Configuring Security Permissions with Windows XP Simple File Sharing

If you’re running Windows XP Home (or Professional as part of a workgroup), Microsoft has introduced a new feature known as Simple File Sharing. This feature is meant to make the process of sharing files with other users both on the network and the same PC more intuitive. Unfortunately, this method strays from the standard method of assigning permissions that you are probably familiar with from previous OS versions, and can be confusing. While Windows XP Professional users have the option of turning Simple File Sharing off (as shown at right), no such option exists for Windows XP Home users. A simple (is annoying) workaround does exist for XP Home users, however, as outlined in another article that follows.

While Simple File Sharing makes sharing resources a little easier for users, it also hides what is going on behind the scenes in terms of the actual permissions assigned to a particular resource. Simple File Sharing consists of 5 security “levels”, each of which handles how folders are shared and secured differently. Making the entire situation even more cryptic, the methods used to obtain each level of security involves slightly different procedures, but each is outlined below.

Level 1 – configured by checking the Make this folder private checkbox on the Sharing tab of a user’s My Documents folder, this setting grants both the owner and system the Full Control permission, and the folder is not shared.

Level 2 – the default setting on a user’s My Documents folder grants the owner, system, and Administrators group Full Control, and the folder is not shared.

Level 3 – configured by moving or copying a file or folder to a user’s Shared Documents folder, this grants the owner, system, and Administrators group full control, and all other users the Read permission. On a Windows XP Professional system, the Power Users group is granted the Modify permission. This level allows local sharing only, with documents not shared with network users.

Level 4 – configured by accessing the Sharing tab for a folder and checking the Share this folder on the network checkbox. Grants the owner, system, and Administrators group Full Control locally, the Everyone group Read permission locally, and the Everyone group the Read shared folder permission.

Level 5 – configured by accessing the Sharing tab for a folder and checking both the Share this folder on the network and Allow network users to change my files checkboxes. Grants the owner, system, and Administrators group Full Control locally, the Everyone group Change permission locally, and the Everyone group the Full Control shared folder permission.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.