SECURITY

Sharing Files and Folders Over the Network in Vista

9/5/2010 9:29:50 AM

Windows Vista supports two file sharing models: public file sharing and standard file sharing. Although either or both techniques can be used in both workgroups and domains, standard file sharing is preferred because it is more secure than public file sharing. Standard file sharing enables you to use a standard set of permissions to allow or deny initial access to files and folders over the network. Standard file sharing settings are enabled or disabled on a per-computer basis. Click Start and then click Network. On the Explorer toolbar, click Network And Sharing Center. Expand the File Sharing Panel by clicking the related Expand button. To enable file sharing, select Turn On File Sharing. To disable file sharing, select Turn Off File Sharing. Click Apply.

Controlling Access to Network Shares

When a user accesses a file or folder over the network and standard file sharing is enabled, two levels of permissions are used, and together they determine the actions a user can perform with regard to a particular shared file or folder. The first level of permissions comprises those set on the share itself. They define the maximum level of access. A user or a group can never have more permissions than those granted by the share. The second level of permissions are those permissions set on the files and folders. These permissions serve to further restrict the permitted actions.

Three share permissions are available.

  • Owner/Co-owner Users allowed this permission have Read and Change permissions, as well as the additional capabilities to change file and folder permissions and take ownership of files and folders. If you have Owner/Co-owner permissions on a shared resource, you have full access to the shared resource.

  • Contributor Users allowed this permission have Read permissions and the additional capability to create files and subfolders, modify files, change attributes on files and subfolders, and delete files and subfolders. If you have Contributor permissions on a shared resource, the most you can do is perform read operations and change operations.

  • Reader Users with this permission can view file and subfolder names, access the subfolders of the share, read file data and attributes, and run program files. If you have Reader permissions on a shared resource, the most you can do is perform read operations.

Permissions assigned to groups work like this: If a user is a member of a group that is granted share permissions, the user also has those permissions. If a user is a member of multiple groups, the permissions are cumulative. For example, if one group of which the user is a member has Reader access and another has Contributor access, the user will have Contributor access. If one group of which the user is a member has Reader access and another has Owner/Co-owner access, the user will have Owner/Co-owner access.

You can override this behavior by specifically denying an access permission. Denying permission takes precedence and overrides permissions that have been granted. If you don't want a user or a group to have a permission, configure the share permissions so the user or the group is denied that permission. For example, if a user is a member of a group that has been granted Owner/Co-owner permissions for a share, but the user should only have Contributor permissions, configure the share to deny Owner/Co-owner permissions to that user.

Creating a Shared Resource

Files and folders can be shared in both workgroups and domains. To share the first resource on a computer, you must be a local administrator. Sharing the first resource opts in the computer for sharing other resources and allows any user to share resources they own or to which they have appropriate access permissions.

You can create shares using several different tools, including the following:

  • Windows Explorer Use Windows Explorer when you want to share files and folders on the computer to which you are logged on.

  • Computer Management Use Computer Management when you want to share folders on any computer to which you can connect.

  • NET SHARE Use NET SHARE from the command line when you want to use a script to share folders. Type net share /? at the command prompt for the syntax of the command.

Creating a shared resource is a multipart process. First, you share the file so that it can be accessed, then you set the share permissions. Afterward, you should check and modify as necessary the file-system permissions. This section examines sharing a resource and setting its permissions using Windows Explorer and Computer Management. 

Sharing a Resource and Setting Share Permissions in Windows Explorer

To share a file or folder and set its permissions using Windows Explorer, follow these steps:

  1. In Windows Explorer, right-click the file or folder you want to share and select Share. This opens the File Sharing dialog box, shown in Figure 1.

    Image from book
    Figure 1: Use the File Sharing dialog box to configure sharing of the selected file or folder.

  2. Click the selection button (the down arrow) to the right of the text entry field provided and then select Find. This opens the Select Users Or Groups dialog box.


    		Tip 

    Be sure to check the value of the From This Location field. In workgroups, computers will always only show local accounts and groups. In domains, this field is changeable and set initially to the default (logon) domain of the currently logged on user. If this isn't the location you want to use for selecting user and group accounts to work with, click Locations to see a list of locations you can search, including the current domain, trusted domains, and other resources that you can access.

  3. In the Enter The Object Names To Select field, type the name of a user or a group account previously defined in the selected or default domain. Be sure to reference the user account name rather than a user's full name. When entering multiple names, separate them with semicolons.

  4. Click Check Names. If a single match is found for each of your entries, the dialog box is automatically updated as appropriate and the entry is underlined. Otherwise, you'll see an additional dialog box. When no matches are found, you've either entered an incorrect name part or you're working with an incorrect location. Modify the name in the Name Not Found dialog box and try again, or click Locations to select a new location. When multiple matches are found, select the name(s) you want to use in the Multiple Names Found dialog box and then click OK.

  5. When you click OK, the users and groups are added to the Name list. You can then configure permissions for each user and group added by clicking an account name to display the Permission Level options and then choosing the appropriate permission level. The options for permission levels are Reader, Contributor, and Co-owner.

  6. Finally, click Share to create the share. After Windows Vista creates the share and makes it available for use, note the share name. This is the name by which the shared resource can be accessed. If you want to e-mail a link to the shared resource to someone, click E-mail These Links. If you want to copy a link to the shared resource to the Windows clipboard, click Copy The Links. Click Done when you are finished.

Changing or Stopping Sharing

If you right-click a file or folder that is shared and select Share, you'll see a different view of the File Sharing dialog box. This view enables you to:

  • Change sharing permissions Clicking Change Sharing Permissions displays the original view of the File Sharing dialog box. You can grant access to additional users and groups as discussed previously. To remove access for a user or group, click the user or group in the Name list and then select Remove. When you are finished making changes, click Share to reconfigure the sharing options and then click Done.

  • Stop Sharing Clicking Stop Sharing removes the share configuration. After

Windows Vista removes sharing, click Done to close the File Sharing dialog box.

Sharing a Folder and Setting Share Permissions in Computer Management

Using Computer Management, you can share a folder on any computer to which you have administrator access. By connecting remotely to the computer rather than logging on locally, you typically save time because you don't need to access the computer or leave your desk. Follow these steps to use Computer Management to share a folder:

  1. To start Computer Management, click Start, right-click Computer, and choose Manage. By default, Computer Management connects to the local computer, and the root node of the console tree has the Computer Management (Local) label.


    		Tip 

    If you want to use the Create A Shared Folder Wizard to share a folder on a local computer, start the wizard directly and skip steps 1–4. Simply type shrpubw at an elevated command prompt and then click Next when the wizard starts.

  2. Right-click Computer Management in the console tree and then select Connect To Another Computer. In the Select Computer dialog box, the Another Computer option is selected by default. Type the fully qualified domain name of the computer you want to work with, such as http://www.engpc08.microsoft.com, where engpc08 is the computer name and http://www.microsoft.com is the domain name. If you don't know the computer name, click Browse to search for the computer with which you want to work.

  3. Expand System Tools and Shared Folders and then select Shares to display the current shared folders on the system you are working with, as shown in Figure 2.

    Image from book
    Figure 2: All available shared folders on the computer are listed on the Shares node.

  4. To start the Create A Shared Folder Wizard, right-click Shares and then select New Share. Click Next to display the Folder Path page.

  5. In the Folder Path field, type the full path to the folder that you want to share, such as C:\Data. If you don't know the full path, click Browse and then use the Browse For Folder dialog box to find the folder you want to share. The Browse For Folder dialog box will also let you create a new folder that you can then share. Click Next to display the Name, Description, And Settings page.

  6. In the Share Name field, type a name for the share. Share names must be unique for each system. They can be up to 80 characters in length and can contain spaces. If you want to provide support for Windows 98, Windows Me, or Windows NT, you should limit the share name to 12 characters or fewer.

  7. Type a description of the share's contents in the Share Description field.


    		Tip 

    By default, only files and programs that users specify are available for offline use. Click Change if you want to modify the default offline files settings. You can then either make all files and programs available for offline use by selecting All Files And Programs or make no files and programs available for offline use by selecting Files Or Programs For The Share Will Not Be Available Offline. Click OK.

  8. When you are ready to continue, click Next to display the Shared Folder Permissions page. The available options are as follows:

    • q All Users Have Read-Only Access Default option. Gives users the right to view files and read data but restricts them from creating, modifying, or deleting files and folders.

    • q Administrators Have Full Access; Other Users Have Read-Only Access Gives administrators full access to the share and gives other users read-only access. Administrators can create, modify, and delete files and folders. On NTFS, it also gives administrators the right to change permissions and to take ownership of files and folders. Other users can only view files and read data. They can't create, modify, or delete files and folders.

    • q Administrators Have Full Access; Other Users Have No Access Gives only administrators full access to the share.

    • q Customize Permissions Enables you to configure access for specific users and groups, which is usually the best technique to use. To use this option, select Customize Permissions, click Custom, and then follow set permissions as appropriate for the share.

  9. After you set up permissions on the share, click Next and then click Finish to share the folder. Click Finish again to exit the wizard.

If you later want to stop sharing the folder, you can do this in Computer Management by right-clicking the shared folder and selecting Stop Sharing. When prompted to confirm the action, click Yes.

Using and Accessing Shared Resources

Once you share a file or folder, users can connect to it as a network resource or map to it by using a driver letter on their machines. Once a network drive is mapped, users can access it just as they would a local drive on their computer.

You can map a network drive to a shared file or folder by completing the following steps:

  1. Click Start and then click Computer. In Windows Explorer, click the Map Network Drive button on the toolbar. This displays the Map Network Drive dialog box, shown in Figure 3.

    Image from book
    Figure 3: Map the share you want to use to a network drive.


    		Tip 

    The Tools menu is only available when classic menus are displayed in Windows Explorer. If the classic menus are not shown, click Organize, click Layout, and then click Classic Menus.

  2. Use the Drive field to select a free drive letter to use and then click the Browse button to the right of the Folder field. In the Browse For Folder dialog box, expand the Network folders until you can select the name of the workgroup or the domain with which you want to work.

  3. When you expand the name of a computer in a workgroup or a domain, you'll see a list of shared folders. Select the shared folder you want to work with and then click OK.

  4. Select Reconnect At Logon if you want Windows Vista to connect to the shared folder automatically at the start of each session.

  5. If your current logon doesn't have appropriate access permissions for the share, click the Different User Name link. You can then enter the user name and password of the account with which you want to connect to the shared folder. Typically, this feature is used by administrators who log on to their computers with a limited account and also have an administrator account for managing the network.

  6. Click Finish.

If you later decide you don't want to map the network drive, click Start and then click Computer. In Windows Explorer, under Network Location, right-click the network drive icon and choose Disconnect.

Using and Accessing Shared Folders for Administration

In Windows Vista, you'll find several special shares are created automatically and are intended for use by administrators or the operating system. Most of the special shares are hidden from users because of a dollar sign ($) that has been added to the end of the share name. As an administrator, you occasionally might need to create your own hidden shares or work with the already available special shares.

Creating a hidden share is fairly easy. All you need to do is add a dollar sign ($) to the end of the share name. For example, if you want to share the C:\Reports folder but don't want it to be displayed in the normal file share lists, naming it Reports$ rather than Reports is all it would take to hide the share. Hiding a share doesn't control access to the share, however. Access to shares is controlled using permissions, regardless of whether a share is normal or hidden.

Which special shares are available on a system depends on the system's configuration. This means some computers might have more special shares than others. The most commonly found special and administrative shares are listed in Table 1.

Table 1: Special and Administrative Shares

Share Name

Description

C$, D$, E$, and Other Local Disk Shares

A special share to the root of a drive. All local disks, including CD/DVD-ROM drives and their shares, are known as C$, D$, E$, and so on. These shares allow members of the Administrators and Backup Operators groups to connect to the root folder of a local disk and perform administrative tasks. For example, if you map to C$, you are connecting to C:\ and have full access to this local disk.

ADMIN$

An administrative share for accessing the %SystemRoot% folder in which the operating system files reside. This share is meant to be used for remote administration. For administrators working remotely with systems, ADMIN$ provides a convenient shortcut for directly accessing the operating system folder.

IPC$

An administrative share used to support named pipes that programs use for interprocess (or process-to-process) communications. Because named pipes can be redirected over the network to connect local and remote systems, they also enable remote administration.

PRINT$

Supports printer sharing by providing access to printer drivers.

Whenever you share a printer, the system puts the printer drivers in this share so that other computers can access them as needed.

The best tools to use when you want to work with any special or otherwise hidden shares are the NET SHARE command and Computer Management. To see a list of all shares on the local computer, including special shares for administrators, simply type net share at a command prompt. To see a list of all shares available on any computer on the network, complete the following steps:

  1. To start Computer Management, click Start, right-click Computer, and choose Manage. By default, Computer Management connects to the local computer, and the root node of the console tree has the Computer Management (Local) label.

  2. Right-click Computer Management in the console tree and then select Connect To Another Computer. In the Select Computer dialog box, the Another Computer option is selected by default. Type the fully qualified domain name of the computer you want to work with, such as http://www.engpc08.microsoft.com, where engpc08 is the computer name and http://www.microsoft.com is the domain name. If you don't know the computer name, click Browse to search for the computer you want to work with.

  3. Expand System Tools and Shared Folders and then select Shares to display a list of the shares on the system you are working with.

Sometimes when you are managing folders or files, you might not want users to be connected to a shared folder. For example, if you need to move files to a new location, before you move the files, you might want to ensure no one is using them. One way to see who is working with shared folders and their related files is to examine user sessions and open files.

Every user who connects to a shared folder creates a user session. To determine who is currently connected, click Sessions under Shared Folders in the console tree. The current users are listed in the right pane. To disconnect a user and end his or her session, right-click the session entry in the right pane, select Close Session, and then click OK to confirm the action. To disconnect all user sessions, right-click Sessions in the console tree, select Disconnect All Sessions, and then click OK to confirm the action.

Every shared file that is being accessed is listed as an open file. To determine which files are open, click Open Files under Shared Folders in the console tree. The currently open files are listed in the right pane. To close an open file, right-click the related entry in the right pane, select Close Open File, and then click OK to confirm the action. To close all open files, right-click Open Files in the console tree, select Disconnect All Open Files, and then click OK to confirm the action.
Other  
 
Top 10
Review : Sigma 24mm f/1.4 DG HSM Art
Review : Canon EF11-24mm f/4L USM
Review : Creative Sound Blaster Roar 2
Review : Philips Fidelio M2L
Review : Alienware 17 - Dell's Alienware laptops
Review Smartwatch : Wellograph
Review : Xiaomi Redmi 2
Extending LINQ to Objects : Writing a Single Element Operator (part 2) - Building the RandomElement Operator
Extending LINQ to Objects : Writing a Single Element Operator (part 1) - Building Our Own Last Operator
3 Tips for Maintaining Your Cell Phone Battery (part 2) - Discharge Smart, Use Smart
REVIEW
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
VIDEO TUTORIAL
- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)
Popular Tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8