RAM, Virtual Memory, PageFile and all that stuff

Group Policy stuff

Generic Windows stuff

Domain and Active Directory Stuff

Bruce's Printing pages

Links

Glossary

 

 

 

Bruce Sanderson's General Windows Information

Setting up Windows for sharing folders in a simple network

A router (see router in Glossary) intended for home or small business situations will usually provide not just routing (to access the Internet), but also basic firewall, Network Address Translation, switch (or hub) and DHCP capabilities. 

This page assumes you have such a router and that it has a built in DHCP (Dynamic Host Configuration Protocol) service .  Normally, this service is enabled by default, but you can turn it off (see the documentation that came with your router).  This page assumes that the DHCP server function is on (working).  The DHCP service allows your computer's operating system (Windows in this case) to automatically configure itself for networking using TCP/IP (the networking protocols used over the Internet and also for Windows Networking).  This eliminates the need for you to know about such things and to set the IP configuration on your computers manually.

There are three conditions that must be met before you can access shares on one computer from another:

There is one optional capability that can be useful:

  • browsing - prepares a list of computers on the network that is typically displayed in for display in My Network Places, Entire Network, Microsoft Windows Network

All of these are very big topics; I'll on scratch the surface enough so that you should be able to get network access (sharing) working.

 

Satisfying the Network Communication and Address Resolution Requirements (do this on all the computers on your local network):

TCP/IP is the only network protocol you need for Microsoft Windows Networking to work.  I recommend ignoring any suggestion or recommendation to install another protocol (e.g. NetBEUI).  Having multiple protocols is not necessary and can create unnecessary confusion.

Windows XP comes with a Network Setup Wizard that is intended to simplify configuring your network.  However, my reading in newsgroups and elsewhere tells me that this thing creates as many problems as it solves and is quite unnecessary. 

  1. open the Local Area Connection Properties (on XP - Start, Network Connections, right click Local Area Connection, select Properties)

  2. make sure there is a check mark beside Client for Microsoft Networks and File and Printer Sharing for Microsoft Networks

  3. click on Internet Protocol (TCP/IP)

  4. click Properties

  5. select the Obtain an IP address automatically radio button

  6. select the Obtain DNS server address automatically radio button

  7. click Advanced...

  8. select the WINS tab

  9. select the Enable NetBIOS over TCP/IP radio button - this is essential for name to address resolution when there is no local DNS service, which is usually the case on small home or business networks

  10. click OK; click OK; click Close;

  11. if you have Windows XP SP2 do steps 11 through 16; otherwise skip to step 17.

  12. on the Local Area Connection's Properties page (see step 1), select the Advanced tab

  13. click Settings...

  14. on the General tab, if the Off radio button is selected the Windows Firewall is disabled - while this means the Firewall will not interfere with your networking, it does mean that protection afforded by the Firewall is turned off - skip to step 17

  15. if the On radio button is selected, make sure there is no check mark in Don't allow exceptions

  16. select the Exceptions tab

  17. make sure there is a check mark beside File and Print Sharing; click OK

Satisfying the Security Requirement:

Security consists of two functions: authentication and access control.

With Windows NT, Windows 2000, Windows XP Professional (with Simple File Sharing disabled) or Windows 2003 Server, access to anything requires that the accessing user is known and has the correct password - that is, be authenticated.

With Windows XP, Microsoft introduced a feature called Simple File Sharing.  This feature provides a simplified authentication and access control mechanism which largely hides the distinction between authentication and access control. 

  • Windows XP Home always uses Simple File Sharing

  • Windows XP Professional can be configured to use Simple File Sharing or not.  Windows 2000 and Windows 2003 do not have the concept of Simple File Sharing.  Windows ME and earlier (Windows 95 and Windows 98) don't really have a security system and rely entirely on passwords on shares to control access.  This page does not address sharing when one of the computers is running Windows ME, 95 or 98.

With Windows XP Professional to enable or disable Simple File Sharing:

1. open Windows Explorer
2. click Tools, Folder Options
3. select the View tab
4. add or remove the check mark from Use simple file sharing (Recommended)
5. click OK

Although you enable or disable Simple File Sharing in the Folder Options dialog, this setting is a computer wide setting and affects all folder shares.

When Simple File Sharing  is enabled, the Security tab is not present in a folder, file or printer Properties; you can not change existing permissions (Security).  Particularly if Simple File Sharing was previously disabled, this may affect your ability to read or write files and folders or use a printer remotely through a share.  If that turns out to be the case but you really want to use Simple File Sharing, disable Simple File Sharing, adjust the (shared) folder's permissions using its Properties, Security tab, then enable Simple File Sharing again.

   Authentication and Access Control using Simple File Sharing:

  • With XP Home, authentication is essentially automatic - any user account can access any shared folder or printer whether or not the Guest account is enabled.

  • With XP Professional, when Simple File Sharing is enabled, remote access to shared folders and printers is via the Guest account.  If this account is disabled, remote access will not be possible - you will get a prompt for a password for the Guest account, but there is no password that will work.  If you "turn on" the Guest account in Control Panel, User Accounts, this will also allow the Guest account to logon locally, which may not be what you want.  To enable the Guest account for access to shared folders and files:

    1. click Start, right click My Computer, select Manage

    2. navigate to System Tools, Local Users and Groups

    3. click Users

    4. in the right pane, right click Guest, select Properties

    5. remove the check mark from Account is disabled

    6. click OK

  • Everything in the Shared Documents folder is available to anyone over the network.

  • There are two ways to provide access to files and folders from another computer:

    • Put the file or folder into the special folder called Shared Documents.  Special folders are actually references to other, normal folders.  For example, although Shared Documents appears directly under My Computer in Windows Explorer, it is actually a reference to the folder Documents and Settings\All Users\Shared Documents.  Another example of a special folder is My Documents, which refers, by default, to Documents and Settings\username\My Documents.

    • Create a share on a folder using the folder's Properties, Sharing tab.  The first time you select the Sharing tab (for any folder), under Network sharing and security, you may see two links: one to use the Network Setup Wizard and one to "just" enable sharing.  I suggest you select the second one ("just" enable sharing) since all of the networking requirements have already been addressed by the steps under Network Communication.

   Authentication and Access Control without Simple File Sharing:

  • This section does not apply to Windows XP Home, which always uses Simple File Sharing.  Everything here applies to Windows 2000 (Professional and Server), Windows XP Professional and Windows 2003 Server, although details of the dialogs may differ between Windows versions.

  • Authentication:

    • the simplest thing to do is to have a user account with the same name and password on both the computer that has the folder share and the computer accessing the folder over the network.  Create the user account on both computers using Start, Administrative Tools, Computer Management, System Tools, Local Users and Groups, Users.

      By default, Windows XP Professional will not allow any user account (except Guest, if it is enabled) to access shared files and printers across the network if the user account has a blank password.  If your user account(s) have blank passwords, add a password to at least one of the user accounts on the computer.  See http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/xpsgch03.mspx#EE3AE and https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sotopnode.mspx?mfr=true for additional information about this issue.

      Logon to the computer that will access the files and folders over the network with this user account.  This way, authentication will be automatic.

    • a second simple approach is to enable the Guest account, which is disabled by default.  The Guest account can be a security risk, and is only appropriate if access is more important than security.  Try to use one of the other alternatives instead.

    • if neither of the above is appropriate (e.g. when you connect a laptop from work that is a member of the Domain at work), when you connect to a share on the other computer, you will get prompted for credentials (i.e. username and password).  Supply the username and password that is known on the computer that houses the share (e.g. the one you use to logon locally at that computer).

  • Access Control:

    • To access files and folders from another computer, your user account must have permission to use the share itself.  These are set using the Permissions button in the folder's Properties, Sharing tab.  With Windows 2000, the default is Everyone, Full Control, but with Windows XP and 2003 Server, the default is Everyone, Read.  When the partition (disk) containing the folder is using the NTFS file system (usually the case with Windows 2000 and later), for most purposes, the folder (NTFS) permissions are sufficient to manage access control, so it is common to set the share permissions to Everyone, Full Control.  This avoids confusion by having two overlapping access control settings.  I suggest you do this unless you have a particular reason not to.

    • The NTFS files system, which is usually used with Windows 2000 and later Windows versions, has access control built in.  A user account has to be granted permission to access anything.  In most cases, the default permissions applied when Windows is installed are appropriate.  NTFS Permissions (Security) apply whether the folder or file are accessed by a user logged on locally or by a user accessing over the network through a share.  Use the folder's Properties, Security tab to view and modify NTFS permissions.

      • by default, folders in My Documents (and other folders in the user's profile) can only be read or written by the user account it belongs to or members of the local Administrators group.

      • by default, if you create a new folder at the root of the partition (e.g. create the folder c:\data), members of the local Users group can create files and folders and modify files they create but only have Read permission to things created by others.  Administrators have Full Control permissions.

      • by default, members of the local Users group only have Read permission on the Shared Documents folder; Power Users have Modify and Administrators have Full Control

Browsing:

The browsing feature is what populates the "browse list".  The usual place to see the browse list is in Windows Explorer, My Network Places, Entire Network, Microsoft Windows Network.  The use of this feature is optional; the fact that computers do not appear in Microsoft Windows Network does not mean you can't access shared folders and files on those computers.  There are a variety of reasons that computers don't appear in the "browse list", one of which is that NetBios over TCP/IP may not be enabled (see Step 9).

 

With the original computer browser function (e.g. in Windows for Workgroups 3.11), computers belonging to different Workgroups or Domains were all listed in Windows Explorer.  However, somewhere along the way, the ability to list computers that are in different Workgroups or Domains seems to have disappeared.  You can change the Workgroup name in Control Panel, System, Computer Name (requires a system restart).  It may not be possible or desirable to change the Workgroup a computer belongs to.  For example, if you connect a laptop from work, it may be a member of a Windows Domain.  In this case, even if you are an Administrator on that computer, you don't want to remove it from the work Domain because then it won't function correctly when you take it back to the office - it will have to re-joined to the Domain.

 

The mechanisms used in the browser function are not intended to be instantaneous; it may take 15 minutes or more for a computer to first appear in the list. 

 

Fixing broken browsing can be complicated and my advice is, that if it doesn't work for you, ignore it and get on with life using alternative processes, such as that described below, which is often less work anyway.

 

Connecting to shares on other computers:

 

If the computer shows up in Windows Explorer, My Network Places, Entire Network, Microsoft Windows Network, you can navigate into the share contents that way.  However, this can be tedious and doesn't always work (see Browsing); here's an alternative that is often more useful and does not rely on the browse list.

 

  1. click Start, Run

  2. key \\ followed by the computer name of the computer hosting the share followed by another \

    for example:

      \\OtherComputer\

  3. if the list of shares is presented (may take a few seconds) you have been authenticated on the other computer using the user account you are logged on with.  You may or may not actually have permission to access the contents of those shares.

    1. select the share you want to use from the list using the cursor movement keys then click OK, or select the share using the mouse.

    2. if you get a dialog box asking for credentials (username and password), key the username and corresponding password in the appropriate text boxes and click OK

  4. if no list of shares is presented; click OK or press Enter

    1. if you get a message about "network path not found", verify that you have keyed the computer name correctly.  If you have, then name resolution is not working.  Review the steps and configuration in the Network Communications part of this page, or go to step 5 below.

    2. if you get a message about "access is denied"

      1.  one possibility is that the user account you are logged on with has a different password than the user account with the same name on the computer that hosts the share; this can happen if you use a common username, such as Administrator.  If this is the case

        • use the Windows Explorer, Tools, Map Network Drive and use the link "different user name" where you can specify a different user account to use

        • logoff and logon with a different user account

        • change the password for the user account to be the same on both computers

      2. another possibility is that your user account has not been granted access via the share or using the NTFS permissions.  Review the applicable parts of Security Requirements.

  5. In the simple network environment addressed by this page, name resolution is done using broadcasts.  That is, the computer you are logged on with transmits a request over the network to all other computers on that network asking for the one with the name you specified to respond.   This may not work if, for example, NetBIOS over TCP/IP is turned off or there is a firewall on the network or other computer that is blocking the broadcasts.  In this case, accessing the share may still be possibly using the IP address of the other computer:

    1. logon at the other computer

    2. open a Command Prompt window (Start, All Programs, Accessories)

    3. key the command (character string) ipconfig and press Enter

    4. make a note of the number on the line that says "IP Address" (e.g. 192.168.2.35)

    5. go back to the computer that is having difficulty accessing the share

    6. click Start, Run

    7. key \\ followed by the IP address you found at step d. followed by another \ Enter

      for example:

        \\192.168.2.35\

    8. if you still can not connect to the share on the other computer, I suggest:

      1. see Troubleshooting File and Printer Sharing in Microsoft Windows XP that can be downloaded at http://www.microsoft.com/downloads/details.aspx?familyid=fd7fd48d-6b4a-448e-a632-076f98a351a2&displaylang=en

      2. review existing posts in the newsgroup microsoft.public.windowsxp.network_web on the msnews.microsoft.com newsgroup server.

      3. post details about your problem on the same newsgroup

 

Last Updated 8 Nov 2007

Hit Counter