How to Secure Shared Folders

What is folder sharing?
From a normal install of Windows 2000/XP, a service called File and Printer Sharing is turned on. The way files are shared is by enabling shared access to a folder. Hence, for simplification, we shall just call it shared folders.

What is the risk?
Windows XP by default uses a sharing type called Simple File Sharing (SFS).* This type of sharing allows anyone on the network to access your shared files and folders without a password.** It is more suited towards a small network where you know the other users and trust them; for example a home network. Also, in Windows 2000 and Windows XP (with SFS turned off), if you administrator's password is weak, an attacker can get into your computer and cause a lot of damage.

What can I do?
Ask yourself if you need to share files/folders. Yes or No?

If you do not need to share files/folders, turn off File and Print Sharing and/or turn off the firewall exception for File and Print sharing (webpage to explain this in progress).

If you do need to share folders, please make sure to

  1. Create a limited account to use for sharing:
    Click Start, Click Run..., enter "nusrmgr.cpl", Click Create a new account,
    Enter a username, click Next, click Limited, and click Create Account
    Create a limited account
  2. Make sure you have strong passwords for ALL the accounts on your computer
  3. Set permissions on your shared folders

*Simple file sharing is on always for XP Home. It can be disabled in XP Pro.
**For more details, please see Microsoft's instructions on how to configure file sharing.
Note: Staff managed machines will need File and Printer Sharing to be left on, please do not turn it off.