Select Page

How to Secure Shared Folders

What is folder sharing?
In Windows 2000/XP, a service called File and Printer Sharing is turned on by default. Files are shared by enabling shared access to a folder. Hence, for simplification, we shall just refer to it as shared folders.

What is the risk?
Be default, Windows XP uses a sharing type called Simple File Sharing  (SFS).  This type of sharing allows anyone on the network to access your shared files and folders without a password.**   It is more suited towards a small network where you know the other users and trust them; for example, a home network.  Also, in Windows 2000 and Windows XP (with SFS turned off), if your administrator’s password is weak, an attacker can get  into your computer and cause a lot of damage.

**For more details, please see Microsoft’s instructions on how to configure file sharing.

What can I do?
Ask yourself if you need to share files/folders. Yes or No?

If you do not need to share files/folders, turn off File and Print Sharing and/or turn off the firewall exception for  File and Print sharing (webpage to explain this in progress).

Windows 7

  • By Default, Windows 7 does not have Folder Sharing enabled.
  • You must change the properties of the folder to be shared to allow for it, as well as specify which users may have access to it.
  • See Microsoft’s site for further information: File Sharing Essentials for Windows 7.

Windows XP

  • Click Start, click Run…, and type in “ncpa.cpl”
    run_netprop
    Press Enter/Click OK
  • For each network entry, perform the next two steps:
    Right-click and select Properties
    lan_properties
    Wired networks are usually called Local Area Connection and Wireless networks are called Wireless Network Connection

 

  • In the box that lists This connection uses the following items:
    Un-check the File and Printer Sharing for Microsoft Networks
    file_print_off
    Click OK

 

If you do need to share folders, please make sure  to

  1. Create a limited account to use for sharing:
    Click Start, Click Run…, enter “nusrmgr.cpl”, Click
    Create a new account,
    Enter a username, click Next, click Limited, and click Create Account
    acct_limited
  2. Make sure you have strong passwords for ALL the accounts on your computer
  3. Set permissions on your shared folders
      • Right-click on the folder to be shared and select Sharing and
        Security…
        folder_prop

     

  4. Select Share this folder to enable sharing and change the  Share name if you wish, then click on Permissions
    folder_sharing
  5. Remove Everyone and add the user created earlier for sharing
    folder_perm folder_perm2
    Make sure to Allow the minimum needed permissions

*Simple file sharing is on always for XP Home.  It can be disabled in XP Pro.

**For more details, please see Microsoft’s instructions on how to configure file sharing.

Note: Staff-managed machines will need File and Printer Sharing to be left on, so please do not turn it off.