An Important Notice Regarding Microsoft Sharing

A Bit of Background

Since the introduction of Windows for Workgroups, all Microsoft operating systems have provided the capability to share resources, such as files and printers, with other networked computers.

The security provided to protect these resources falls into two categories:

• User level sharing, which is provided by Windows NT and Windows 2000, provides authentication based on a user name and password combination, which allows greater control and accountability when giving access to other networked users.

• Share level sharing, used by Windows 95 and 98, provides only password protection to resources. (Please note that there are ways to provide user level access within Windows 95 and 98 to locally shared resources when configured in conjunction with an NT server, but that is beyond the scope of this article. There are numerous books and articles written on the subject for those interested.) This article will focus on Windows 95 and 98 share level sharing, and specifically on file sharing. All further references to sharing refer to share level access.

It is apparent that the original intent in providing share level access was for use in a small workgroup environment where access was from known and trusted users. Since this form of sharing requires only a password (and that password can be blank!), it is often difficult to determine exactly who is accessing your resources once you distribute the password in an academic environment such as Rensselaer's. And, because share level access can be configured to provide full access and allow other users to read, write, copy, change or delete your files, you must take care to protect your files when you decide to share them.

Protecting Your Shares

First and foremost, you need to protect all your shares by setting an actual password; if you leave the required password blank, any anonymous user can gain access to your files.

Second, take special care when providing full access to shares, for not only can users having such access alter or delete your files, they can also use all of your available disk space, since there is no way of restricting disk usage. As a result, we generally recommend that you do not give full access to shares using share level access. And when you are required to provide full access, it should be for a specific reason, and also for a short period of time, so as to reduce exposure.

You may also find it advantageous to make use of a sharing feature that allows hidden shares. To do this, use a dollar sign ($) as the last character in the sharename when you name a share; doing this will prevent the share from being displayed when other users are browsing the network neighborhood. If another user wishes to access the share, he or she needs to explicitly map it using the "Map Network Drive" option by right-clicking on the My Computer icon on the desktop, selecting the Map Network Drive option, and then providing the appropriate sharename in the path field. (The format of the path field is \\computername\sharename.)

Enabling File and Print Sharing

Most computer vendors ship their computers with file and print sharing disabled. However, if you wish to enable sharing, do the following:

1. Open the Start menu and select the Settings option, select the Control Panel option, and then double-click the Network folder in the window that appears.

2. Click on the File and Print Sharing... button, and select either the file sharing and/or print sharing option(s) in the File and Print Sharing window that appears, then click OK. (Please note: This step does not share any resources; it simply loads and configures the necessary software to allow sharing.)

3. To share files, use the Windows Explorer to select the folder you wish to share. To do this, highlight the folder by left-clicking once on the folder, then right-clicking once and selecting the Sharing... option from the pull-down menu that appears.

4. Select the Shared As: radio button and provide a sharename in the Share Name field. (Note that this share name does not have to be the same name as the folder being shared; this allows you to use the trailing $ previously described.) By default, "Read-Only" access is enabled as shown by the selected radio button.

   IT IS IMPORTANT that you DO NOT select Apply or OK at this point. If you do this without supplying a password, the share will be open to everyone, since you haven't specified a required password.

5. Select Read Only, Full, or Depends on Password, and supply a password. The system will prompt you to confirm your password selection.

   Please note that the Depends on Password option allows you to share the folder with both Read-Only AND Full access; the type of access given is based on the password supplied.

Once you have enabled sharing, your machine will be known on the network by the workgroup and computer names previously specified. To find these, open the Start menu, select the Settings and Control Panel options, double-click on the Network icon in the window that appears, and then click on the Identification tab.

A Few Additional Notes

This article does not discuss print sharing, which inherently allows users to read from and write to your disk. Read access is used to provide printer drivers, and write access is used for the spooling of print files.

In addition, this article assumes a workgroup environment which does not depend on Internet naming conventions and resolution (DNS) to find a particular computer on the network. Name resolution relies solely on Microsoft methods, namely WINS and broadcast. (We will address these issues in a future article.)

In closing, we'd like to stress that, while share level access has been available and used for years, you should take great care to ensure that you grant access only to your intended users.

Go to the table of contents.

Go to the Kiosk homepage.