How do I... Secure Windows XP NTFS files and shares?

A folder's Properties dialog box is used to configure share-level permissions for users and groups

This gallery is also available as a TechRepublic article and download.

Security is all the rage. From white-hat hacker articles in Wired magazine to daily e-mail newsletter alerts, security concerns threaten to overwhelm most IT professionals.

Most of the talk targets protecting an organization's resources from external audiences. But often there's a very real need to partition data within an organization, too. Just imagine the trouble that would arise were employees able to access one another's HR records.

Windows XP's NTFS file system, and permissions assigned to folder shares, are designed to protect files and folders from being access by unauthorized parties, whether those parties are internal or external to an organization. Here's how to ensure you're administering NTFS permissions and file shares appropriately.

File Share Permissions

Most users begin sharing files with workgroups, or peer-to-peer networks, by following these steps:

  1. Right-clicking the folder containing the documents, spreadsheets and files they wish to share.
  2. Selecting Sharing And Security from the pop-up menu.
  3. Selecting the Share This Folder button from the Sharing tab of the folder's Properties dialog box.
  4. Entering a Share Name for the folder.
  5. Optionally supplying some wording describing the folder's contents within the Comment field.
  6. Clicking OK.

However, that method won't always work as you intend, especially on Windows XP systems formatted with NTFS (in which conflicting NTFS permissions can prevent an intended user from accessing those resources -- more on that in a moment). Worse, Windows XP's default share permissions behavior is set to provide Everyone with access to the share's contents.

It's also important to note that Windows XP's Simple File Sharing, enabled by default, must be turned off to specify different permissions for different users. To turn off Simple File Sharing:

  1. Open Windows Explorer.
  2. Click Tools.
  3. Select Folder Options.
  4. Click the View tab.
  5. Within the Advanced Settings window, scroll to the bottom and uncheck the box for the Use Simple File Sharing (Recommended) option.
  6. Click OK.

By Erik Eckel

Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president o...