How can I prevent someone from accessing files on a Windows peer-to-peer network?

Posted on 2009-12-23
Last Modified: 2012-05-08
In my home I have 3 computers... 2 computers running Windows XP Pro and 1 running Windows 7 Professional.  All three have their "C" drives shared so that we can exchange files easily and can see each others folders.  We all have Internet access via a Netgear router which support wired as well as wireless connections.

I have someone moving into our home for a few weeks and she would like access to the Internet which is fine with me but I DON'T want to give her access to any of my 3 computers.  How can I set this up?  Do I need another router?  Thanks.
Question by:herbro
    LVL 12

    Expert Comment

    You just need to adjuste the share permissions. Create local usernames on each PC with passwords and then go to the shared folder and add permissions for the users that you created. Make sure you remove the everyone group and it should be ok.

    Author Comment

    I really don't want to mess with permissions and username etc. Isn't there a way to do it using either another router or to somehow re-configure the router in some way.  I don't mind buying a second router.
    LVL 12

    Expert Comment


    If you want to but i think that would be a lot more effort. You will have to configure the second router and use rules to deny access to the other IP addresses. That might not be all that easy, depending on what routers you go for.
    If you have static IP addresses on the PCs you might be able to deny access based on that but again you need a router that has that functionality.
    LVL 10

    Accepted Solution

    Unless the usernames and passwords are the same on the existing and new machines, you shouldn't really be able to get to any of the files anyway..  If you're not using passwords, then you're right, she'll be able to get right in, but then again, she'll be able to walk right up to the computer when you're not home, or are sleeping, and get to them locally too...  So, passwords really are the RIGHT answer..

    As for wanting to do something with routers, yes.. you could..  If you get another router, you could connect them kind of in series, so that the Internet touches the WAN port of the NEW router, and you put her new computer on the LAN side (or wireless) of that new router, and you plug your existing router's WAN port into another LAN port of the new router..  That way, as far as the existing router is concerned, anything that's on the WAN side (usually just the Internet, but now the Internet and her new machine) is untrusted, and by default wont be let in..  The New router will see all the traffic from the old router as if it were just one more client trying to get out to the Internet, and let it through.


    Her computer would get plugged into "NewRouter" on another LAN port in this scenario                      

    If your ISP does regular DHCP to assign your addresses, this should be as simple as inserting the new router between the modem and the old router, and then REBOOT THE MODEM because it's likely that the modem (I'm assuming a typical cable modem here) will remember the MAC address of the router, and not let the new router get an IP address until it either times out or is rebooted...

    Note that it's important that the "untrusted" machine get connected to the router which is closest to the internet, because the machines on the middle router ("NewRouter" in my picture) will trust anything that it sees on the LAN side, and let the traffic flow..  So, in my config, machines connected to the LAN side of OldRouter will be able to see the drives of the machines on NewRouter, just not vice-versa...  

    One caveat to this config is that you PROBABLY need to make sure that the LAN side addresses of the new and old routers are NOT the same..  Most routers come configured with the LAN side configured for either or  You need to make sure the routers are different, otherwise the "NewRouter" will be routing to and from the same logical subnet, and most home class NAT engines get confused with this configuration...


    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    What’s a web proxy server? A proxy server is a server that goes between clients and web servers, used in corporate to enforce corporate browsing policy and ensure security. Proxy servers are commonly used in three modes. A)    Forward proxy …
    Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now