Vista File and Print Sharing
In this article, I will show you how users can set up some share points of their own in the new Windows Vista operating system. In almost every office, it eventually becomes necessary for users to collaborate on documents. In the past, this has often meant that the administrator has to set up a special location for the shared documents and create a special security group made up of the users who will need access to them. In Windows Vista though, it is possible for users to set up some share points of their own, but in a controlled manner that is unlikely to cause administrative headaches. Allow me to show you how it works.
Although I’ve always liked Windows XP on the whole, I’ve always found it to be a bit lacking in collaboration features. For example, what happens when a group of users in your company need to collaborate on a document? Assuming you haven’t set up a special shared folder on a file server and you don’t have a SharePoint portal set up, the users probably just end up e-mailing the document back and forth. Windows XP does allow you to share folders with other users, but doing so usually opens a can of worms, so most administrators prevent users from creating file shares on their computers.
In Windows Vista though, the entire file and print sharing mechanism has been completely redesigned and in a way that allows users to collaborate on projects, while still allowing administrators to preserve at least some degree of security. In order to appreciate the ways that file sharing works in Windows Vista, you need to understand a little bit about the way user files are stored in Windows XP. Most of you probably already know all about user folders in Windows XP, but I want to briefly discuss them for the benefit of anyone who might not have much Windows XP administration experience.
Windows XP is designed to support multiple users. Any time a user logs into a computer that’s running Windows XP, Windows does a quick check to see if that user has logged in before. If the user has never logged into the machine, Windows then creates a profile for that user and puts it directly on the local hard drive (assuming folder redirection isn’t being used). By default, user profiles are stored in the C:\Documents and Settings folder. Windows creates a separate folder for each user, with the folder bearing the user’s name. If the user is logging in via a domain account, the folder’s name is made up of the user’s name, a period and the domain name. You can see an example of this folder structure in the picture below.
The user’s profile folder’s job is to store all of the user’s documents and settings related to the user’s account (Internet Explorer favorites, etc). You can see the contents of a typical user profile folder in the given picture below.
Like Windows XP, Windows Vista is also designed to support multiple users. As such, Vista uses a user profile folder structure that is similar to the one used within Windows XP. There are a few differences that you will notice right off the bat though. For example, the Documents and Settings folder has been renamed to Users. The naming convention for the individual profile folders remains the same, but the structure of the profile itself has changed to reflect Vista’s ability to better index various file types. The picture below shows what a Vista profile folder looks like in comparison to the Windows XP version, which was shown above.
What I really want to show you though is the contents of the Users folder, shown in the picture below. Notice any differences from the first picture? Both Windows XP and Windows Vista have folders for each user profile. However, Vista also includes a Public folder.
The Public folder is designed specifically for file sharing. If a user needs to share a document with others in the organization, they can place that document into the Public folder on their machine. That way, users can collaborate on documents without having to actually create shares on their workstations.
Earlier, I mentioned that the new file and print sharing mechanism doesn’t completely throw security out the window. The truth is that the administrator always has control over whether sharing is allowed or not. If you do decide to allow sharing though, you are somewhat at the mercy of the user, as far as security is concerned.
To understand what I am talking about, you will need to see the dialogue box that allows file and print sharing to be configured. Windows Vista is still in beta testing, so anything can change. For now though, you can access the file and print sharing settings by opening the Control Panel and clicking on the Network and Internet link, followed by the File and Print Sharing link. When you do, you will see the dialogue box that’s shown in the picture below.
The dialogue box shown above allows you to control the behavior of file and print sharing for the machine. On a larger scale, you would probably want to control these settings via a group policy, but I wanted to show you this box just so you could get a better feel for how the process works.
The first thing you will probably notice in the dialogue box is that it allows you to share your printer. Printer sharing works pretty much the same way that it did in Windows XP, so I don’t want to waste too much time talking about that. Vista’s file sharing capabilities are much more interesting.
I don’t have any documentation on Vista yet, but from what I have been able to observe, users are allowed to share any folder that they have rights to. However, the only folder that the users have full control over, by default, is their profile folder. This means that a user could share their profile folder or a subfolder within the profile folder using basically the same method they used in Windows XP.
As an administrator though, I don’t really like the idea of users sharing some or all of their profile folders. A responsible user may only share a folder containing documents for collaboration, but it is just too easy for a user to share the whole thing. As I already mentioned, a profile folder contains user specific configuration data, which tends to be very sensitive. That being the case, you have the option of either allowing or disallowing users to share their profile folders. Notice in the earlier picture that the Don’t Allow People Using This Computer to Share out Their User Account Folder option is selected by default.
So, what about the Public folder that I mentioned earlier? Well, if you take a look at the above picture, you will notice that just below the option to share printers, there is a checkbox that you can enable if you want to share the contents of the machine’s Public folder. Just beneath this checkbox are two radio buttons that you can use to control network access rights to the folder. This then brings up an interesting point about the Public folder. The rights that you apply here apply throughout the Public folder by default. Users can however, create subfolders beneath the Public folder and set network access rights to those folders individually.
The last thing I want to point out is the two links at the bottom of the File and Printer Sharing dialogue box. These links allow you to see, at a glance, which files on the machine are being shared and what shares exist on the machine. I love this feature, because it takes the guess work out of working with network shares.
As you can see, file and print sharing works quite a bit differently in Windows Vista than it did in Windows XP. The Public folder feature now gives users a central place for sharing documents without having to involve an administrator. Check it out!
~ Ramachandran Kumaraswami