File sharing is a relatively painless process providing you know the relevant steps to take to set it up. Follow this brief guide and you’ll be file sharing between 2 systems in no time.

Please note this guide will cover file sharing over a LAN, file sharing over the internet can be a dangerous practice as it requires exposing certain file sharing/netbios ports that will be visible to anybody on the internet.

Sharing Folders – First you must decide what you want to share, you can share as many folders as you like, if you share a folder all the contents of it (files/sub folders) will be shared. It has been said that sharing the root of your drive is very bad practice due to security reasons, a few things should be considered about this though. Will you be allowing read/write access to the contents or just read? If its just read then hypothetically if someone gained access they would not be able to move/delete any files. To add to this point, how is your network setup? if you are behind a NAT router and have a software firewall then the chances of someone gaining access to your file share over the internet is VERY small. For an attacker to do this they would have to:

-Realise you have file sharing enabled on your LAN, with your file sharing ports being closed on your router this would be practically impossible from outside your LAN without you telling them!
-Gain access to your LAN somehow, unless you have a VPN/Remote desktop connection enabled this would also be extremely hard.
-Brute force your username/password for your file shares (as long as you dont have the ‘everyone’ permission set!), providing you have a password over 8 characters this would be impossible, as it would take months and months where they would require permenant access to your LAN.

As you can see the cause for concern over sharing the root of your drive has been exagerated greatly and can be safe providing you take the neccesary precuations on your network. With this being said it is entirely up to you whether you chose to do this. Im not saying that it would be impossible for an attacker to gain access and exploit it, however it is lot less likely than many people make out.

So now you’ve decided what you want to share you must do the following: Firstly disable simple file sharing. Go to My computer, click Tools > Folder Options. Click the view tab and at the bottom uncheck “Use simple file sharing (Recommended)”

Next right click on the folder(s) you want to share (you must do them one at a time) click sharing and security, click the sharing tab. Click the “Share this folder” radio button. You can then give the share a name and a comment or leave those as default. You can also change the number of users allowed to connect at once although you prolly wont need to do this.

Ok now thats done, it is advised you set the permissions now, click the permissions button, you must now choose the groups or usernames of who you want to allocate permissions to and then the actual permissions themselves. You can add local users as well as built in system users (for exampe IUSR_MACHINENAME for the IIS account) however you will only really need to add local users in this scenario. By default ‘Everyone’ is given read permission. From a security point of view it is best to remove this and add a local user with a password.

So click on Add and type the name of the user you want to add in the box and click ok.

Note: in this instance you will more than likely only be able to chose from one location, and that is the default: your computer name. Different locations would only be used if you were joined to a domain.

Now you’ve added the user you can select the user from the list and allow or deny the 3 permissions (Full Control, Change, Read) Apply these settings and your ready to go!

Connecting to the shares – You are now ready to connect to the shares from the other computer. you can do this several ways, you can browse workgroup computers if your on the same workgroup, or the quicker way is to go on Start > run and type \\IPAddress or \\Comptutername obviously replacing IPAddress or Compturname with that of the other system. Providing the other systems firewall (if any) has been allowed to file share (generally ports 135-139 both UDP and TCP are open locally) you should be prompted for a username and password, you must enter the username/password of one of the users you granted permissions for. If you granted permissions to a user without a password and try to connect with that, chances are Windows will throw back a nice error explaining you cannot connect to the system.

Hopefully you should now be browsing the shares of the computer. If you are planning on permenantly using the shares, I would advise you map a network drive to them. To do this go on My computer > Tools > Map Network Drive. Chose a drive letter and in the folder type the \\IPAddress or \\Comptutername, you can also do a further \afterwards and put the specific share name if you just want to map one folder.

Every time you logoff and log back in you will be prompted for the username/password when you try and connect the mapped drive, that is until you tick the “Remember username/password box to stop this.

Thats it really! Your now ready to file share whatever you choose and select the appropriate permissions you want.