Sharing USER folders on a small network - Sharing & Security Setti

G

Guest

FEEDBACK IS WELCOMED AND ENCOURAGED ABOUT SECURITY ISSUES OF THIS *TIP*! (For
XP Pro, MCE and Home.)

I have seen many posts from people who are unable to share personal USER
folders across a network, even though the computers can see each other, they
can access OTHER folders, and the desired USER folders have been shared. (The
same problem often exists for Program Files, Windows and other system
folders.) I have struggled for years with this Microsoft "feature."

I have seen many workarounds (like copying files to a folder outside of
Documents and Settings). I have tried disabling Simple File Sharing, but that
is only a first step and is not an option for WinXP Home. I have tried MANY
other "fixes" like "Enable the Guest Account" but nothing seems to work.
UNTIL NOW! I found a tip showing how to access security and access settings
in Win XP Home and getting around the "Simple File Sharing" problem.

Following is a summary of how I FINALLY was able to share all of my files
and folders between WinXP Home, WinXP Pro and WinXP MCE on my small network.
(It has worked for me on several systems since!)

DISCLAIMER: I am not a computer professional and do not know the security
implications of making the following changes. I have not been able to find
any help determining the security issues.
So BEFORE YOU TRY THIS:

1. Be sure that you are on a small, secure network (like a Home Office
setting) in which all users are trusted and responsible. You DO NOT want to
grant Full Access to your system in a larger office or when you have children
with access to your computer!
2. SET A SYSTEM RESORE POINT!!!
3. Be sure you have a *secure* firewall in place. Ideally, use a hardware
AND software Firewall.
4. If you are using a wireless router, be sure to enable WPA encryption and
use a good password. (WEP is no longer secure. If needed. Get a firmware
upgrade or a new router to support WPA.)

(Aside: Anybody know how to make shares password protected?)

---------------------------------------------------

FOLLOWING ARE ALL THE STEPS I TOOK on Win XP Pro, MCE (Section 1) and XP
Home (Section 2). . .
---------------------------------------------------

SECTION 1: Windows XP Pro or Media Center Edition:
---------------------------------------------------

1) To disable simple file sharing, follow these steps:

a. Click Start, and then click My Computer.
b. On the Tools menu, click Folder Options, and then click the View tab.
c. In the Advanced Settings section, clear the Use simple file sharing
(Recommended) check box.
d. Click OK.

2) To share a folder or a drive with other users, follow these steps:

a. Click Start, click My Computer, and then locate the folder or drive that
you want to share.
b. Right-click the folder or drive, and then click Sharing and Security.
c. On the Sharing tab, click Share this folder.
d. To change the share name of the shared folder or drive, type a new name
in the Share name box. Other users see the new name when they connect to this
shared folder or drive. The actual name of the folder or drive does not
change.
e. To add a comment about the shared folder or drive, type the text in the
Comment box.
f. To limit the number of people who can connect to the shared folder or
drive at the same time, click Allow under User limit, and then type the
number of users.
g. To set share permissions on the shared folder or drive, click Permissions.

2b) IN SOME CASES, YOU MAY NEED TO REPEAT THE ABOVE STEPS FOR SPECIFIC
SUB-FOLDERS THAT "RESIST" SHARING (especially personal folders in "Documents
and Settings," "Program Files," "Windows," and certain other system folders).

3) To enable access to shared folders by specific groups, follow these steps:

a. Click Start, click My Computer, and then locate the folder or drive that
you want to share.
b. Right-click the folder or drive, and then click Sharing and Security.
c. On the Security tab, look under "Group or user names" for an entry
called "Everyone."
d. If "Everyone" is there, select the group and check the box for "Full
Control" in the "Allow" column. Repeat for all other groups in the list to
verify that they have Full Control as well.

WARNING! THE "DENY" CHECKBOXES ARE DANGEROUS!!! You may lock out even the
Administrator if you make a mistake here. It is better to uncheck "Allow"
than to check "Deny."

e. If "Everyone" is not listed, you must add it with the following steps:

i. Click the "Add" button.
ii. In the resulting dialog box, click the "Advanced" button.
iii. In the next dialog box, click the "Find Now" button.
iv. In the resulting list at the bottom, scroll down to "Everyone" and
highlight it.
v. Click OK, then OK again.
vi. Now "Everyone" should be listed in the "Group or user names" list.
vii. Be sure "Everyone is highlighted and check the box for "Full Control"
in the "Allow" column.

f. Once all groups have been Allowed "Full Control," click on "Apply."

NOTE: THIS MAY TAKE SEVERAL MINUTES TO COMPLETE, especially for large
folders or a whole drive.

3b) IN SOME CASES, YOU MAY NEED TO REPEAT THE ABOVE STEPS FOR SPECIFIC
SUB-FOLDERS THAT "RESIST" SHARING (especially personal folders in "Documents
and Settings," "Program Files," "Windows," and certain other system folders).

---------------------------------------------------

SECTION 2: ON WINDOWS XP HOME:
---------------------------------------------------

1) Boot the computer in Safe Mode.

a. Repeatedly press F8 early in the boot process to call up the boot menu.
b. Use the arrow key to highlight "Safe Mode" and hit enter.
Be patient; Safe Mode boots slowly.

2) Click "Yes" if prompted for permission to complete the boot into Safe Mode.

3) Login as Administrator (if prompted for a username), and supply password
if needed.

4) Click "Start/Accessories/Windows Explorer" to open a Windows Explorer
window.

5) Navigate to the drive or folder you wish to share.
Highlight it in the left pane so its contents appear in the right pane.

6) Select the menu Tools/Folder Options.

7) On the "View" tab, be sure the following items are selected:

a. [CHECK] Display the contents of system folders
b. [Radio-Button] Show hidden files and folders
c. [UN-CHECK] Hide protected operating system files (Recommended)

NOTE: This will help ensure that permissions and security settings will be
propagated to all (most?) sub-folders under the folder being changed. For
example, there is data in each personal user folder for "Application Data"
that is normally hidden.

8) Click on "Apply," the "Apply to All Folders," and finally "OK."

9) Now follow steps 2, 2b, 3, and 3b written in the section above for
"WINDOWS XP PRO or Media Center Edition."

Keep in mind that some subfolder resources may need to be explicitly
modified to get access. For example, if you set Full Access for "Documents
and Settings," you may ALSO need to set Full Access for "USER1" and "USER2"
or "USER1/Application Data" separately, etc.

10) Reboot the computer normally (not in Safe Mode) and test the access to
the newly shared folders. Note any folders that still result in the dreaded
"Access is denied" error. Repeat the above steps explicitly for these
stubborn subfolders as needed.
 
C

Chuck

FEEDBACK IS WELCOMED AND ENCOURAGED ABOUT SECURITY ISSUES OF THIS *TIP*! (For
XP Pro, MCE and Home.)
Click to expand...
I hope this works for you too! Comments?
Click to expand...

Srtriano,

It's an excellently detailed set of steps to be taken, but for effective
reference, you need to start with the circumstances and symptoms observed.
There are many possible problems with Windows Networking and file sharing in
general. Two additional items which may be relevant to many readers here,
depending upon their circumstances, are:
# Misconfigured or overlooked firewalls.
<http://nitecruzr.blogspot.com/2005/10/irregularities-in-workgroup-visibility.html>
http://nitecruzr.blogspot.com/2005/10/irregularities-in-workgroup-visibility.html

# Improperly or non activated account used for sharing (Guest, or non-Guest).
<http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Help>
http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Help

Rather than creating a flat text file, you might find it easier to use a web
page, liberally hyperlinked, and frequently updated. The readers might find one
more useful too. Free services like Blogspot make setting one up a matter of
minutes.
<http://www.blogger.com/>
 
G

Guest

My take on this (which is as you say THE most common question in here) is
that while getting networks up-and-running can be tricky, the problems are
exacerbated by the way in which many people go about it.

The wholesale sharing of personal-folders from multiple networked computers
is a case of applying standalone-computer methods to a network. Methods which
are inappropriate to the situation, and which create a great deal of extra
troubleshooting-work for the installer.

For a five-computer system sharing personal-folders, each computer needs to
be able to establish four network-connections to its compatriots, twenty in
total. If any of those connections fails, then you have a problem, and a fix
must be found, no matter how much time it takes. For ten peers, that's ninety
connections to get working.

The correct method of supplying files to networked computers is to designate
a central information-store, i.e. a fileserver. By this I don't necessarily
mean a costly specialist machine, typical workstation-hardware will do these
days. In this case, each computer need only 'see' one resource, so the
troubleshooting involved in getting it networked is minimal. Plus which, if
one workstation can 'see' the server, chances are the others will too.
Working like this does create an (undesirable) single point of failure, true,
but in practice it is very much easier to have an action-plan for the
contingency of the server failing, than to plan for an unspecified number of
user-folders going offline or being corrupted.

The counterargument that this means the server has to be left-on 24/7 -
wasting power - is also a fallacious one, the truth being that in a
peer-shared situation no-one dare switch any computer off in case that
adversely-affects other users*, so in fact ten computers get left-on 24/7
instead of one.

* I recall one case where I switched off one computer in a peer-group, and
this caused Excel to crash on several other workstations. Turned out that
because of limited disk space, they had actually installed the Excel
program-files into a shared folder on one of the peers! Trying to debug a
network like this is like dealing with a UXB.

So basically, while you are correct about the faultfinding procedures to
take, the other way to avoid grief is to minimize the faultfindng required by
adopting a better nertwork strategy.
 
G

Guest

Thanks for the tip on sharing "detailed" posts. I don't frquent the
newsgroups, so I was a bit lazy today.

As for the "circumstances and symptoms," my post is directed at users with a
small network (probably just 2 to 3 home computers or private office) with
everything apparently working OK, EXCEPT there is an error "Access is Denied"
when trying to view/open files in USER Folders (C:\Documents and
Settings\(USERNAME)\. . .) or system folders (Program Files, Windows, etc.).
In my experience, simply "Sharing" the resources is *never* enough. Hopefully
the steps I outlined are useful without opening gaping security holes.

As for the "correct method of supplying files to networked computers" (as
described by Ian), I agree that a central storage solution is ideal--if you
have a real office. But there are *many thousands* of us who have a simple
network of just a desktop+laptop and little else. For this *very* common
situation, a way to share/access/synchronize our data in the USER folders is
a reasonable solution. (I wish I could call it the "easy" solution! Are you
listening Microsoft?)
 
C

Chuck

Thanks for the tip on sharing "detailed" posts. I don't frquent the
newsgroups, so I was a bit lazy today.

As for the "circumstances and symptoms," my post is directed at users with a
small network (probably just 2 to 3 home computers or private office) with
everything apparently working OK, EXCEPT there is an error "Access is Denied"
when trying to view/open files in USER Folders (C:\Documents and
Settings\(USERNAME)\. . .) or system folders (Program Files, Windows, etc.).
In my experience, simply "Sharing" the resources is *never* enough. Hopefully
the steps I outlined are useful without opening gaping security holes.
Click to expand...

Check out "access denied", which is one of the most versatile error messages
reported in this, and similar, forums.
As for the "correct method of supplying files to networked computers" (as
described by Ian), I agree that a central storage solution is ideal--if you
have a real office. But there are *many thousands* of us who have a simple
network of just a desktop+laptop and little else. For this *very* common
situation, a way to share/access/synchronize our data in the USER folders is
a reasonable solution. (I wish I could call it the "easy" solution! Are you
listening Microsoft?)
Click to expand...

Careful, don't encourage them. What do you think XP Home and Simple (yeah
right) File Sharing was? And then there's Briefcase.

But Ian's right in part. Centralised file stores make a lot of sense. With NAS
devices being sold retail now (the Linksys EFG120 for instance), why should any
small office share data on any single personal computer? However, centralising
your file store is not a solution to common Windows Networking problems. Even
with NAS, if you don't setup your network correctly, you'll still see "access
denied".
 
C

Chuck

My take on this (which is as you say THE most common question in here) is
that while getting networks up-and-running can be tricky, the problems are
exacerbated by the way in which many people go about it.

The wholesale sharing of personal-folders from multiple networked computers
is a case of applying standalone-computer methods to a network. Methods which
are inappropriate to the situation, and which create a great deal of extra
troubleshooting-work for the installer.

For a five-computer system sharing personal-folders, each computer needs to
be able to establish four network-connections to its compatriots, twenty in
total. If any of those connections fails, then you have a problem, and a fix
must be found, no matter how much time it takes. For ten peers, that's ninety
connections to get working.

The correct method of supplying files to networked computers is to designate
a central information-store, i.e. a fileserver. By this I don't necessarily
mean a costly specialist machine, typical workstation-hardware will do these
days. In this case, each computer need only 'see' one resource, so the
troubleshooting involved in getting it networked is minimal. Plus which, if
one workstation can 'see' the server, chances are the others will too.
Working like this does create an (undesirable) single point of failure, true,
but in practice it is very much easier to have an action-plan for the
contingency of the server failing, than to plan for an unspecified number of
user-folders going offline or being corrupted.

The counterargument that this means the server has to be left-on 24/7 -
wasting power - is also a fallacious one, the truth being that in a
peer-shared situation no-one dare switch any computer off in case that
adversely-affects other users*, so in fact ten computers get left-on 24/7
instead of one.

* I recall one case where I switched off one computer in a peer-group, and
this caused Excel to crash on several other workstations. Turned out that
because of limited disk space, they had actually installed the Excel
program-files into a shared folder on one of the peers! Trying to debug a
network like this is like dealing with a UXB.

So basically, while you are correct about the faultfinding procedures to
take, the other way to avoid grief is to minimize the faultfindng required by
adopting a better nertwork strategy.
Click to expand...

Centralising your file stores, and even your network control, makes a lot of
sense.
<http://nitecruzr.blogspot.com/2005/08/setting-up-domain-or-workgroup-plan.html>
http://nitecruzr.blogspot.com/2005/08/setting-up-domain-or-workgroup-plan.html

But centralising any network functions, before fixing the problems, is just
going to lead to bigger problems. Neither domains, nor NAS, will resolve
problems. Both just make your network easier to manage, which prevents other
problems in the long run. The "access denied" error still shows up in domains;
with centralised administration, it just means any problems created will affect
more people simultaneously.
<http://nitecruzr.blogspot.com/2005/06/mysterious-error-5-aka-access-denied.html>
http://nitecruzr.blogspot.com/2005/06/mysterious-error-5-aka-access-denied.html
 
G

Guest

A topical subject, as I've just been on a marathon techsupport call with a
chap who's lost about three months' worth of production-logs. This despite
being a conscientious user who does regular backups.

He'd been saving the files into a "My Documents" shortcut on the desktop -
as one does - and then using Microsoft Backup to "Backup his personal files
and settings" as the Wizard puts it. Now, anyone would think that ought to
about cover it. What he didn't know was that the "My Documents" folder on his
desktop was a crosslink into another profile entirely, and no backups were
being done of that profile.

So, I spent a long time by remote access trying to recover the data by
undeletion, etc. but to no avail.

I just mention this as a classic example of the way in which decentralised
file-storage arrangements can defeat even the most rigorous backup-regime.

Ian.
 
P

Peter

Thanks!

This has solved all my network sharing problems. I wish I had known much
sooner - I've struggled on and off with such problems for a couple of years.

Peter


srtriano said:
FEEDBACK IS WELCOMED AND ENCOURAGED ABOUT SECURITY ISSUES OF THIS *TIP*!
(For
XP Pro, MCE and Home.)

I have seen many posts from people who are unable to share personal USER
folders across a network, even though the computers can see each other,
they
can access OTHER folders, and the desired USER folders have been shared.
(The
same problem often exists for Program Files, Windows and other system
folders.) I have struggled for years with this Microsoft "feature."

I have seen many workarounds (like copying files to a folder outside of
Documents and Settings). I have tried disabling Simple File Sharing, but
that
is only a first step and is not an option for WinXP Home. I have tried
MANY
other "fixes" like "Enable the Guest Account" but nothing seems to work.
UNTIL NOW! I found a tip showing how to access security and access
settings
in Win XP Home and getting around the "Simple File Sharing" problem.

Following is a summary of how I FINALLY was able to share all of my files
and folders between WinXP Home, WinXP Pro and WinXP MCE on my small
network.
(It has worked for me on several systems since!)

DISCLAIMER: I am not a computer professional and do not know the security
implications of making the following changes. I have not been able to find
any help determining the security issues.
So BEFORE YOU TRY THIS:

1. Be sure that you are on a small, secure network (like a Home Office
setting) in which all users are trusted and responsible. You DO NOT want
to
grant Full Access to your system in a larger office or when you have
children
with access to your computer!
2. SET A SYSTEM RESORE POINT!!!
3. Be sure you have a *secure* firewall in place. Ideally, use a hardware
AND software Firewall.
4. If you are using a wireless router, be sure to enable WPA encryption
and
use a good password. (WEP is no longer secure. If needed. Get a firmware
upgrade or a new router to support WPA.)

(Aside: Anybody know how to make shares password protected?)

---------------------------------------------------

FOLLOWING ARE ALL THE STEPS I TOOK on Win XP Pro, MCE (Section 1) and XP
Home (Section 2). . .
---------------------------------------------------

SECTION 1: Windows XP Pro or Media Center Edition:
---------------------------------------------------

1) To disable simple file sharing, follow these steps:

a. Click Start, and then click My Computer.
b. On the Tools menu, click Folder Options, and then click the View tab.
c. In the Advanced Settings section, clear the Use simple file sharing
(Recommended) check box.
d. Click OK.

2) To share a folder or a drive with other users, follow these steps:

a. Click Start, click My Computer, and then locate the folder or drive
that
you want to share.
b. Right-click the folder or drive, and then click Sharing and Security.
c. On the Sharing tab, click Share this folder.
d. To change the share name of the shared folder or drive, type a new name
in the Share name box. Other users see the new name when they connect to
this
shared folder or drive. The actual name of the folder or drive does not
change.
e. To add a comment about the shared folder or drive, type the text in the
Comment box.
f. To limit the number of people who can connect to the shared folder or
drive at the same time, click Allow under User limit, and then type the
number of users.
g. To set share permissions on the shared folder or drive, click
Permissions.

2b) IN SOME CASES, YOU MAY NEED TO REPEAT THE ABOVE STEPS FOR SPECIFIC
SUB-FOLDERS THAT "RESIST" SHARING (especially personal folders in
"Documents
and Settings," "Program Files," "Windows," and certain other system
folders).

3) To enable access to shared folders by specific groups, follow these
steps:

a. Click Start, click My Computer, and then locate the folder or drive
that
you want to share.
b. Right-click the folder or drive, and then click Sharing and Security.
c. On the Security tab, look under "Group or user names" for an entry
called "Everyone."
d. If "Everyone" is there, select the group and check the box for "Full
Control" in the "Allow" column. Repeat for all other groups in the list to
verify that they have Full Control as well.

WARNING! THE "DENY" CHECKBOXES ARE DANGEROUS!!! You may lock out even the
Administrator if you make a mistake here. It is better to uncheck "Allow"
than to check "Deny."

e. If "Everyone" is not listed, you must add it with the following steps:

i. Click the "Add" button.
ii. In the resulting dialog box, click the "Advanced" button.
iii. In the next dialog box, click the "Find Now" button.
iv. In the resulting list at the bottom, scroll down to "Everyone" and
highlight it.
v. Click OK, then OK again.
vi. Now "Everyone" should be listed in the "Group or user names" list.
vii. Be sure "Everyone is highlighted and check the box for "Full Control"
in the "Allow" column.

f. Once all groups have been Allowed "Full Control," click on "Apply."

NOTE: THIS MAY TAKE SEVERAL MINUTES TO COMPLETE, especially for large
folders or a whole drive.

3b) IN SOME CASES, YOU MAY NEED TO REPEAT THE ABOVE STEPS FOR SPECIFIC
SUB-FOLDERS THAT "RESIST" SHARING (especially personal folders in
"Documents
and Settings," "Program Files," "Windows," and certain other system
folders).

---------------------------------------------------

SECTION 2: ON WINDOWS XP HOME:
---------------------------------------------------

1) Boot the computer in Safe Mode.

a. Repeatedly press F8 early in the boot process to call up the boot menu.
b. Use the arrow key to highlight "Safe Mode" and hit enter.
Be patient; Safe Mode boots slowly.

2) Click "Yes" if prompted for permission to complete the boot into Safe
Mode.

3) Login as Administrator (if prompted for a username), and supply
password
if needed.

4) Click "Start/Accessories/Windows Explorer" to open a Windows Explorer
window.

5) Navigate to the drive or folder you wish to share.
Highlight it in the left pane so its contents appear in the right pane.

6) Select the menu Tools/Folder Options.

7) On the "View" tab, be sure the following items are selected:

a. [CHECK] Display the contents of system folders
b. [Radio-Button] Show hidden files and folders
c. [UN-CHECK] Hide protected operating system files (Recommended)

NOTE: This will help ensure that permissions and security settings will be
propagated to all (most?) sub-folders under the folder being changed. For
example, there is data in each personal user folder for "Application Data"
that is normally hidden.

8) Click on "Apply," the "Apply to All Folders," and finally "OK."

9) Now follow steps 2, 2b, 3, and 3b written in the section above for
"WINDOWS XP PRO or Media Center Edition."

Keep in mind that some subfolder resources may need to be explicitly
modified to get access. For example, if you set Full Access for "Documents
and Settings," you may ALSO need to set Full Access for "USER1" and
"USER2"
or "USER1/Application Data" separately, etc.

10) Reboot the computer normally (not in Safe Mode) and test the access to
the newly shared folders. Note any folders that still result in the
dreaded
"Access is denied" error. Repeat the above steps explicitly for these
stubborn subfolders as needed.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

disabling simple file sharing+sharing folder gives network full ac 1
Sharing folders 3
File Sharing Issues - Can't Get My Home Network Running 5
Sharing folders problem. 2
File Sharing problem - "Security" problems 1
File sharing problem WinXP Home and WinXP Pro 1
Windows XP File Sharing Password prompt 2
Network File Sharing 8

Top