Simple File Sharing

While home users are typically happy letting anyone at any computer read or modify any file, business users usually need to restrict access to files with payroll, personnel, and proprietary information. Windows XP and its predecessors, Windows NT and Windows 2000, were designed for business use, so they require usernames and passwords for identification, and have a security system that lets computer owners restrict access to sensitive files on a user-by-user and file-by-file basis.

Unfortunately, on a Windows peer-to-peer or workgroup network, there is no centralized list of authorized usernames. This makes maintaining control of who is and isn't permitted to access network files on each computer difficult. Here's why: When you attempt to use a file or printer shared by another computer, Windows sends your username and password to the other computer. In versions of Windows prior to XP

• If the username and password match a user account already set up on the other computer, Windows uses that account's permission settings to determine whether to grant you access to the file.

• If the user information doesn't match, Windows prompts you to enter a username and password that the other computer will recognize.

• If you do fail to provide a valid password, the remote Windows computer gives you the permissions assigned to the "Guest" account, which is usually disabled or does not have permission to access the resource you want.

An advantage of this system is that users can determine precisely which users could access files and folders. The disadvantage is that it would require you to set up identical user accounts for each network user on every computer, and then grant these users permissions to modify shared files and folders.

Smaller business and home users found this security setup cumbersome to use and difficult to set up properly. This pushed people into eliminating security restrictions completely, just to get the network to work. That's a risky approach, so Microsoft gave Windows XP a new feature called "Simple File Sharing."

NOTE

Simple File Sharing applies only on a peer-to-peer network. Domain network users must live with the full, more complex security system.

The Simple File Sharing feature can be enabled or disabled from the Tools, Folder Options, View tab in any Windows Explorer window, as shown in Figure 28.13.

When you first install Windows XP Professional, it is enabled. (By the way, XP Home Edition users have Simple File Sharing too, and can't disable it.)

When Simple File Sharing is enabled

• Network users are not prompted for a username or password. Instead they are automatically granted access using the permissions granted to the Guest account, even if Guest is disabled for direct logins.

• The Security properties tab that is normally used to assign per-user permissions to files and printers is not displayed.

• Windows automatically assigns appropriate security permissions to folders and printers when you share them. If you check Allow Network Users to Change My Files, all network users can read, write, rename, or delete the contents of the shared folder. If you don't check this option, network users can view but not modify the contents.

If you disable Simple File Sharing, or if your computer is a member of a domain network, your computer will display different dialog boxes when you go to share a folder, and you'll have access to the Security properties page on folders and printers.

It's generally not necessary to disable Simple File Sharing but it is important to protect your computer and your network from Internet hacking. Be sure to read Chapters 19, "Connecting Your LAN to the Internet," and 21, "Network Security," to be sure your network is protected.