To continue receiving security updates for Windows, make sure you're running Windows XP with Service Pack 3 (SP3). For more information, refer to this Microsoft web page:
Support is ending for some versions of Windows
You can access the Simple File Sharing UI by viewing a folder's properties. Through the Simple File Sharing UI, you can configure both share and NTFS file system permissions at the folder level. These permissions apply to the folder, all the files in that folder, subfolders, and all the files in the subfolders. Files and folders that are created in or copied to a folder inherit the permissions that are defined for their parent folder. This article describes how to configure access to your files, depending on permission levels. Some information that this article contains about these permission levels is not documented in the operating system files or in the Help file.
By default, the Simple File Sharing UI is turned on in Windows XP Professional-based computers that are joined to a workgroup. Windows XP Professional-based computers that are joined to a domain use only the classic file sharing and security interface. When you use the Simple File Sharing UI (that is located in the folder's properties), both share and file permissions are configured.
If you turn off Simple File Sharing, you have more control over the permissions to individual users. However, you must have advanced knowledge of NTFS and share permissions to help keep your folders and files more secure. If you turn off Simple File Sharing, the Shared Documents feature is not turned off.
To turn Simple File Sharing on or off in Windows XP Professional, follow these steps:
- Click Start, and then click My Computer on the desktop.
- On the Tools menu, click Folder Options.
- Click the View tab, and then select the Use Simple File Sharing (Recommended) check box to turn on Simple File Sharing. (Clear this check box to turn off this feature.)
- Level 1: My Documents (Private)
- Level 2: My Documents (Default)
- Level 3: Files in shared documents available to local users
- Level 4: Shared Files on the Network (Readable by Everyone)
- Level 5: Shared Files on the Network (Readable and Writable by Everyone)
- By default, files that are stored in "My Documents" are at Level 2.
- Levels 1, 2, and 3 folders are available only to a user who is logging on locally. Users who log on locally include a user who logs on to a Windows XP Professional-based computer from a Remote Desktop (RDP) session.
- Levels 4 and 5 folders are available to users who log on locally and remote users from the network.
|Access Level||Everyone (NTFS/File)||Owner||System||Administrators||Everyone (Share)|
|Level 1 ||Not available||Full Control||Full Control||Not available||Not available|
|Level 2||Not available||Full Control||Full Control||Full Control||Not available|
|Level 3||Read||Full Control||Full Control||Full Control||Not available|
|Level 4||Read||Full Control||Full Control||Full Control||Read|
|Level 5||Change||Full Control||Full Control||Full Control||Full Control|
All the levels that this article describes are mutually exclusive. Private folders (Level 1) cannot be shared unless they are no longer private. Shared folders (Level 4 and 5) cannot be made private until they are unshared.
If you create a folder in the Shared Documents folder (Level 3), share it on the network, and then allow network users to change your files (Level 5), the permissions for Level 5 are effective for the folder, the files in that folder, and the subfolders. The other files and folders in the Shared Documents folder remain configured at Level 3.
Note The only exception is if you have a folder (SampleSubFolder) that is shared at Level 4 inside a folder (SampleFolder) that is shared at Level 5. Remote users have the correct access level to each shared folder. Locally logged-on users have writable (Level 5) permissions to the parent (SampleFolder) and child (SampleSubFolder) folders.
Note If you are not comfortable with the information that is presented in this section, ask someone for help or contact support. For information about how to contact support, visit the Microsoft Help and Support contact information Web site:
Files on a read-only device such as a CD-ROM shared at Level 4 or 5 are available only if the CD-ROM is in the CD drive. Any CD-ROM that is in the CD drive is available to all users on the network.
A file's permission may differ from the parent folder if one of the following conditions is true:
- You use the move command at a command prompt to move a file into the folder from a folder on the same drive that has different permissions.
- You use a script to move the file into the folder from a folder on the same drive that has different permissions.
- You run Cacls.exe at a command prompt or a script to change file permissions.
- Files existed on the hard disk before you installed Windows XP.
- You changed a file's permissions while Simple File Sharing was turned off on Windows XP Professional.
If you turn on and turn off Simple File Sharing, the permissions on files are not changed. The NTFS and share permissions do not change until you change the permissions in the interface. If you set the permissions with Simple File Sharing enabled, only Access Control Entries (ACEs) on files that are used for Simple File Sharing are affected. The following ACEs in the Discretionary Access Control List (DACL) of the files or folders are affected by the Simple File Sharing interface:
Expected upgrade behaviorA Windows 2000 Professional-based or a Windows NT 4.0-based computer that is joined to a domain or a workgroup that is upgraded to Windows XP Professional maintains its domain or workgroup membership respectively and has the classic file sharing and security UI turned on. NTFS and share permissions are not changed with the upgrade.
By default, if you upgrade a computer that is running Microsoft Windows 98, Windows 98 Second Edition, or Windows Millennium Edition that has "per share" sharing permissions to Windows XP, Simple File Sharing is always turned on. Shares that have passwords assigned to them are removed, and shares that have blank passwords remain shared after the upgrade.
If you upgrade a computer that is running Windows 98, Windows 98 Second Edition, or Windows Millennium Edition to Windows XP Professional and that computer is logged on to a domain, if that computer has share level access turned on and joins the domain while the Setup program is running, the computer starts with Simple File Sharing turned off.
By default, a Windows 98, Windows 98 Second Edition, or Windows Millennium Edition-based computer that is upgraded to Windows XP Home has Simple File Sharing turned on.
Known issuesFor remote users to access files from the network (Levels 4 and 5), the Internet Connection Firewall (ICF) must be disabled on the network interface that the remote users connect through.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
Remote users may receive an "Access Denied" message on a share that they had connected to successfully before. This behavior occurs after the hard disk is converted to NTFS. This behavior occurs on Windows XP-based computers that have Simple File Sharing turned on that were upgraded from Windows 98, Windows 98 Second Edition, or Windows Millennium Edition. This behavior occurs because the default permissions of a hard disk that is converted to NTFS do not contain the Everyone group. The Everyone group is required for remote users who are using the Guest account to access the files To reset the permissions, stop sharing, and reshare the affected folders.
Behavior that is affected when Simple File Sharing is turned on
- The Simple File Sharing UI in the properties of a folder configures both share and file permissions.
- Remote users always authenticate as the Guest account.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:302927 Computer Management displays user account names when logged on as Guest
- Windows Explorer does not keep permissions on files that are moved in the same NTFS drive. The permissions are always inherited from the parent folder.
- On Windows XP Professional-based computers that have Simple File Sharing turned on and Windows XP Home Edition-based computers, the Shared Folders (Fsmgmt.msc) and Computer Management (Compmgmt.msc) tools reflect a simpler sharing and security UI.
- In the Computer Management and Shared Folders consoles, the New File Share command is unavailable when you right-click the Shares icon. Also, if you right-click any listed share, the Properties and Stop Share commands are unavailable.
Behavior that is not caused by turning on Simple File Sharing
- In Windows XP Home Edition, the Computer Management snap-in does not display the Local Users and Groups node. The Local Users and Groups snap-in cannot be added to a custom snap-in. This behavior is a limitation of Windows XP Home Edition. It is not caused by Simple File Sharing.
- If you turn off the Guest account in the User Accounts Control Panel tool, only the guest's ability to log on locally is affected. The account is not disabled.
- Remote users cannot authenticate by using an account that has a blank password. This authentication is configured separately.
- Windows XP Home Edition cannot join a domain. It can only be configured as a member of a workgroup.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:303606 Can log on without password by using Guest account after upgrade from Windows 2000