andrew82net
asked on
How do I setup network shares on Windows XP Pro so some require login/password, and some do not?
I would like to setup my security so that only Administrators of the local computer have access to the Windows XP default shares (C$, ADMIN$, etc.). I would like to setup some folders to be shared so anyone can access them (such as my printers and my music folder). I would like to setup other folders so that the user is required to provide a username/password.
I am familiar with setting up network shares with simple file sharing turned off and with changing the share permissions and the NTFS permissions. But I haven't figure out how to do what I described above. Does anyone know how to do this?
Note: I've seen several sites that describe how to setup shares in general. But I'd like specific advice on how to do the above, since my general knowledge and the general sites I've seen haven't helped.
I am running Windows XP Pro SP2 on a workgroup (not a domain).
Thanks,
Andrew
I am familiar with setting up network shares with simple file sharing turned off and with changing the share permissions and the NTFS permissions. But I haven't figure out how to do what I described above. Does anyone know how to do this?
Note: I've seen several sites that describe how to setup shares in general. But I'd like specific advice on how to do the above, since my general knowledge and the general sites I've seen haven't helped.
I am running Windows XP Pro SP2 on a workgroup (not a domain).
Thanks,
Andrew
ASKER
But I don't want to simply require logins for the default shares, but want to setup my own shares, some of which require login and some do not.
ASKER
I am able to access the C$ share on my notebook from my desktop computer. The two computers have different administrator account names and passwords and my account (Andrew) has a different password on both computers.
Is that account in the local admin's group? I would suspect so. The Local Admins group is what has access to the admin shares. Users should not be logging in to the systems as members of the admins group - it's potentially dangerous.
ASKER
Yes. And I'm aware of the "dangers" of running my computer using a user in the local admin group. Be that as it may, I still want it to be setup that way.
The question remains. How do I prevent users from accessing the C$ share and still permit them to access other shares without a password and some other shares only with a password? Is this possible without running on a domain?
Thanks.
The question remains. How do I prevent users from accessing the C$ share and still permit them to access other shares without a password and some other shares only with a password? Is this possible without running on a domain?
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> The question remains. How do I prevent users from accessing the C$ share and
> still permit them to access other shares without a password and some other shares
> only with a password? Is this possible without running on a domain?
I don't think the question does remain, you just don't like the answer. Administrative shares are for administrators. If you're leaving things the same on all systems, then you can't.
I'm forever perplexed by people who insist as running as admins. Then again, I'm also greatful. Especially when companies do it. I made $900 for 6 hours work a couple months back because a company wanted all the users to be admins, then when they got serious spyware infections they had me change everything. Great for my bank account.
ASKER
Ok, so the last two answers prompt a few questions:
Setup Reminder: Two computers on a LAN, workgroup (not domain. Both computers have the default administrative accounts renamed and set with different passwords. I am running both computers with a username Andrew that has administrative privs. The passwords for the two Andrew users are different.
1. Does it affect anything if the usernames are the same on the two computers, even though they aren't on a domain and the passwords are different?
2. Is the level of share access granted to a remote user affected by what user is logged on to the local computer? That is, if I'm logged in as an admin on my desktop, if I try to connect to a share from my notebook, does the notebook user somehow get admin privs because an admin is logged on to the desktop?
3. Given the statements by leew toward the beginning of this discussion, since I can't change the permissions on the C$ share, why am I able to access it from a different computer?
Note Regarding Admin Accounts:
I'm perplexed by people who insist that running as an admin is always a horrible thing to do and it'll spell almost certain doom for your computer due to viruses, trojans, hackers, worms, spyware, etc. I have a local network behind a Netgear FVS318 router/firewall. All computers on my LAN run ZoneAlarm Security Suite (software firewall), Norton AntiVirus 2005, Spybot Search & Destroy, Ad-aware, and Startup Cop Pro (which alerts me whenever a change is made to the programs set to run at startup). My e-mail is scanned for viruses at the server and scanned again when downloaded locally. All potentially dangerous attachments are automatically quarantined by ZoneAlarm's MailSafe, even if they pass Norton's virus scan. I will grant that I am certainly by no means invulnerable! Probably sooner or later I'll get a virus or some nasty spyware. But my system is about as protected as any home network can be (suggestions welcome). If I do somehow get infected or hacked, the agent would still have access to read and delete my files. And, I dont' know about you, but compared to the value of my personal information and my data, messing up my OS or my settings is insignificant. Would running as a User or a Power User really make my computer that much safer?
Setup Reminder: Two computers on a LAN, workgroup (not domain. Both computers have the default administrative accounts renamed and set with different passwords. I am running both computers with a username Andrew that has administrative privs. The passwords for the two Andrew users are different.
1. Does it affect anything if the usernames are the same on the two computers, even though they aren't on a domain and the passwords are different?
2. Is the level of share access granted to a remote user affected by what user is logged on to the local computer? That is, if I'm logged in as an admin on my desktop, if I try to connect to a share from my notebook, does the notebook user somehow get admin privs because an admin is logged on to the desktop?
3. Given the statements by leew toward the beginning of this discussion, since I can't change the permissions on the C$ share, why am I able to access it from a different computer?
Note Regarding Admin Accounts:
I'm perplexed by people who insist that running as an admin is always a horrible thing to do and it'll spell almost certain doom for your computer due to viruses, trojans, hackers, worms, spyware, etc. I have a local network behind a Netgear FVS318 router/firewall. All computers on my LAN run ZoneAlarm Security Suite (software firewall), Norton AntiVirus 2005, Spybot Search & Destroy, Ad-aware, and Startup Cop Pro (which alerts me whenever a change is made to the programs set to run at startup). My e-mail is scanned for viruses at the server and scanned again when downloaded locally. All potentially dangerous attachments are automatically quarantined by ZoneAlarm's MailSafe, even if they pass Norton's virus scan. I will grant that I am certainly by no means invulnerable! Probably sooner or later I'll get a virus or some nasty spyware. But my system is about as protected as any home network can be (suggestions welcome). If I do somehow get infected or hacked, the agent would still have access to read and delete my files. And, I dont' know about you, but compared to the value of my personal information and my data, messing up my OS or my settings is insignificant. Would running as a User or a Power User really make my computer that much safer?
If others are getting access to your machines, I would suspect it's because, among other things, you're leaving the admin account named "administrator" and using a common password across all systems. Good security practices dictate you RENAME the administrator account and you don't use a common password.