Windows XP file sharing fixes
last revision August 10, 2004
Steps to secure your Windows PC:
|
Both Home and Professional Editions of Windows XP also implement the default "administrative shares" described above for Windows NT and 2000. To avoid hacker breakins via these hidden file shares, you must set strong passwords on all local user accounts with administrator privileges. In Windows XP Home Edition, all user accounts have administrator privileges and no password by default. A Windows XP Home Edition computer does not belong on the network unless account passwords are set.
For purposeful sharing of directories to other computers on the network, Windows XP is configured by default to use Simple File Sharing. This mode allows any computer on the network to access your shared directory, including full write access, without any account or password. You can disable the write access, but you cannot limit the sharing to specific accounts with passwords. Therefore, you cannot keep hackers out of a shared directory in Simple File Sharing mode.
In Windows XP Professional Edition, you should switch the file sharing mode to Classic, which implements Windows 2000 style file sharing and lets you restrict the file sharing to specific accounts and passwords. Be sure to disable the everyone access privileges when using Classic mode file sharing in Windows XP Professional Edition.
You cannot switch Windows XP Home Edition to Classic mode file sharing. The result is that you cannot use passwords to protect file shares against hackers. A computer running Windows XP Home Edition should never attempt to share files on the Stanford network.