User folder EXPOSED if Password Protected Sharing is ON


  1. Posts : 4
    Windows 7
       #1

    User folder EXPOSED if Password Protected Sharing is ON


    Greetings to all,

    I've tried sharing files in Windows 7 with a computer running XP over a Home network. These are some of
    my finding and CONCERN over the files that are actually being shared if Public Folders Sharing is turned ON
    in Windows 7.

    I will refer the computer running on Win 7 as Comp A
    and the on running on XP as Comp B for the rest of the entry

    In the Advanced Sharing Settings on Windows 7 I've made these changes

    NOTE: C:\Users\Username is an ADMINISTRATOR Profile on Comp A (running Win 7).Case 1

    In Home or Work (which is my current profile)

    i) I've turned Public Folder sharing ON

    ii) Password Protected Sharing sharing is turned OFF

    Both Comp A and Comp B has been set to the SAME Workgroup name

    Everything is fine, I can view all the network computers on both PC's although I've
    have to run a search on Comp B to find Comp A.

    What I can see on Comp B (running XP) are ONLY the Public Folders of Comp A (Win 7)
    OK, Good.....it's the expected behavior. BUT......

    There is a PROBLEM if Password Protected Sharing is turned ON in Win 7as explained in Case 2

    Case 2
    i) Public Folder sharing is still turned ON
    but
    ii) Password Protected Sharing is turned ON

    When I did this, I was prompt for a Username and Password (on Comp B) when I tried
    to view the files on Comp A. So I keyed in the Username and Password of Comp A in Comp B
    and I can gain access to the files shared on Comp A.
    Here is where the "NIGHTMARE" begins!!!!

    I've noticed that not only the Public Folders (in Comp A) and be accessed, but the
    C:\Users\Usersname Folder and every folder and files in it is EXPOSED to Comp B.
    Though some files cannot be accessed but I some files CAN be ACCESSED (e.g. files in the DOWNLOAD folders
    and DESKTOP).

    What is happening here: Shouldn't ONLY the PUBLIC Folders be shared??????
    Even with the Username and Password, that does not mean that I want all my PERSONAL
    folders to SHARED by DEFAULT (if the person has my Password).
    This was not the case in Vista... (which was GREAT)

    So this lead me to do some ivestigation on the Properties of the C:\Users\Username folder on Comp A.
    This are my findings and it's very SUPRISING and WORRYING and CONFUSING indeed.

    i) By selecting the C:\Users\Username Folder and checking the STATUS BAR there is NO indication that the folder is SHARED (meaning windows 7 is telling that it's NOT SHARED)

    ii) Selecting the C:\Users\Public folder and checking the Status Bar, there IS a indication:
    State:Shared and also Shared With:XXXX (meaning windows 7 is telling that it's SHARED)

    So, the JACKPOT question here is:
    If, C:\Users\Username folder in Comp A is NOT SHARED, WHY IS IT that it CAN BE ACCESSED in Comp B ?????

    FURTHER investigation revealed this:

    By Right-Click on C:\Users\Username, Click Properties, Sharing Tab
    The indication here is that C:\Users\Username is SHARED complete with a Network Path.
    Meaning TWO DIFFERENT INDICATIONS:
    i)STATUS BAR: NOT shared
    ii)Sharing Propeties tab: SHARED
    (Prove: Screenshot Below)

    So the 2nd JACKPOT question is:
    Is C:\Users\Username SHARED or NOT SHARED in Windows 7???

    I've tried turning OFF the sharing but it's NOT successful if the Public Folder is shared.
    What I did is to manually UN-SHARE the WHOLE C:\Users folder in Windows 7 (just to be safe)
    and share my folder from some other location(s).

    Hope Microsoft will FIX this ASAP as many of us will be caught unaware that our PERSONAL files are
    EXPOSED if PASSWORD PROTECTED SHARING is TURNED ON in Win 7
    (as most of us will think it will be MORE SECURED by using a PASSWORD and not the other around: EXPOSING our PERSONAL files unawared)
    Attached Thumbnails Attached Thumbnails User folder EXPOSED if Password Protected Sharing is ON-new-picture-2-.jpg  
      My Computer


  2. Posts : 1,065
    Windows 7 Ultimate x64
       #2

    I've found W7 sharing system very confusing. The best way to share folders (IMO) is to open fsmgmt.msc through the start menu and do it through that. I also found that, by default W7 had shared my user folder on my network....worrying!! A sure way to make sure that the folder is blocked it to add network to the ACL of your user folder (or indeed any other folder you want blocked) and set the permissions of network to deny.
    You'll get a security warning about your actions.

    User folder EXPOSED if Password Protected Sharing is ON-1.png

    User folder EXPOSED if Password Protected Sharing is ON-2.png

    Hope this helps :)
      My Computer


  3. Posts : 4
    Windows 7
    Thread Starter
       #3

    thank you so much rsvr85 for providing a solution to this worrying problem
    Now I can be sure that I can share my Public folder alone (without my Username Folder)
    with or without Password Protection
      My Computer


  4. Posts : 1,065
    Windows 7 Ultimate x64
       #4

    Indeed!; You're very welcome :)
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:25.
Find Us