn't really solve my problem.  Is there a "Complicated" File Sharing scheme available?

I'm sharing folders in some of my root directories of C and D drives, and I only want to allow user to know the access password to be able to view and access the content.

For example, I would like to achieve the following, assume all of the computers are of the same workgroup:

CPU1:
Shared: C:\C1_Data C:\C1_Content D:\C1_Info

CPU2:
Shared: C:\C2_Data C:\C2_Content D:\C2_Info

CPU3:
Under "View Workgroup Computers", CPU3 can see CPU1, CPU2, and CPU3, but when CPU3 want to see the shared content of CPU1 and CPU2, a dialog window will prompt for access password.  Only if the password is matched, otherwise CPU3 won't be able to see the shared content (even the shared direcories names) on CPU1 and CPU2.
0
abu_deepCommented:
try to make  identical username/passwords set on all machines
in other word

for your scenario : on pc 1 and pc 2  you must have a user name of pc 3

but don't forget to check Local Security Settings, Network access: Sharing and security model for local accounts.  This may be set to (default) Guest only - local users authenticate as Guest.  Change this to Classic: local users authenticate as themselves.

Start/run: gpedit.msc
   Local Computer Policy
     Computer Configuration
      +Windows Settings
         +Security Settings
           +Local Policies
             +Security Options
         
          Double-click on Network Access:Sharing and Security Model for local accounts--
                 --change to "Classic - local users authenticate as themselves"

FOR HOME USERS ONLY WHEN ALL ELSE FAILS:
Look for and set these properties as shown also

Network access: Allow anonymous SID/Name translation     ==> Enabled
Network access: Do not allow anonymous enumeration of SAM accounts     ==> Disabled
Network access: Do not allow anonymous enumeration of SAM accounts and shares          ==> Disabled
Network access: Let Everyone permissions apply to anonymous users     ==>      Enabled

( u have to apply this for you pc1 and pc2 at least )

And then instead of simple share on pc2 and pc 1 try to assign a permission for user name of pc 3…and don't forget to use ntfs format for your local drivers of both pc1 and pc2 in order to gain more access permissions levels…

And then u should be good..
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.