Securing shared resources

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Securing shared resources

You can control access to shared resources with a variety of methods. You can use share permissions, which are simple to apply and manage. You can use access control on the NTFS file system, which provides more detailed control of a shared resource and its contents. You can also use a combination of these methods. If you use a combination of these methods, the more restrictive permission always applies. For example, if the share permission is set to Everyone = Read (which is the default), and the NTFS permission allows users to make changes to a shared file, the share permission applies, and the user is not allowed to change the file.

For more information about how to set NTFS file permissions, see Set, view, change, or remove permissions on files and folders. For more information about how to set share permissions, see Set permissions on a shared resource. For more information about best practices for working with Shared Folders, see Best practices for Shared Folders.

Fixed disks on your computer, such as drive C or drive D, are automatically shared using the syntax drive letter$, such as C$ or D$. These drives do not appear with the hand icon that indicates sharing in My Computer or Windows Explorer, and they are also hidden when users connect to your computer remotely.

If your computer is not protected by a firewall, and someone knows the user name and password of any member of the Administrators group, Backup Operators group, or Server Operators group, that person has the same access to your computer as an administrator.

Important

  • To keep your drives secure, use a strong password for all accounts. For more information, see Strong passwords.

  • For best security, you can also rename the Administrator account. For more information about how to do this, see Accounts: Rename administrator account.

  • If you change permissions on special shared resources, such as ADMIN$, the default settings may be restored when the Server service is stopped and restarted or when the computer is restarted. Note that this does not apply to user-created shared resources whose share name ends in $. For more information about special shared resources, see Special shared resources.