Matt said:
It might help to know that all the files I want to protect are on the
D: partition (also NTFS), so using the "crazy" option to completly
hide that drive on the guest acount would be OK.
Well, I'll give you my notes from MVP Steve Winograd but I'd back up
everything first. There are *no* guarantees this won't completely hose
your entire operating system. I still think you'd be better off just
zipping the files. Disabling the Simple Sharing is what will give you
the Security tab and the ability to set permissions on the folder. When
you read "I" in the procedures below, that is Steve talking. I, Malke,
have never done this and so make absolutely no claims about its
efficacy or what it will do to your system. OK, we all clear about
this? Still don't want to just zip the files in folders?
***
Unauthorized ways to disable Simple Sharing on XP Home Edition. Make
sure to set restore point first.
A. from MVP Doug Knox:
http://www.microsoft.com/ntserver/nts/downloads/recommended/scm/default.asp
Instructions: Download the x86 (Intel) version of the Security
Configuration Manager and save it to your hard disk. Double click the
SCESP4I.EXE file you downloaded and extract the contents to a temporary
location on your hard disk. Then open the folder you extracted the
files to and locate the Setup.inf (Setup Information) file. Right
click Setup.inf and select Install. After the installation is
finished, reboot your computer.
If the download link on the page, listed above, does not work, try this
one - ftp://ftp.microsoft.com/bussys/winnt/winnt-public/tools/SCM
Right click the SCESP4I.EXE file and select Copy to Folder). Make sure
to read the README files!!!!
Disclaimer: I have tested this procedure on my XP Home installation,
and it works. I cannot guarantee that it will work on your system.
Make sure you create a System Restore point before proceeding.
WARNING: Adjusting the permissions on a drive, file or folder can lock
even the Administrator account out of that drive/file/folder. Deny
Permissions take precedence over Allow Permissions, regardless of your
group membership. Administrators are members of the User's group, by
default. Uncheck Allow, rather than using Deny.
B. Use CACLS, per Ron Lowe:
XP home is more tricky, for 2 reasons.
1) You cannot disable Simple File Sharing - so you cannot access the
Security tab;
2) You cannot disable Simple File Sharing - so all incoming connections
authenticate as Guest. We can't do anything about (2), but we can work
around (1) to that Guest has the same permissions as other folders.
There are 2 ways to do it:
1) Boot to safe mode and manipulate the folder permissions there ( Add
the
'Everyone' group );
or
2) Go to a command prompt.
Change Directory to the parent of the target folder. Use the CALCS
command to change the folder permissions:
We will go to a command prompt window, and use the CACLS command. In
this example, I'm making my profile directory (C:\Docs+Setts\Ron )
accessible across the network:
# First, notice that the command prompt window has opened
# with the profile directory I wish to edit as my current working
# directory ( C:\Docs+Sets\Ron ). I'm going to move up one level,
# to C:\Docs+Sets so the Ron directory is visible to me.
C:\Documents and Settings\Ron>cd ..
# Can I see the directory I want to edit?
# Let's try the DIR command and see...
C:\Documents and Settings>dir
Volume in drive C has no label.
Volume Serial Number is C4C5-AAB4
Directory of C:\Documents and Settings
12/06/2005 14:06 <DIR> .
12/06/2005 14:06 <DIR> ..
12/06/2005 13:45 <DIR> All Users
12/06/2005 14:06 <DIR> Ron
0 File(s) 0 bytes
4 Dir(s) 15,526,223,872 bytes free
# Ah, yes, there it is.
# Let's look at the existing permissions:
C:\Documents and Settings>cacls ron
C:\Documents and Settings\Ron BUILTIN\Administrators
OI)(CI)F
XP-HOME-VPC\Ron
OI)(CI)F
NT AUTHORITY\SYSTEM
OI)(CI)F
# Now, add the Everyone group, which includes Guest:
# the last 'C' means I'm granting read/write access to everyone
# including the Guest account across the network.
# Replace the 'C' with 'R' for read-only ( eg backing up ).
C:\Documents and Settings>cacls ron /E /G Everyone:C
processed dir: C:\Documents and Settings\Ron
#Now, lets look at the permissions again:
C:\Documents and Settings>cacls ron
C:\Documents and Settings\Ron BUILTIN\Administrators
OI)(CI)F
XP-HOME-VPC\Ron
OI)(CI)F
NT AUTHORITY\SYSTEM
OI)(CI)F
Everyone
OI)(CI)C
# Now the folder is accessible across the network.
# All the contents of the folder are too, because they
# inherit the parent folder's permissions.
# This works with the Program Files folder too.
C:\Documents and Settings>cd ..
C:\>cacls "program files" /E /G Everyone:C
processed dir: C:\Program Files
C:\>cacls "program files"
C:\Program Files BUILTIN\Administrators
OI)(CI)F
CREATOR OWNER
OI)(CI)(IO)F
Everyone
OI)(CI)C
NT AUTHORITY\SYSTEM
OI)(CI)F
BUILTIN\Users
OI)(CI)R
# This is now accessible across the network too.
***
OK, there you have it. Good luck.
Malke
