Microsoft KB 307874 describes how to disable Windows XP Professional’s simple file sharing. Why would you want to disable simple file sharing on your workstation? The KB explains:

By default, simple file sharing is enabled on a Microsoft Windows XP-based computer if the computer is not a member of a domain. With simple file sharing, you can share folders with everyone on your workgroup or network and make folders in your user profile private. However, if simple file sharing is enabled, you cannot prevent specific users and groups from accessing your shared folders. If you turn off simple file sharing, you can permit specific users and groups to access a shared folder. Those users must be logged on with the credentials of user accounts that you have granted access to your shared folder.

Table of Contents

    In a nutshell, if your machine is not a member of a domain, and you want to specify non-default ntfs or share permissions, you’ll need to disable simple file sharing.

    To disable simple file sharing as explained in KB 304040, follow these steps:

    1. Click Start – My Computer

    2. On the Tools menu, click Folder OptionsView

    3. In the Advanced Settings section, clear the Use simple file sharing (Recommended) check box – OK

    Howto: Disable Windows Simple File Sharing via the Registry and Local Security Policy image 1

    This method works just fine, but I wanted to disable simple file sharing on machines that had already been deployed, without any end user interaction. I figured the easiest way to do this was to edit the registry on the remote machines. KB 290403 explains that the registry value that needs to be changed to disable simple file sharing is:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ForceGuest

    Change the value from 1 (simple file sharing enabled) to 0 (simple file sharing disabled)

    You can also disable simple file sharing by changing the following Local Security Policy:

    Security Settings - Local Policies - Security Options - Network Access: Sharing and Security Model for local accounts

    Howto: Disable Windows Simple File Sharing via the Registry and Local Security Policy image 2

    Change Guest Only – local users authenticate as guest to Classic – local users authenticate as themselves, then run gpupdate /force from a command prompt.

    Please note that if you are running Windows XP Home, you will not have the option to disable simple file sharing through Windows Explorer unless you boot to safe mode.

    Leave a Reply

    Your email address will not be published. Required fields are marked *