Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

XP My Network Places access right

Posted on 2004-11-17
3
Medium Priority
?
266 Views
Last Modified: 2012-05-05
I'm using WinXP and have several computer connected through a router.

How do I prevent people from viewing the shared directories?

I don't want everybody on the network be able to see each other's shared directory, they need to enter some kind of access password (set by the owner of the shared directory) or being granted the access right by the administrator in order to do so.

Can this be done?
0
Comment
Question by:jay28lee
  • 2
3 Comments
 
LVL 5

Assisted Solution

by:abu_deep
abu_deep earned 1600 total points
ID: 12613127
With Microsoft Windows XP, you can share files and documents with other users on your computer and with other users on a network. There is a new user interface (UI) named Simple File Sharing and a new Shared Documents feature. This article describes the new file sharing UI and discusses the following topics:

http://support.microsoft.com/default.aspx?scid=kb;en-us;304040

but in short With file sharing in Windows XP, you can configure five levels of permissions. Level 1 is the most private and secure setting, and Level 5 is the most public and changeable (non-secure) setting. You can configure Levels 1, 2, 4, and 5 by using the Simple File Sharing UI. To do this, right-click the folder, and then click Sharing and Security to open the Simple File Sharing UI. To configure Level 3, copy a file or folder into the Shared Documents folder under My Computer. This configuration does not change when you turn on or turn off Simple File Sharing.

• Level 1: My Documents (Private)
 
• Level 2: My Documents (Default)
 
• Level 3: Files in shared documents available to local users
 
• Level 4: Shared Files on the Network (Readable by Everyone)
 
• Level 5: Shared Files on the Network (Readable and Writable by Everyone)


NOTES

• By default, files that are stored in My Documents are at Level 2.
• Levels 1, 2, and 3 folders are available only to a user who is logging on locally. Users who log on locally include a user who logs on to a Windows XP Professional-based computer from a Remote Desktop (RDP) session.
• Levels 4 and 5 folders are available to users who log on locally and remote users from the network
======================================================
Level 1: My Documents (Private)
The owner of the file or folder has read and write permission to the file or folder. Nobody else may read or write to the folder or the files in it. All subfolders that are contained in a folder that is marked as private remain private unless you change the parent folder permissions.

If you are a Computer Administrator and create a user password for your account by using the User Accounts Control Panel tool, you are prompted to make your files and folder private.

Note The option to make a folder private (Level 1) is only available to a user account in its own My Documents folder.

To configure a folder and all the files in it to Level 1, follow these steps: 1. Right-click the folder, and then click Sharing and Security.
2. Select the Make this Folder Private check box, and then click OK.
Local NTFS Permissions: • Owner: Full Control
• System: Full Control
Network Share Permissions: • Not Shared
==================================================
Level 2 (Default): My Documents (Default)
The owner of the file or folder and local Computer Administrators have read and write permission to the file or folder. Nobody else may read or write to the folder or the files in it. This is the default setting for all the folders and files in each user's My Documents folder.

To configure a folder and all the files in it to Level 2, follow these steps: 1. Right-click the folder, and then click Sharing and Security.
2. Make sure that both the Make this Folder Private and the Share this folder on the network check boxes are cleared, and then click OK.
Local NTFS Permissions: • Owner: Full Control
• Administrators: Full Control
• System: Full Control
Network Share Permissions: • Not Shared
==================================================
Level 3: Files in shared documents available to local users
Files are shared with users who log on to the computer locally. Local Computer Administrators can read, write, and delete the files in the Shared Documents folder. Restricted Users can only read the files in the Shared Documents folder. In Windows XP Professional, Power Users may also read, write, or delete any files in the Shared Documents Folder. The Power Users group is only available in Windows XP Professional. Remote users cannot access folders or files at Level 3. To permit remote users to access files, you must share them out on the network (Level 4 or 5).

To configure a file or a folder and all the files in it to Level 3, start Microsoft Windows Explorer, and then copy or move the file or folder to the Shared Documents folder under My Computer.

Local NTFS Permissions:• Owner: Full Control  
• Administrators: Full Control
• Power Users: Change
• Restricted Users: Read
• System: Full Control
Network Share Permissions: • Not Shared
==================================================
Level 4: Shared on the Network (Read Only)
Files are shared for everyone to read on the network. All local users, including the Guest account, can read the files, but they cannot modify the contents. Any user can read and change your files.

To configure a folder and all the files in it to Level 4, follow these steps:1. Right-click the folder, and then click Sharing and Security.
2. Click to select the Share this folder on the network check box
3. Click to clear the Allow network users to change my files check box, and then click OK.
Local NTFS Permissions: • Owner: Full Control  
• Administrators: Full Control
• System: Full Control
• Everyone: Read
Network Share Permissions: • Everyone: Read
==================================================
Level 5: Shared on the network (Read and Write)
This level is the most available and least secure access level. Any user (local or remote) can read, write, change, or delete a file in a folder shared at this access level. Microsoft recommends that this level be used only for a closed network that has a firewall configured. All local users including the Guest account can also read and modify the files.

To configure a folder and all the files in it to Level 5, follow these steps:1. Right-click the folder, and then click Sharing and Security
2. Click to select the Share this folder on the network check box, and then click OK.
Local NTFS Permissions: • Owner: Full Control  
• Administrators: Full Control
• System: Full Control
• Everyone: Change
Network Share Permissions: • Everyone: Full Control
Note All NTFS permissions that refer to Everyone include the Guest account.

All the levels that this article describes are mutually exclusive. Private folders (Level 1) cannot be shared unless they are no longer private. Shared folders (Level 4 and 5) cannot be made private until they are unshared.

If you create a folder in the Shared Documents folder (Level 3), share it on the network, and then permit network users to change your files (Level 5), the permissions for Level 5 are effective for the folder, the files in that folder, and the child folders. The other files and folders in the Shared Documents folder remain configured at Level 3.

Note The only exception is if you have a folder (SampleSubFolder) that is shared at Level 4 inside a folder (SampleFolder) that is shared at Level 5. Remote users have the correct access level to each of the shared folders. Locally logged-on users have writable (Level 5) permissions to the parent (SampleFolder) and child (SampleSubFolder) folders.
Guidelines
Microsoft recommends that you only share folders on the network that remote users on other computers must access. Microsoft recommends that you do not share the root of your system drive. When you do this your computer is more vulnerable to malicious remote users. The Sharing tab of the drive's Properties dialog box contains a warning when you try to share a root folder (for example, C:\). To continue, you must click the If you understand the risk but still want to share the root of the drive, click here link. Only computer administrators can share the root of the drive.

Files on a read-only device such as a CD-ROM shared at Level 4 or 5 are only available if the CD-ROM is in the CD-ROM drive. Any CD-ROM that is in the CD-ROM drive is available to all users on the network.

A file's permission may differ from the containing folder if one of the following conditions is true: • You use the move command at a command prompt to move a file into the folder from a folder on the same drive that has different permissions.
• You use a script to move the file into the folder from a folder on the same drive that has different permissions.
• You run Cacls.exe at a command prompt or a script to change file permissions.  
• Files existed on the hard disk before you installed Windows XP.
• You changed a file's permissions while Simple File Sharing was turned off on Windows XP Professional.
Note NTFS permissions are not maintained on file move operations when you use Windows Explorer with Simple File Sharing turned on.

If you turn on and turn off Simple File Sharing, the permissions on files are not changed. The NTFS and share permissions do not change until you change the permissions in the interface. If you set the permissions with Simple File Sharing enabled, only Access Control Entries (ACEs) on files that are used for Simple File Sharing are affected. The following ACEs in the Access Control List (ACL) of the files or folders are affected by the Simple File Sharing interface: • Owner
• Administrators
• Everyone
• System

0
 

Author Comment

by:jay28lee
ID: 12615402
This "Simple File Sharing" doesn't really solve my problem.  Is there a "Complicated" File Sharing scheme available?

I'm sharing folders in some of my root directories of C and D drives, and I only want to allow user to know the access password to be able to view and access the content.

For example, I would like to achieve the following, assume all of the computers are of the same workgroup:

CPU1:
Shared: C:\C1_Data C:\C1_Content D:\C1_Info

CPU2:
Shared: C:\C2_Data C:\C2_Content D:\C2_Info

CPU3:
Under "View Workgroup Computers", CPU3 can see CPU1, CPU2, and CPU3, but when CPU3 want to see the shared content of CPU1 and CPU2, a dialog window will prompt for access password.  Only if the password is matched, otherwise CPU3 won't be able to see the shared content (even the shared direcories names) on CPU1 and CPU2.
0
 
LVL 5

Accepted Solution

by:
abu_deep earned 1600 total points
ID: 12635264
try to make  identical username/passwords set on all machines
in other word

for your scenario : on pc 1 and pc 2  you must have a user name of pc 3

but don't forget to check Local Security Settings, Network access: Sharing and security model for local accounts.  This may be set to (default) Guest only - local users authenticate as Guest.  Change this to Classic: local users authenticate as themselves.

Start/run: gpedit.msc
   Local Computer Policy
     Computer Configuration
      +Windows Settings
         +Security Settings
           +Local Policies
             +Security Options
         
          Double-click on Network Access:Sharing and Security Model for local accounts--
                 --change to "Classic - local users authenticate as themselves"

FOR HOME USERS ONLY WHEN ALL ELSE FAILS:
Look for and set these properties as shown also

Network access: Allow anonymous SID/Name translation     ==> Enabled
Network access: Do not allow anonymous enumeration of SAM accounts     ==> Disabled
Network access: Do not allow anonymous enumeration of SAM accounts and shares          ==> Disabled
Network access: Let Everyone permissions apply to anonymous users     ==>      Enabled

( u have to apply this for you pc1 and pc2 at least )

And then instead of simple share on pc2 and pc 1 try to assign a permission for user name of pc 3…and don't forget to use ntfs format for your local drivers of both pc1 and pc2 in order to gain more access permissions levels…

And then u should be good..
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Resolve DNS query failed errors for Exchange
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question