I spend a decent amount of time in the A+Exam Cram 6th Edition talking about how to share data in Windows 7. This article covers the sharing of data in Windows XP and Windows Vista.
Folders and files need to be shared so that other users on the local computer and on the network can gain access to them. Windows operating systems use an Access Control Model for securable objects like folders. This model takes care of rights and permissions, usually through discretionary access control lists (DACL) that contain individual access control entries (ACEs). All the shared folders can be found by navigating to Computer Management > Shared Folders > Shares, as shown in Figure 1.
Figure 1
Here we also see the hidden administrative shares that can be identified by the $ on the end of the share name. These shares cannot be seen by standard users when browsing to the computer over the network; they are meant for administrative use. Note that every volume (C: or D:, for example) has an administrative share. Although it is possible to remove these by editing the Registry, it is not recommended because
it might cause other networking issues. You should be aware that only administrators should have access to these shares.
Sharing folders differs slightly in Windows XP and Windows Vista, so let’s briefly discuss each one now.
Sharing Folders in Windows XP
There are two different ways to share folders in Windows XP: By utilizing simple file sharing or by using standard network shares.
Simple file sharing is enabled by default, but if you need to turn it on, you can do so by navigating to the Tools menu in Windows Explorer and selecting Folder Options. From the Folder Options window, click the View tab and scroll to the end of the list. The last option is Use Simple File Sharing; if it is check marked, then it is enabled. To share
a file or folder for other local users on the computer, simply drag it to the Shared Documents folder, usually listed directly after Control Panel in the left window pane of Windows Explorer; this is known as a local share. To share a folder for access by remote users on the network, right-click the folder to be shared, and select Sharing & Security. Next, check mark the Share This Folder on the Network check box. At
that point, you can give it a share name that by default is the same as the folder name. Now remote users can either browse to your computer or map a network drive to view the folder’s contents. Keep in mind that by sharing the folder in this manner, any user can access the folder, but by default the files will be read-only. For users to
modify the files, the option Allow Network Users to Change My Files would have to be selected. Simple file sharing is an example of share-level security, which has slowly been losing ground to the more secure user-level security.
To use standard network shares (also known as user-level security), simple file sharing must be disabled. When this is done, folders are shared by accessing the same Sharing tab of the folder’s Properties window, but you can notice that the window has changed. Now, we have the option to set permissions for the folder. There are two levels of permissions: Share permissions and NTFS permissions.
– Share permissions can be accessed from the Sharing tab by clicking the Permissions button. From here you note that the Everyone group has read-only access by default. The other two permissions available to us are Change and Full Control.
– NTFS permissions are accessed from the Security tab. Here we have six default levels of permissions from Read and Write to Full Control, as shown in Figure 2.
Figure 2
NTFS permissions are modified in the Security tab of the folder’s Properties window. The weakest of these permissions is Read, and the strongest, of course, is Full Control. You also note that we have the option to Allow access or Deny access and that this can be done by the users or by their user group, thus the term user-level security. Generally, if you want users to have access to the folder, you would add them to
the list and select Allow for the appropriate permission. If you don’t want to allow them access, normally you simply wouldn’t add them. But in some cases, an explicit Deny is necessary. This could be because the user is part of a larger group that already has access to a parent folder, but you don’t want the specific user to have access to this particular subfolder.
Of course, permissions can get very in-depth; for more information on simple file sharing and the associated permissions see the following link:
http://support.microsoft.com/kb/304040/.
For more information on NTFS permissions see:
http://technet.microsoft.com/en-us/library/bb727008.aspx.
Sharing Folders in Windows Vista
Windows Vista does not enable simple file sharing by default. Access to shared folders in Vista normally requires a username and password. (So share-level security has at this point, for the most part, gone the way of the dodo.) There are once again two different ways of sharing folders; by using a wizard or doing it manually. First however, we need to make sure that file sharing is turned on! To do this, navigate to
Control Panel > Network and Internet > Network and Sharing Center. Under Sharing and Discovery you see the File sharing option; make sure it is turned on. Also verify that Network discovery is on so that other computers can “see” the computer that will be hosting the shares, as shown in Figure 3.
Figure 3
You will note a few other settings. First is Public Folder Sharing. Although you can share any folder you want, the Public folder was created as a default share that any user on the local computer or other computers can access. It takes the place of the Shared Documents folder in Windows XP. The Public folder can be found by navigating to Start > Documents and then selecting Public under Favorite Links. This setting can be configured so that network users can open files in the Public folder,
or open and modify them, or the setting can be turned off so that only local users can see the files. Second is Password Protected Sharing. If this is on, a remote user needs to type a username and password to gain access to a share, but if it is off, any user can connect automatically, which is not recommended as it is not secure.
Now, you can enable/disable the wizard previously mentioned by navigating to Windows Explorer, Tools menu, and click Folder Options. Then select the View tab, scroll to the bottom, and either select or deselect the Use Sharing Wizard check box. If you use the wizard and attempt to share a folder by right-clicking it and selecting Share, a window pops up prompting you to select the users that will have access to the folder. The appropriate users are then added to the list and configured as a
Reader, Contributor, or Co-author. If you choose not to use the wizard, and want to share a folder, right-click the folder and select Share; then click the Advanced Sharing button. In the Advanced Sharing window, check mark the option for Share This Folder. From there, Share permissions can be added the same way as in Windows XP simply by clicking the Permissions button. To add NTFS security permissions, cancel out of the Advanced Sharing window and select the Security tab; NTFS permissions work the same way as in Windows XP. For more information on File sharing in Windows Vista see the following link: http://technet.microsoft.com/en-us/library/bb727037.aspx.
For more information on sharing data in Windows 7, see the A+ Exam Cram 6th Edition.
