Practically Networked Home Earthweb HardwareCentral earthwebdeveloper CrossNodes Datamation
Welcome to PractiallyNetworked
Product Reviews

 • Routers
 • Hubs/Switches
 • Wireless Gateway
 • Wireless AP
 • Wireless NIC
 • Network Storage
 • Print Servers
 • Bluetooth Adapters
& Tutorials

 • Networking
 • Internet Sharing
 • Security
 • Backgrounders
 • Troubleshooting

 • PracNet How To's
User Opinions
Practicallynetworked Glossary

 Find a Network Term  

  Most Popular Tutorials

• Microsoft Vista Home Networking Setup and Options
The most daunting part of upgrading to Windows Vista may be trying to figure out where in the layers of menus the networking and file-sharing options are hidden.

• Do It Yourself: Roll Your Own Network Cables
It may not be something you do everyday, but having the supplies and know-how to whip up a network cable on the spot can be very handy.

• Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router and by extension, your network is as secure as possible.

  Most Popular Reviews

• Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.

• Iomega StorCenter Network Hard Drive
Iomega's fourth generation StorCenter Network Hard Drive brings many of the features found in higher-end storage devices down to an attractive price.

• MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.

NTFS Permissions

The Access Control List is a tool for protecting network shares, but it doesn't stop someone from walking up to the computer, logging in, and looking at the files on the computer. Share permission and ACLs don't apply to a user who logs in locally. To keep files private from other local users, Windows XP provides a different mechanism. You can assign permissions to individual files and folders at file system level. This is called File Permissions, and it's only available on NTFS volumes. You can't set File Permissions on FAT volumes.

By default, Windows XP uses File Permissions only in the Documents and Settings folder, to keep each user's documents private from other users. When a user logs on locally for the first time, his 'Home Directory' is created within the Documents and Settings folder. The default settings for all of the folders and files in each user's My Documents folder are:

  • The owner of the file or folder has read and write permission;
  • Local Computer Administrators have read and write permission;
  • Nobody else may read or write to the folder or the files in it.

Notice that Administrators can look into the user's My Documents folder. Be aware that any user accounts that you created when you installed XP are Administrator accounts, and that they can all look into each other's My Documents folders! Individual users may step up the security a notch to remove Administrators from the list. Then, only that individual user can access his or her own files. When a user with an Administrator account sets a password on the account, Windows XP automatically prompts the user to step up the security on My Documents. It's then called Private.

In order access shared data, a user connecting from the network needs to get past both gatekeepers:

  • The ACL must allow access to the share;
  • The NTFS File Permissions must allow access to the file.

Having set up the share permissions, do we now need to do anything with NTFS permissions?

The short answer is 'It Depends'.

If the shared folder is contained within Documents and Settings (e.g. the My Documents folder), then you might. This is because Windows XP sets NTFS permissions within this folder structure to prevent users from accessing each other's data. It depends on whether the user accounts are Limited or Administrators, and it also depends on whether the shared folder has been previously marked as Private.

If you created a folder structure elsewhere, then you most likely do not need to do anything more. The necessary permissions will be 'inherited', ultimately from the root folder, e.g. C:\

In the example we've used so far, we don't need to do any further configuration for everything to work.

Power User Information: To see why, look at the NTFS permissions. Run Windows Explorer, and browse to c:\Boystuff. Right-click the folder and select Sharing and Security. Go to the Security tab and look at the list. Note that the permissions are additive. Apart from yourself and Administrators, how can the users Alasdair and Fraser access the data in this share? It looks like they are not included on the NTFS permissions!

_x0000_i1053The answer is due to their membership in the Users group.

Click the Users group to see what permissions it has.

_x0000_i1054They seem to have Read-only access. Yet, if you try it, they have Write access, too! How can this be?

Scroll down, and see they have 'Special' permissions. This is gray, indicating they've inherited this permission from a parent folder.

What, pray tell, is Special Permission? Click Advanced to see. In the Permission entries window, double-click Allow Users(RONS-PC\Users) Special Inherited From C:\. You'll see that it has inherited Write permission from the Root folder:


XP Pro File Sharing
1. Disable Simple File Sharing
2. Create User Accounts
3. User Account Passwords
4. Create User Groups
5. Create Shares
6. Access Control Lists
7. NTFS Permissions
8. Connecting from Clients
9. Sharing My Documents
10. Q & A
11. Troubleshooting
Read Entire Article
NEXT Page Earthweb HardwareCentral earthwebdeveloper CrossNodes Datamation

Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums