Share-level security in Win-XP-Home

  • Thread starter Thread starter David Cook
  • Start date Start date
D

David Cook

In Windows-XP Home edition, the docs seem to say that
file share rules (i.e. Simple File Sharing) use the 'guest'
account for access.

So, my question is: Is there someway to further 'secure' access
to file-shares in a Home-edition environment?

[i.e. it seems to me that with a network sniffer, I could learn the
netbios-name for your workgroup by sniffing the master-browser
packets on the network, then change MY Win-XP-Home
machine's workgroup name to match that workgroup name, and
bingo, I have access to your file-shares.]

[ http://www.michna.com/kb/wxnet.htm is my reference source material.]

TIA...

Dave
 
-----Original Message-----
In Windows-XP Home edition, the docs seem to say that
file share rules (i.e. Simple File Sharing) use the 'guest'
account for access.

So, my question is: Is there someway to further 'secure' access
to file-shares in a Home-edition environment?

[i.e. it seems to me that with a network sniffer, I could learn the
netbios-name for your workgroup by sniffing the master- browser
packets on the network, then change MY Win-XP-Home
machine's workgroup name to match that workgroup name, and
bingo, I have access to your file-shares.]

[ http://www.michna.com/kb/wxnet.htm is my reference source material.]

TIA...

Dave


.home is an insecure networking system meant for simple
Click to expand...
home networks with no security needs ,if you need a
secure network get xp pro installed.
 
Ok. So we are saying if ALL the machines in the network are Win-XP-Home,
then I can NOT have security on the network SHARES, right?

Next question:
If just ONE of the machines is Win-XP-Pro, and if all the shares are
located on that one (Pro) machine, then can I have all the remaining
'clients' of those shares be Win-XP-Home-edition and
have them need a password to access the shares? (and thus lockout the
interloper
on his Win-XP machine who does NOT know the password?
Can the interloper PC with a software-sniffer still sniff out the
passwords...are they sent
in plain-text when authenticating over the wire?)

Or, must the clients ALSO be running Win-XP PRO?



-----Original Message-----
In Windows-XP Home edition, the docs seem to say that
file share rules (i.e. Simple File Sharing) use the 'guest'
account for access.

So, my question is: Is there someway to further 'secure' access
to file-shares in a Home-edition environment?

[i.e. it seems to me that with a network sniffer, I could learn the
netbios-name for your workgroup by sniffing the master- browser
packets on the network, then change MY Win-XP-Home
machine's workgroup name to match that workgroup name, and
bingo, I have access to your file-shares.]

[ http://www.michna.com/kb/wxnet.htm is my reference source material.]

TIA...

Dave


.home is an insecure networking system meant for simple
Click to expand...
home networks with no security needs ,if you need a
secure network get xp pro installed.
Click to expand...
 
"David Cook" said:
In Windows-XP Home edition, the docs seem to say that
file share rules (i.e. Simple File Sharing) use the 'guest'
account for access.

So, my question is: Is there someway to further 'secure' access
to file-shares in a Home-edition environment?

[i.e. it seems to me that with a network sniffer, I could learn the
netbios-name for your workgroup by sniffing the master-browser
packets on the network, then change MY Win-XP-Home
machine's workgroup name to match that workgroup name, and
bingo, I have access to your file-shares.]

[ http://www.michna.com/kb/wxnet.htm is my reference source material.]
Click to expand...

Here are some ways to control access to XP Home's shared disks and
folders:

1. Create a hidden share and only tell selected people about it. I've
written a web page with details:

Windows XP Simple File Sharing
http://www.practicallynetworked.com/sharing/xp/filesharing.htm

2. Assign a password to the "Guest" account. When other people try
to access your computer, they'll be prompted to enter the password:

a. Click Start | Run.
b. Type "control userpasswords2" in the box and click OK.
c. Under "Users for this computer", click Guest.
d. Click Reset Password, enter a password, and click OK.

3. Create a compressed folder and define a password for it. Everyone
who accesses the folder, from the local computer or from the network,
must specify password to access the files in the compressed folder.
This Microsoft Knowledge Base article has details:

HOW TO: Use Compressed (Zipped) Folders in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;306531

4. Here are two possible solutions, but they're un-supported,
un-documented, and un-tested by Microsoft. There's no guarantee that
they'll work, and they might cause data loss or corruption. I haven't
tried them, and I don't know whether they're safe. If you want to try
them, at your own risk, back up your data first and make a restore
point.

a. Start Windows XP in "Safe Mode with Networking" (which
temporarily disables simple file sharing), share the desired
folder(s), set the permissions, and reboot normally, or:

b. Follow the procedure shown here:

http://www.dougknox.com/xp/tips/xp_home_sectab.htm
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
"David Cook" said:
Ok. So we are saying if ALL the machines in the network are Win-XP-Home,
then I can NOT have security on the network SHARES, right?

Next question:
If just ONE of the machines is Win-XP-Pro, and if all the shares are
located on that one (Pro) machine, then can I have all the remaining
'clients' of those shares be Win-XP-Home-edition and
have them need a password to access the shares? (and thus lockout the
interloper
on his Win-XP machine who does NOT know the password?
Can the interloper PC with a software-sniffer still sniff out the
passwords...are they sent
in plain-text when authenticating over the wire?)

Or, must the clients ALSO be running Win-XP PRO?
Click to expand...

Windows XP doesn't have passwords for network shares.

In XP Pro, you can disable simple file sharing and create access
control lists that specify user accounts and their allowed modes of
access. Ron Lowe and I have written a web page with full details:

Windows XP Professional File Sharing
http://www.practicallynetworked.com/sharing/xp_filesharing/index.htm

The clients can run any version of Windows, and they'll be subject to
the access control that you specify on XP Pro.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
Back
Top