• Choose a category
• All
• Classic-Fiction

Once you select a user account, you can then choose what permission level to give that user. You have three choices: Reader, Contributor, or Co-owner (Figure 16-35). Reader simply means the user has read-only permissions. Contributor gives the user read and write permissions and the permission to delete any file the user contributed to the folder. (Contributor only works at the folder level.) A co-owner can do anything.

Public Folder

The Public folder offers another way to share files and folders. Anything you want to share with all other users on the local machine—or if on a network, throughout the network—simply place in the Public folder or one of the many subfolders, such as Public Documents or Public Pictures (Figure 16-36). Note that the Public folder does not give you any control over what someone accessing the files contained within can do with those files.

Figure 16-34 File Sharing dialog box on a standalone machine

Figure 16-35 Permissions options

Figure 16-36 Shared folders in the Public folder

Locating Shared Folders

Before you walk away from a computer, you should check for any unnecessary or unknown (to you) shared folders on the hard drives. This enables you to make the computer as secure as possible for the user. When you open My Computer or Computer, shared folders don’t just jump out at you, especially if they’re buried deep within the file system. A shared C: drive is obvious, but a shared folder all the way down in D:\temp\backup\Simon\secret share would not, especially if none of the parent folders were shared.

Windows comes with a handy tool for locating all of the shared folders on a computer, regardless of where they reside on the drives. The Computer Management console in the Administrative Tools has a Shared Folders option under System Tools. In that are three options: Shares, Sessions, and Open Files. Select Shares to reveal all of the shared folders (Figure 16-37).

You can double-click on any share to open the Properties dialog box for that folder. At that point, you can make changes to the share—such as users and permissions—just as you would from any other sharing dialog.

Administrative Shares

A close glance at the screenshot in Figure 16-37 might have left some of you with raised eyebrows and quizzical looks. What kind of share is ADMIN$ or F$?

Figure 16-37 Shared Folders tool in Computer Management

Every version of Windows since Windows NT comes with several default shares, notably all hard drives—not optical drives or removable devices, such as thumb drives—plus the %systemroot% folder—usually C:\Windows or C:\WINNT—and a couple of others, depending on the system. These administrative shares give local administrators administrative access to these resources, whether they log in locally or remotely. (In contrast, shares added manually are called local shares.)

Administrative shares are odd ducks. You cannot change the default permissions on them. You can delete them, but Windows will re-create them automatically every time you reboot. They’re hidden, so they don’t appear when you browse a machine over the network, though you can map them by name. Keep the administrator password safe, and these default shares won’t affect the overall security of the computer.

* * *

NOTE Administrative shares have been exploited by malware programs, especially because many users who set up their computers never give the administrator account a password. Starting with Windows XP Home, Microsoft changed the remote access permissions for such machines. If you log into a computer remotely as administrator with no password, you get guest access rather than administrator access. That neatly nips potential exploits in the bud.

Protecting Data with Encryption

The scrambling of data through encryption techniques provides the only true way to secure your data from access by any other user. Administrators can use the Take Ownership permission to seize any file or folder on a computer, even those you don’t actively