Disable Windows file sharing, or setup correctly



last revision August 10, 2004

Suggestions to secure your Windows PC:
  1. Use strong passwords
  2. Install security patches
  3. Share files correctly
  4. Use anti-virus software
  5. Protect against email viruses
  6. Install PCLeland
  7. Minimize open network services
  8. Run a security analyzer
  9. Do regular backups
  10. Apply special Windows XP fixes

Be very careful with Windows file sharing. Default options for all versions are insecure and will let hackers onto your computer unless disabled or fixed. Your best bet is to disable file sharing completely.

File sharing on Energy Resources Engineering department supplied computers has been configured correctly in the default installation. If a Energy Resources Engineering user never makes any changes to file sharing (which he should not), then he can skip the rest of this section. If he attempts to alter the file sharing settings, or create new shares, then he must pay attention to the recommendations below.

In order to use the file sharing features of Windows to allow access from other computers that you use, but keep hackers out, you must enable shares that require accounts and passwords. This is not the default setting on any version and can take considerable work to set up. In addition, you must synchronize the account names and passwords set on the "server" Windows computer with the account names and passwords on the "client" Windows computer, which can be a hassle. Most PC users should keep file sharing turned off and use their computer only as a client of well-managed servers, such as pangea. If you need to make your Windows computer into a file server, please request setup help from our desktop support consultant via HelpSU.

Assuming that you do not have any need to share the files on your hard disk with other computers, you should completely disable the sharing feature. You will still be able to connect to servers, but no one (including hackers) will be able to connect to your computer. Energy Resources Engineering users, however, must keep file sharing active on their department supplied computers for backup and sharing of their "Users" directory.

To disable file sharing , open Start->Settings->Control Panel->Network and Dial Up Connections. Right-click on Local Area Connection and select Properties. In the middle of the properties window, you will see the list of networking components used by this connection. Uncheck the item named File and Printer Sharing for Microsoft Networks, and then click OK. This change goes into effect immediately. In this case, you can skip reading the rest of this section, which only applies if you leave file and print sharing active, and go on to install anti-virus software.

If you decide to leave the file and printer sharing feature active for possible use, you must follow the recommendations below to share securely. You can check the World of Windows Networking web site for complete instructions, with numerous screen shots, for configuring file sharing on all versions of Windows. This site has a somewhat cavalier attitude towards password protection. On the Stanford network, always protect file shares with accounts and passwords.

  1. File sharing fixes for Windows 95, 98, and ME
  2. File sharing fixes for Windows NT and 2000
  3. File sharing fixes for Windows XP

Comments or Questions?