disabling simple file sharing+sharing folder gives network full ac


Hello, I'm trying to implement a password protected file share between two
computers on a semi-open network (think college network). Both machines are
Windows XP Pro, but are in a common Workgroup (not domain). They can see
each other and ping just fine. When I create simple shares, the correct
folders are shared out and files are accessible, but they are public. I want
to restrict access to them.

To do this, I turned off simple file sharing. Then I set up a folder for
sharing. It's properly locked down in that when you try to access it via
\\machine\share, it prompts for authentication and responds correctly.
However, all these permissions can be bypassed by going to \\machine\c$ from
any other machine without any credential prompts. As far as I can tell, this
access is unrestricted, as I'm able to access all the server machine's My
Documents folders and files from another machine add/delete files, all with
NO credential prompts (the two machines share user account names, but the
passwords are different. I've rebooted several times to clear any possible
credential caches, but I'm never prompted for creds and full access is still
permitted).

On the root drive (c:), I've checked my NTLM permissions - AFAIK "Everyone"
has been removed, users have read-only permissions, Administrators and SYSTEM
have full permissions. I can't change the sharing permissions because when I
do, I get a warning prompt that the folder is shared for administrative
purposes and that even if I disable the share, it will reactivate on reboot.
I've read elsewhere that disabling this is bad anyways.

Does the act of disabling simple file sharing and then sharing out a single
folder really cause your entire machine to be accessible via administrative
shares and bypassing NTLM permissions? Or am I completly misunderstanding
the NTLM security model?
.

Relevant Pages

  • Re: XP Home: selective folder sharing
    ... Adding Test made no difference for sharing the Test folder in XP Safe Mode. ... In Control Panel/Network on the 98SE machine, I found the network login set ... click the Permissions button to ...
    (microsoft.public.windowsxp.network_web)
  • Re: LAN problem with new PC
    ... permissions with sharing, actual sharing permissions and also the NTFS ... Have you tried going to network places from scratch, ... You can more easily view folder permissions (On the machine ...
    (microsoft.public.win2000.networking)
  • Re: Cannot write to shared folder on W2K8 server
    ... Even with sharing the folders the different ways as described from Ace, the share exactly does what i configure based on the share/ntfs permissions. ... I got a folder on a W2K8 Standard server. ... NTFS Permissions / Domain Admins = FULL, ...
    (microsoft.public.windows.server.general)
  • Re: Sharing External USB Hard Drive
    ... I tried your suggestion to create a folder on the drive and share ... I am also sharing a flash drive and a DVD drive attached to the Vista machine without a problem. ... The sharing and permissions settings are the same for all of them. ...
    (microsoft.public.windows.vista.networking_sharing)
  • Re: Problem with securing of Windows 2000 SP4 IIS with AD Windows 2003
    ... users/groups you add to the NTFS folder permissions is irrelevant. ... The symptoms are that the security prompts users to log in ... restart of IIS services the intranet page prompts for some users to log ...
    (microsoft.public.inetserver.iis.security)
Loading