Establish the correct file-sharing permissions in Windows XP
Tuesday, August 20, 2002 12:00 PM
With the NT file system (NTFS) in Windows XP, you can set file permissions at the local PC level in addition to the file-sharing permissions of the network environment. Along with this additional functionality comes complexity and the potential for all kinds of admin headaches. This article reviews the file and folder permissions in Windows XP.
With the NT file system (NTFS) in Windows XP, you can set file permissions at the local PC level in addition to the file-sharing permissions of the network environment. Along with this additional functionality comes complexity and the potential for all kinds of admin headaches. One harried manager wants to know why he can’t access the data on a colleague’s PC that he needs to assemble a presentation; another can’t figure out why the mailroom intern was able to browse the files he thought he had secured. More options mean more chances for confusion and user error, and if you don’t have a thorough understanding of the various permissions and their relationships, it can be nearly impossible to sort out a permission problem and find a solution.
We’ll review the file and folder permissions in Windows XP. Once you understand Windows XP permissions and how they interact, you’ll be able to troubleshoot permission issues that occur on your network more quickly.
Watch file-sharing and NTFS permission interactions
In any Windows network environment (peer-to-peer or server-based), you can set sharing permissions for drives and folders. By default, when you set up a PC on a network, no drives or folders on that PC are shared. The local user of that PC can then choose to share entire drives or individual folders on a drive. This type of security is not really that secure, however, because it affects only network access. Local access (that is, someone sitting down at the PC and logging on) is wide open.
For drives formatted with NTFS, you can set NTFS permissions. These can affect drives and folders and individual files too. NTFS permissions affect local users as well as network users and are based on the permission granted to individual user logons, regardless of where they’re connecting. You also have a much wider variety of permissions to choose from with NTFS permissions, so you can more precisely control the rights being granted.
When sharing permissions and NTFS permissions conflict, the most restrictive of the two wins. For example, if someone has full access to a certain file from NTFS permissions but has no sharing permissions to the folder in which it resides, he or she cannot access the file from the network. He or she can, however, physically sit down at the local PC containing the file, log in, and access it, because sharing permissions do not affect local access.
Working with shared folders
Shared folders provide remote access to the files on a PC. Folder sharing is available on drives using all types of partitions: FAT, FAT32, or NTFS. To share any folders (or any printers, for that matter) on a Windows XP PC, File And Printer Sharing For Microsoft Networks must be installed as a networking component. To check for it, right-click the Local Area Connection icon in the Windows XP taskbar and choose Status. From the Local Area Connection Status dialog box, select the Properties button to see the listing shown in Figure A. If File And Printer Sharing For Microsoft Networks doesn’t appear on the list, add it by clicking the Install button and choosing it from the Services category.
File And Printer Sharing For Microsoft Networks must be installed to share folders over a network.
After File And Printer Sharing For Microsoft Networks is in place, you can share individual drives and folders by right-clicking a drive or folder and choosing Sharing And Security. When you do, the Sharing tab of the Properties dialog box will open.
Sharing is slightly different for drives than for files. With a drive, you might see a default share already set up. These have a dollar sign ($) following the share name, as shown in Figure B. Such shares are for administrative use only; ordinary users won’t be able to see or browse a drive shared in this way on the network. Consequently, if you want to share an entire drive like this on your network, you must create an additional share for it.
C$ is the default administrative share for this drive; it doesn’t count as a user-to-user share.
To create a new share for a drive, click the New Share button and then fill in the Share Name, any comment you want to make, and a user limit for concurrent usage (if desired). While you’re in the New Share dialog box (see Figure C), you can click the Permissions button to specify who will have access to the shared drive or you can save that for later.
Create a new share to allow other users to access the drive.
For a folder, the process is more straightforward because there are no default administrative shares. By default, a folder is set to Do Not Share This Folder. To share it, right-click the folder and select Sharing And Security from the resulting pop-up box. Choose the Share This Folder button and then enter a share name, comment, and user limit.
Regardless of whether you’re sharing a folder or a drive, you can configure permissions the same way: Display the Sharing tab and click the Permissions button. A Permissions dialog box will appear, as shown in Figure D. By default, all permissions are granted to everyone.
Limit permission to the folder or drive, if desired.
» Powerful server blade for SMBs
Test Drive Now!
I cannot get the same option tabs on my system, the sharing window looks totally different when I right click propoerties on my drives
can you help
Posted by Lee Privett on Thursday, October 09 2003 03:17 AM