A Note on Simple File Sharing

December 20, 2007 at 4:04 am (OS) ()

In Windows XP Professional, which is part of a workgroup, “Simple File Sharing UI” is enabled by default. This is a type of network access model where all attempts to log onto the computer from across the network are forced to use the Guest account. This is done to prevent them from using a local Administrator account that was not configured with a password. If Simple File Sharing is enabled and the system is connected to Internet and do not have a secure firewall, your files contained within those shares are available to anybody. 

Also, when Simple File Sharing is turned on, connections to administrative shares (such as C$) do not work because all remote users authenticate as Guest.

Once we disable simple file sharing, Classic NT security model comes into place. In this model, we have more control over the permissions to individual users. All Windows XP machines has simple file sharing UI enabled along with enabled Guest account. This is the default configuration after the installation of Windows XP Professional, which is part of a Workgroup. So as soon as we turn on File sharing using Network Setup Wizard, we can see the shares across the network without authentication. This is because we are authenticated as Guest account while accessing the share. After disabling Simple File sharing, when we access it through the network, it would prompt for a username and password as it does for the server. This is because the system currently is using NT security model.

Also, it is better to disable the Guest account on workstation. The guest account acts as a huge hacker hole over Internet.


Permalink 2 Comments