How do I setup network shares on Windows XP Pro so some require login/password, and some do not?

Posted on 2005-03-28
Medium Priority
Last Modified: 2010-03-18
I would like to setup my security so that only Administrators of the local computer have access to the Windows XP default shares (C$, ADMIN$, etc.). I would like to setup some folders to be shared so anyone can access them (such as my printers and my music folder). I would like to setup other folders so that the user is required to provide a username/password.

I am familiar with setting up network shares with simple file sharing turned off and with changing the share permissions and the NTFS permissions. But I haven't figure out how to do what I described above. Does anyone know how to do this?

Note: I've seen several sites that describe how to setup shares in general. But I'd like specific advice on how to do the above, since my general knowledge and the general sites I've seen haven't helped.

I am running Windows XP Pro SP2 on a workgroup (not a domain).


Question by:andrew82net
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 96

Expert Comment

by:Lee W, MVP
ID: 13649668
Then your set as is.  The C$, Admin$ and other drive letter $ shares are shared and only available to admins on that computer (or domain admins in the domain).  Further, if you try to change the access rights to these shares (share permissions), you should be denied the ability.  

If others are getting access to your machines, I would suspect it's because, among other things, you're leaving the admin account named "administrator" and using a common password across all systems.  Good security practices dictate you RENAME the administrator account and you don't use a common password.

Author Comment

ID: 13649685
But I don't want to simply require logins for the default shares, but want to setup my own shares, some of which require login and some do not.

Author Comment

ID: 13649700
I am able to access the C$ share on my notebook from my desktop computer. The two computers have different administrator account names and passwords and my account (Andrew) has a different password on both computers.
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

LVL 96

Expert Comment

by:Lee W, MVP
ID: 13649709
Is that account in the local admin's group?  I would suspect so.  The Local Admins group is what has access to the admin shares.  Users should not be logging in to the systems as members of the admins group - it's potentially dangerous.

Author Comment

ID: 13649724
Yes. And I'm aware of the "dangers" of running my computer using a user in the local admin group. Be that as it may, I still want it to be setup that way.

The question remains. How do I prevent users from accessing the C$ share and still permit them to access other shares without a password and some other shares only with a password? Is this possible without running on a domain?


Accepted Solution

netthuset earned 1000 total points
ID: 13651320
The way to do this is to grant different users different rights on the share itself.
To only grant rights to specific users first remove the default group "everyone" and add the user/groups of your choice and grant them the necessary rights.

If the logged on user on a different machine tries to access your computer he will get the list, but wont have access to the shared folders if he hasn't been granted the read permissions. When the user authenticates he gets his rights.

For printers folder:  grant rights on the printers themselves, if u share a printer it will automatically show at the same level as a shared folder.

If your machines are not part of a domain the other machines tries to authenticate with computername\username unless u specify otherwise. This will result in a password prompt unless u have identical usernames/passwords on both machines.
To avoid prompts u can activate the guest account and grant rights to the user "guest" which I wouldn't recommend at all.

Q: The question remains. How do I prevent users from accessing the C$ share and still permit them to access other shares without a password and some other shares only with a password? Is this possible without running on a domain?

A: Simply turn off inheritance on the child folders of the partition u want to share, then grant necessary rights to the users of your choice. A user always need to authenticate with his username and password.

Hope this helps abit, most of it has been mentioned earlier tho.
LVL 96

Expert Comment

by:Lee W, MVP
ID: 13654500

> The question remains. How do I prevent users from accessing the C$ share and
> still permit them to access other shares without a password and some other shares
> only with a password? Is this possible without running on a domain?

I don't think the question does remain, you just don't like the answer.  Administrative shares are for administrators. If you're leaving things the same on all systems, then you can't.

I'm forever perplexed by people who insist as running as admins.  Then again, I'm also greatful.  Especially when companies do it.  I made $900 for 6 hours work a couple months back because a company wanted all the users to be admins, then when they got serious spyware infections they had me change everything.  Great for my bank account.

Author Comment

ID: 13658402
Ok, so the last two answers prompt a few questions:

Setup Reminder: Two computers on a LAN, workgroup (not domain. Both computers have the default administrative accounts renamed and set with different passwords. I am running both computers with a username Andrew that has administrative privs. The passwords for the two Andrew users are different.

1. Does it affect anything if the usernames are the same on the two computers, even though they aren't on a domain and the passwords are different?

2. Is the level of share access granted to a remote user affected by what user is logged on to the local computer? That is, if I'm logged in as an admin on my desktop, if I try to connect to a share from my notebook, does the notebook user somehow get admin privs because an admin is logged on to the desktop?

3. Given the statements by leew toward the beginning of this discussion, since I can't change the permissions on the C$ share, why am I able to access it from a different computer?

Note Regarding Admin Accounts:
I'm perplexed by people who insist that running as an admin is always a horrible thing to do and it'll spell almost certain doom for your computer due to viruses, trojans, hackers, worms, spyware, etc. I have a local network behind a Netgear FVS318 router/firewall. All computers on my LAN run ZoneAlarm Security Suite (software firewall), Norton AntiVirus 2005, Spybot Search & Destroy, Ad-aware, and Startup Cop Pro (which alerts me whenever a change is made to the programs set to run at startup). My e-mail is scanned for viruses at the server and scanned again when downloaded locally. All potentially dangerous attachments are automatically quarantined by ZoneAlarm's MailSafe, even if they pass Norton's virus scan. I will grant that I am certainly by no means invulnerable! Probably sooner or later I'll get a virus or some nasty spyware. But my system is about as protected as any home network can be (suggestions welcome). If I do somehow get infected or hacked, the agent would still have access to read and delete my files. And, I dont' know about you, but compared to the value of my personal information and my data, messing up my OS or my settings is insignificant. Would running as a User or a Power User really make my computer that much safer?


Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question