[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 229
  • Last Modified:

How do I setup network shares on Windows XP Pro so some require login/password, and some do not?

I would like to setup my security so that only Administrators of the local computer have access to the Windows XP default shares (C$, ADMIN$, etc.). I would like to setup some folders to be shared so anyone can access them (such as my printers and my music folder). I would like to setup other folders so that the user is required to provide a username/password.

I am familiar with setting up network shares with simple file sharing turned off and with changing the share permissions and the NTFS permissions. But I haven't figure out how to do what I described above. Does anyone know how to do this?

Note: I've seen several sites that describe how to setup shares in general. But I'd like specific advice on how to do the above, since my general knowledge and the general sites I've seen haven't helped.

I am running Windows XP Pro SP2 on a workgroup (not a domain).

Thanks,
Andrew

0
andrew82net
Asked:
andrew82net
  • 4
  • 3
1 Solution
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Then your set as is.  The C$, Admin$ and other drive letter $ shares are shared and only available to admins on that computer (or domain admins in the domain).  Further, if you try to change the access rights to these shares (share permissions), you should be denied the ability.  

If others are getting access to your machines, I would suspect it's because, among other things, you're leaving the admin account named "administrator" and using a common password across all systems.  Good security practices dictate you RENAME the administrator account and you don't use a common password.
0
 
andrew82netAuthor Commented:
But I don't want to simply require logins for the default shares, but want to setup my own shares, some of which require login and some do not.
0
 
andrew82netAuthor Commented:
I am able to access the C$ share on my notebook from my desktop computer. The two computers have different administrator account names and passwords and my account (Andrew) has a different password on both computers.
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Is that account in the local admin's group?  I would suspect so.  The Local Admins group is what has access to the admin shares.  Users should not be logging in to the systems as members of the admins group - it's potentially dangerous.
0
 
andrew82netAuthor Commented:
Yes. And I'm aware of the "dangers" of running my computer using a user in the local admin group. Be that as it may, I still want it to be setup that way.

The question remains. How do I prevent users from accessing the C$ share and still permit them to access other shares without a password and some other shares only with a password? Is this possible without running on a domain?

Thanks.
0
 
netthusetCommented:
The way to do this is to grant different users different rights on the share itself.
To only grant rights to specific users first remove the default group "everyone" and add the user/groups of your choice and grant them the necessary rights.

If the logged on user on a different machine tries to access your computer he will get the list, but wont have access to the shared folders if he hasn't been granted the read permissions. When the user authenticates he gets his rights.

For printers folder:  grant rights on the printers themselves, if u share a printer it will automatically show at the same level as a shared folder.

If your machines are not part of a domain the other machines tries to authenticate with computername\username unless u specify otherwise. This will result in a password prompt unless u have identical usernames/passwords on both machines.
To avoid prompts u can activate the guest account and grant rights to the user "guest" which I wouldn't recommend at all.

Q: The question remains. How do I prevent users from accessing the C$ share and still permit them to access other shares without a password and some other shares only with a password? Is this possible without running on a domain?

A: Simply turn off inheritance on the child folders of the partition u want to share, then grant necessary rights to the users of your choice. A user always need to authenticate with his username and password.

Hope this helps abit, most of it has been mentioned earlier tho.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:


> The question remains. How do I prevent users from accessing the C$ share and
> still permit them to access other shares without a password and some other shares
> only with a password? Is this possible without running on a domain?

I don't think the question does remain, you just don't like the answer.  Administrative shares are for administrators. If you're leaving things the same on all systems, then you can't.

I'm forever perplexed by people who insist as running as admins.  Then again, I'm also greatful.  Especially when companies do it.  I made $900 for 6 hours work a couple months back because a company wanted all the users to be admins, then when they got serious spyware infections they had me change everything.  Great for my bank account.
0
 
andrew82netAuthor Commented:
Ok, so the last two answers prompt a few questions:

Setup Reminder: Two computers on a LAN, workgroup (not domain. Both computers have the default administrative accounts renamed and set with different passwords. I am running both computers with a username Andrew that has administrative privs. The passwords for the two Andrew users are different.

1. Does it affect anything if the usernames are the same on the two computers, even though they aren't on a domain and the passwords are different?

2. Is the level of share access granted to a remote user affected by what user is logged on to the local computer? That is, if I'm logged in as an admin on my desktop, if I try to connect to a share from my notebook, does the notebook user somehow get admin privs because an admin is logged on to the desktop?

3. Given the statements by leew toward the beginning of this discussion, since I can't change the permissions on the C$ share, why am I able to access it from a different computer?

Note Regarding Admin Accounts:
I'm perplexed by people who insist that running as an admin is always a horrible thing to do and it'll spell almost certain doom for your computer due to viruses, trojans, hackers, worms, spyware, etc. I have a local network behind a Netgear FVS318 router/firewall. All computers on my LAN run ZoneAlarm Security Suite (software firewall), Norton AntiVirus 2005, Spybot Search & Destroy, Ad-aware, and Startup Cop Pro (which alerts me whenever a change is made to the programs set to run at startup). My e-mail is scanned for viruses at the server and scanned again when downloaded locally. All potentially dangerous attachments are automatically quarantined by ZoneAlarm's MailSafe, even if they pass Norton's virus scan. I will grant that I am certainly by no means invulnerable! Probably sooner or later I'll get a virus or some nasty spyware. But my system is about as protected as any home network can be (suggestions welcome). If I do somehow get infected or hacked, the agent would still have access to read and delete my files. And, I dont' know about you, but compared to the value of my personal information and my data, messing up my OS or my settings is insignificant. Would running as a User or a Power User really make my computer that much safer?

0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now