XP Security

[Kevin Hollings]

I've routinely had hit-and-miss success with sharing files, directories and
drives on my LAN (3 XP units).

Occasionally, I can choose a directory on my computer and set the Share
Permissions to Full Control for EVERYONE, and it seems to work--the others
have access.

Sometimes it seems that in addition to setting Share Permissions, I have to
also allow Full Control to group EVERYONE on the Security tab.

And sometimes, it seems that in spite of both, the other units, when trying
to connect to mine, will produce a Username/Password dialogue, with the
Username set to Guest, and no password works.

In fact, I don't even have a password on my computer.

Obviously, when it works, I'm inadvertently doing something right, and
obviously not when it doesn't work. Can anyone suggest a link to a
reasonably brief but effective rundown on what has to be set, why there are
both Sharing AND Security settings, etc.?

Thanks for your help.

Kevin

 

[Roger Abell]

There are permissions on the share controlling what
access is available to whom over the network, and
there are permissions (NTFS) on the filesystem that
control who may do what no matter how accessed.

These must both grant what is being done.
Also, when NTFS grants more than the share grant,
a remote access will have no more than the share grant.

Now, why you see such variability can depend on a
number of factors.

You have not stated whether these are XP Home or Pro,
and this has an impact. You did mention use of the
security tab to set file permissions, which might mean
you have Pro (although this is available in Home when in
safe mode or if a possibly illegal hack has been applied)

Home can only be in Simple sharing mode.
Pro is in this mode by default but may be shift out from it.

When in Simple sharing, after a network access has been
authenticated the accessing account is mapped to the Guest
account for purposes of checking the NTFS grants.
This may be the reason you have sometimes needed to grant
Everyone filesystem access.

When an attempt is made to access a share, the XP will
attempt to authenticate with the account info of the account
then in use. If there is a matching account on the target machine
that is sharing out, then the share level access may happen
transparently without prompting. If not, then an authentication
prompt gets presented, and if the sharing out machine is in
Simple sharing mode this will be a prompt for Guest login.
If you have set a password for the Guest account this should
be usable in this case (assuming Guest is not disabled).

But remember, if in Simple sharing, then the NTFS grants will
need to include (indirectly as with Everyone, or directly) Guest.

When the sharing out machine is not in Simple sharing mode, then
the account that authenticates over the network (perhaps invisible
when there is a matching account) will itself need grants in the
NTFS filesystem (again, directly or via groups).

If you have Pro, this discusses sharing without Simple sharing
http://support.microsoft.com/?ID=307874

 

[Steven L Umbach]

The links below should be of help. You did not say if you are using XP Home or Pro.
There are two ways of sharing resources depending on what you are using or how you
have it configured - simple or classic which requires user authentication. My guess
from what you describe is that you have a mixture of both on your network
ossibly. --- Steve

http://www.wown.com/j_helmig/winxphom.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;304040

 

[Brian]

Basically in English, you seem to be having file sharing
problems. If you want to make this easy, Create a file
share in IPX protocol while making sure TCP/IP file
sharing is not enabled. This would prohibit internet
interference. Also IPX doesnt require much to
authenticate. You just need to set it to 802.3 or 802.2
and create a network # and make sure all the machines are
the same. Its pretty simple to set up. You can find more
info on it online if you need help.

 

[Roger Abell]

Basically in English, you seem to be having file sharing
problems. If you want to make this easy, Create a file
share in IPX protocol while making sure TCP/IP file
sharing is not enabled. This would prohibit internet
interference. Also IPX doesnt require much to
authenticate. You just need to set it to 802.3 or 802.2
and create a network # and make sure all the machines are
the same. Its pretty simple to set up. You can find more
info on it online if you need help.

Everything I discussed is operative whether the transport
protocol is Tcp/Ip or Ipx. Using Ipx for the isolation it
provides used to he very popular (before the built-in firewall
and/or personal firewall products) and this still can have a place.
However, for sharing in a local environment this adds no
simplicity, only isolation from outer Tcp/Ip only networks.
[/QUOTE]