Dumbed down file sharing in Windows XP
by Volker Weber
Recently I wanted to set up file sharing between three Windows XP notebooks. But I could only enable or disable sharing. There was no way to specify permissions as to who was actually allowed to access the share. As Stefan has found out, Microsoft has disabled this feature by default: "How to disable simplified sharing and set permissions on a shared folder in Windows XP":
By default, simple file sharing is enabled on a Microsoft Windows XP-based computer if the computer is not a member of a domain. With simple file sharing, you can share folders with everyone on your workgroup or network and make folders in your user profile private. However, if simple file sharing is enabled, you cannot prevent specific users and groups from accessing your shared folders. If you turn off simple file sharing, you can permit specific users and groups to access a shared folder. Those users must be logged on with the credentials of user accounts that you have granted access to your shared folder.
If simple file sharing is enabled, you see the simple file sharing user interface appears instead of the Security and Sharing tabs. By default, this new user interface is implemented in Windows XP Home Edition and in Microsoft Windows XP Professional if you are working in a workgroup. If you turn off simple file sharing, the classic Security and Sharing tabs appear, and you can specify which users and groups have access to shared folders on your computer.
Now, what is a good place to hide this setting? No, not in Network, not in Sharing, Microsoft has tugged it away in Tools/Folder Options/View/Advanced:
- Click Start, and then click My Computer.
- On the Tools menu, click Folder Options, and then click the View tab.
- In the Advanced Settings section, clear the Use simple file sharing (Recommended) check box.
- Click OK.
Microsoft recommends to disable permissions. That would be too secure, eh?
Comments
It's a mystery too me, how so much of the functionality that is central to an operating is so well hidden or poorly implemented. The instructions don't appear to apply to XP Home - I can't find an "Advanced Settings" section.
The technote only applies to XP Professional. The feature has gone missing from HP Home.
Which in fact is stated in the section titled INTRODUCTIION (sic!) of that technote. Just read the part after "Note:" ;)
A timely post Volker - a recent reload of my work machine to XP had me wondering what uncle Bill had done with the standard interface! Fiddle fiddle fiddle, MS just have bloody well fiddle!
Microsoft & Security - a heady comibination.
Now, which IT Director who chose to remain anonymous told it like it is over at silicon.com the other day ?
Ah, thank you! Like Colin, I am configuring a new machine and was trying to get this working. UGH! Now that Shirley has happily been using her iBook for many months, she is amazed at all the troubles I have with Windows :)
The same setting also enables the security tab on each folder, so that you can use NTFS ACL's from the GUI (as mentioned in the technote).
I always disable the 'simple file sharing' option when I do setup a new Windows box, even if I do not share any files, just to manipulate the NTFS ACLs.
Windows XP does set the ACL's for the Directories below 'Documents and Settings' (i.e. each users directory is accesable for the user and the local administrators group).
Also the partiton hosting the %systemroot% directory also has different ACLs set. Hovwever on any other disk the default ACL is 'Everyone/Full Access' ACL, which gets inherited down the directory structure.
Instead of building functionality/wizardry that would guide 'normal' users to use the technology properly, Microsoft opted for the easy way out and chose to hide the ACL's by default and even removed the GUI from XP Home.
Bad choice, IMHO.
