We all miss the windows 98 sharing ,Because
of its flexibility and easy to use , just share and write the password for
folders and you can set different passwords really it was easy, but it lake for
security.
while windows xp concern about security the sharing become
complicated ,but still have the flexibility.
This Article introduce how
to protect some folders from accessed by any one from a workgroup or other
workgroups. And Enable access to some users or groups implicitly without prompt
for password.
(windows xp do this because he pass the username and password
over a network
[hack tip])
1-Creat an Account with password and Remove Shares
From Control
Panel (start-> control panel) from control panel choose "User Accounts".
creat a new user account with
password, this must be done even if you have an account.
We will not depend
on the built in user account "Administrator account".
Let us say the name is
"Admin" and password is "password" you can change them .
Remove any
share that you want to protect it.
Right Click on the shared item ->
choose "Sharing and Security...".
2-Disable Simple File Sharing
open My Computer from menu choose
Tools-> From Tools Choose "Folder Options"
From Folder Options,
Uncheck "Use simple File Sharing
(Recommended)" then press "OK".
3-Log Off then Log On With the new Account and create a protected share
Now you have this Account called "Admin" and password "Password".
Go to the item you want to share then,
Right Click on the shared
item -> choose "Sharing and Security...".
window will appear you will
notice it is differ from the previous.
You will notice there is [$] with
drive share,choose "don't share this folder" this is Administrative share !!!.
Then click Apply.
A message will appear choose yes.
then choose
"Share this folder" you will notice that a new name appear
Click Permissions button in the
window, here we will set the permissions.
click "Remove"
To remove access
by Everyone , then click "Add...".
From this window click
"Advanced"
Click "Find Now" then choose from
the list "Authenticated Users" then Click "Ok".
This mean it will prevent
access except for the allowed users.
In the next window click "Ok",
In the next window click "Ok",
In the next window click "Ok".
Now you setup a protected share that require "Authenticated Users".
4-Add Authenticated Users and Groups
After you setup the protected
shared you need to add users to consume this share
From Control Panel
(start-> control panel) choose "User Accounts"
Click on The "Admin"
account (the new account that we created) .
Now Click on The "Manage My
Network Password" if it doesn't appear restart then log On Again.
Click Add,
Here we can Add users name and
passwords related to the groups.
But a question rise
if the users is
100 or 1000 do i have to Add all those users!!. let us see
Let us
consider this problem : You have a company with different
departments,for each department in a group you want all members in the group can exchange protected information freely!! ,shared media ,files ,any thing and prevent other from other groups, or even any one that enter a group name and become from the group members.
What will you do? you can't say i will Add users they may be 100 or 1000 so it is not professional!!.
Instead of this Windows Xp has the solution , when i say that windows xp pass the user name and the password to the protected share on the other machine ,that was the solution.
[hack tip].
For Simple use we will Add our Account "Admin/Password" and this account will be created on any machine that want to consume the share , so For the Department you will ask them to creat this account on their machines if they want to access the share so when they create the account and log on with it and try to access the share the protected share receive the user/password and compare it with the user/password in the "Manage My Network Password" if it Match the protected shared will be available to you, if it dosen't Match windows Xp will either prompt you that you have no permission, or it will open a log on passaport to write user/password and this happen rare and without rules , so for Guarantee that you can access the sahre you must have an account match the account in "Manage My Network Password" in the target machine .
If you Guarntee that the log On passaport will appear ,you will not create an account (but really i test it ,it appear some times and disappear many times and give you deny access message !!! ).
So whatever the PC name is and The group is windows xp will check only the user name and the password for client machine. so you will not Add many accounts instead you will Add one PC in a group but with our "Admin/Password".
So If any one want to access the protected share simply he will create an account and log on with it, so when he access the protected share he will not prompt for password, because it passed and checked and approved .
That was simple solution ,let us see another solution.
5-Use Different password for folder and folders and Manage each password
with privileges
Right Click on My Computer choose Manage -> from
Manage choose local users and groups -> choose users.
Add users then add
group that group your users and create what you want from users and groups.
when you are going to group
users (check step
"3-") multiselect users from the list.
for each Add to the share select
the privilege allowed for each group and users
Note : here CairoHacker account
have full control access to the share , while the tow others
Meno (the
group) and Authenticated user have read only access ,but CairoHacker also a
member of the Meno group so he have 2 privilege (1 for read and 1 for full
control what do you think windows xp will do !! check it your self)
Hack Tip about passwords flow over the network
As you can see
windows xp really pass the user/password on the network so we can collect it
LC5 SMB
Capture
