|05 Nov 2009||#1|
| || |
User folder EXPOSED if Password Protected Sharing is ON
Greetings to all,
I've tried sharing files in Windows 7 with a computer running XP over a Home network. These are some of
my finding and CONCERN over the files that are actually being shared if Public Folders Sharing is turned ON
in Windows 7.
I will refer the computer running on Win 7 as Comp A
and the on running on XP as Comp B for the rest of the entry
In the Advanced Sharing Settings on Windows 7 I've made these changes
NOTE: C:\Users\Username is an ADMINISTRATOR Profile on Comp A (running Win 7).Case 1
In Home or Work (which is my current profile)
i) I've turned Public Folder sharing ON
ii) Password Protected Sharing sharing is turned OFF
Both Comp A and Comp B has been set to the SAME Workgroup name
Everything is fine, I can view all the network computers on both PC's although I've
have to run a search on Comp B to find Comp A.
What I can see on Comp B (running XP) are ONLY the Public Folders of Comp A (Win 7)
OK, Good.....it's the expected behavior. BUT......
There is a PROBLEM if Password Protected Sharing is turned ON in Win 7as explained in Case 2
i) Public Folder sharing is still turned ON
ii) Password Protected Sharing is turned ON
When I did this, I was prompt for a Username and Password (on Comp B) when I tried
to view the files on Comp A. So I keyed in the Username and Password of Comp A in Comp B
and I can gain access to the files shared on Comp A.
Here is where the "NIGHTMARE" begins!!!!
I've noticed that not only the Public Folders (in Comp A) and be accessed, but the
C:\Users\Usersname Folder and every folder and files in it is EXPOSED to Comp B.
Though some files cannot be accessed but I some files CAN be ACCESSED (e.g. files in the DOWNLOAD folders
What is happening here: Shouldn't ONLY the PUBLIC Folders be shared??????
Even with the Username and Password, that does not mean that I want all my PERSONAL
folders to SHARED by DEFAULT (if the person has my Password).
This was not the case in Vista... (which was GREAT)
So this lead me to do some ivestigation on the Properties of the C:\Users\Username folder on Comp A.
This are my findings and it's very SUPRISING and WORRYING and CONFUSING indeed.
i) By selecting the C:\Users\Username Folder and checking the STATUS BAR there is NO indication that the folder is SHARED (meaning windows 7 is telling that it's NOT SHARED)
ii) Selecting the C:\Users\Public folder and checking the Status Bar, there IS a indication:
State:Shared and also Shared With:XXXX (meaning windows 7 is telling that it's SHARED)
So, the JACKPOT question here is:
If, C:\Users\Username folder in Comp A is NOT SHARED, WHY IS IT that it CAN BE ACCESSED in Comp B ?????
FURTHER investigation revealed this:
By Right-Click on C:\Users\Username, Click Properties, Sharing Tab
The indication here is that C:\Users\Username is SHARED complete with a Network Path.
Meaning TWO DIFFERENT INDICATIONS:
i)STATUS BAR: NOT shared
ii)Sharing Propeties tab: SHARED
(Prove: Screenshot Below)
So the 2nd JACKPOT question is:
Is C:\Users\Username SHARED or NOT SHARED in Windows 7???
I've tried turning OFF the sharing but it's NOT successful if the Public Folder is shared.
What I did is to manually UN-SHARE the WHOLE C:\Users folder in Windows 7 (just to be safe)
and share my folder from some other location(s).
Hope Microsoft will FIX this ASAP as many of us will be caught unaware that our PERSONAL files are
EXPOSED if PASSWORD PROTECTED SHARING is TURNED ON in Win 7
(as most of us will think it will be MORE SECURED by using a PASSWORD and not the other around: EXPOSING our PERSONAL files unawared)
|My System Specs|
|06 Nov 2009||#2|
| || |
I've found Windows 7 sharing system very confusing. The best way to share folders (IMO) is to open fsmgmt.msc through the start menu and do it through that. I also found that, by default Windows 7 had shared my user folder on my network....worrying!! A sure way to make sure that the folder is blocked it to add network to the ACL of your user folder (or indeed any other folder you want blocked) and set the permissions of network to deny.
You'll get a security warning about your actions.
Hope this helps
|My System Specs|
|Similar help and support threads for2: User folder EXPOSED if Password Protected Sharing is ON|
|Password protected sharing is OFF, still asked for username/password?||Network & Sharing|
|Password protected advance folder sharing||Network & Sharing|
|Using password protected sharing.||Network & Sharing|
|Password protected sharing on but can still access shared folder||Network & Sharing|
|Password protected sharing on, but still share?||Network & Sharing|
|Xp password protected sharing with win 7||Network & Sharing|
|Password Protected Sharing||Network & Sharing|