How to share the "Shared Documents" folder in the LAN on a system
running Windows XP Professional with SP3 installed
1) Generic:
The following guide works fine running Windows XP Pro with SP3 installed.
Since there are no experiences in working with Windows XP Home,
it might be possible not to get the expected results with WXP Home.
Also there is a registry hint that might avoid to set (or create)
some registry keys or values if running WinXP Home (more about this later).
This guide has been written, because applying service pack 3 leads to
several security hints due to sharing folders within a workgroup.
Since there are many changes to be made in the registry, it is very
strongly suggested to backup the registry very first. A faulty edited
registry leads to an unstable or even unbootable system. Please note,
that every change you perform in the registry editor is stored immediately.
If you've decided to share folders in a system running WXP pro SP3 over the LAN,
please disconnect your system from the LAN by unplugging the network cable
from the computer to avoid severe security problems (more later).
As far as this guide has been written to share the "Shared Documents" folder,
it also applies to the generic sharing problem in WXP-SP3. Therefore you've only
to skip the section of moving the "Shared Documents" folder and you've only
to carry out the other steps.
Finally: Good luck !
2) Prepare:
* decide which folders you want to share with others over the LAN
* Back up your system
* Unplug your network cable
* Log in as "admistrator" or any other user with administrative privileges.
* Back up the registry
3) Relocate the "Shared Documents" folder (if any):
* copy the whole folder into the new location.
Using the MS tool "robocopy" you're able to copy the ACL's too.
You can get robocopy as part from the Windows Server 2003 Tools here.
You can get a GUI here.
You can get information about robocopy here.
Please note, that you must apply the registry settings to the
"HKLM\Software\Microsoft\CurrentVersion\Explorer\Shell Folders" key rather
than to the "HKCU\Software\Microsoft\CurrentVersion\Explorer\User Shell Folders"
key if moving the "Shared Documents" folder.
As mentioned in Kelly's article you may use the tweakui powertoy for XP
for changing the registry values properly. Powertoys for Windows XP may be downloaded from here.
* Re-logon
4) Grant permissions:
* Unauthorize the "Guest" account. This is the reason why we disconnected our system from the LAN.
Without unauthorizing the "Guest" account you can't get access to the system from another computer.
Unauthorization means, that the "Guest" account needs no password.
It will be done by changing the following value in the registry:
- Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- Change (or add) the DWORD value: ForceGuest=0
* Close the registry editor and disable the "Guest" account (if not already done)
* Right click the folders you're about to share, share it and remove the "Guest"
account (aka "Everybody") in both the "Sharing->Permissions" and the "Security" Tab.
* Grant permissions to anybody you want to share the specified folder in both the
"Sharing->Permissions" and the "Security" Tab. Ashure the users in the workgroup
having a local account.
5) Finalize:
* Reboot your system
* Connect your system to the LAN (plug in network cable)
* Try to connect from a foreign system using a valid account, all should work fine.
* Try to connect from a foreign system using the "Guest" account, access should be denied.
* I know that it's awesome, but back up your system and registry again :-)
Comments provided by: Reinhard Leitner (9/08)
running Windows XP Professional with SP3 installed
1) Generic:
The following guide works fine running Windows XP Pro with SP3 installed.
Since there are no experiences in working with Windows XP Home,
it might be possible not to get the expected results with WXP Home.
Also there is a registry hint that might avoid to set (or create)
some registry keys or values if running WinXP Home (more about this later).
This guide has been written, because applying service pack 3 leads to
several security hints due to sharing folders within a workgroup.
Since there are many changes to be made in the registry, it is very
strongly suggested to backup the registry very first. A faulty edited
registry leads to an unstable or even unbootable system. Please note,
that every change you perform in the registry editor is stored immediately.
If you've decided to share folders in a system running WXP pro SP3 over the LAN,
please disconnect your system from the LAN by unplugging the network cable
from the computer to avoid severe security problems (more later).
As far as this guide has been written to share the "Shared Documents" folder,
it also applies to the generic sharing problem in WXP-SP3. Therefore you've only
to skip the section of moving the "Shared Documents" folder and you've only
to carry out the other steps.
Finally: Good luck !
2) Prepare:
* decide which folders you want to share with others over the LAN
* Back up your system
* Unplug your network cable
* Log in as "admistrator" or any other user with administrative privileges.
* Back up the registry
3) Relocate the "Shared Documents" folder (if any):
* copy the whole folder into the new location.
Using the MS tool "robocopy" you're able to copy the ACL's too.
You can get robocopy as part from the Windows Server 2003 Tools here.
You can get a GUI here.
You can get information about robocopy here.
Please note, that you must apply the registry settings to the
"HKLM\Software\Microsoft\CurrentVersion\Explorer\Shell Folders" key rather
than to the "HKCU\Software\Microsoft\CurrentVersion\Explorer\User Shell Folders"
key if moving the "Shared Documents" folder.
As mentioned in Kelly's article you may use the tweakui powertoy for XP
for changing the registry values properly. Powertoys for Windows XP may be downloaded from here.
* Re-logon
4) Grant permissions:
* Unauthorize the "Guest" account. This is the reason why we disconnected our system from the LAN.
Without unauthorizing the "Guest" account you can't get access to the system from another computer.
Unauthorization means, that the "Guest" account needs no password.
It will be done by changing the following value in the registry:
- Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- Change (or add) the DWORD value: ForceGuest=0
* Close the registry editor and disable the "Guest" account (if not already done)
* Right click the folders you're about to share, share it and remove the "Guest"
account (aka "Everybody") in both the "Sharing->Permissions" and the "Security" Tab.
* Grant permissions to anybody you want to share the specified folder in both the
"Sharing->Permissions" and the "Security" Tab. Ashure the users in the workgroup
having a local account.
5) Finalize:
* Reboot your system
* Connect your system to the LAN (plug in network cable)
* Try to connect from a foreign system using a valid account, all should work fine.
* Try to connect from a foreign system using the "Guest" account, access should be denied.
* I know that it's awesome, but back up your system and registry again :-)
Comments provided by: Reinhard Leitner (9/08)
Posted in: Computer tricks,Windows tricks,Windows XP Tips and Tricks
0 comments:
Post a Comment