Making File and Printer Sharing Safer in Windows XP Service Pack 2
Published: September 28, 2004 | Updated: December 17, 2004
Certain configurations of Windows Firewall in Windows XP Service Pack 2 (SP2) could cause file and printer sharing to be available to a larger number of people than you had intended. This article provides information about keeping shared files and printers on a network safer.
A firewall is a protective boundary that monitors and restricts information that travels between a network or the Internet and your computer. This provides a line of defense against someone who might try to access your computer without your permission. If you're using Windows XP Service Pack 2 (SP2), Windows Firewall is turned on by default. To help protect your computer against viruses or security threats, we recommend that you keep Windows Firewall on.
Because a firewall restricts communication between the Internet and your computer, you might need to adjust settings for some programs that need to receive information from the Internet or a network. These adjustments are called "exceptions." To keep your information as safe as possible, you should be cautious about creating exceptions. By definition, an exception in Windows Firewall can make your computer more vulnerable on the network. Only create exceptions for programs or services you truly need, and enable those exceptions only in safe network situations rather than on networks that are open to public access.
When you enable file and printer sharing in Windows, you create an exception in Windows Firewall so that other people can access files on your computer or printers attached to it. If not properly configured, this exception can also give unapproved people access to your shared files and printers. This exception is designed to allow access only to people using computers on your "local network." However, the boundaries of your local network vary depending on how your Internet service provider (ISP) configured the network. For example, an entire neighborhood could be the local network for a broadband ISP. Also, depending on how an ISP configures its dial-up network connections, the entire Internet can be considered "local" by Windows Firewall if you connect through a modem. One way to have your local network extend only as far as you want it to is to connect to the Internet through a router that includes network address translation (NAT). We recommend that you do not share files and printers unless you have a router with NAT between your computer and the Internet. Check your router documentation to see if it includes NAT.
If you want to use file and printer sharing, here are some suggested guidelines:
1. | Disable file and printer sharing whenever you connect directly to the Internet or to a nonsecure network, such as at an airport or a coffee shop. |
2. | Install a router that includes NAT between your computer or network and the Internet. |
3. | Always use strong passwords for all user accounts and file and printer shares. This will help protect those files that are accessible to others, so that they cannot be read, copied, or changed. Read about creating strong passwords. |
4. | If you are an IT professional or you want to configure advanced Windows Firewall options, there is guidance on the TechNet Web site. |
5. | Go to Microsoft Update and make sure you've installed the Windows Firewall update that was released on December 14, 2004. This update will reduce the possibility of unapproved people accessing your shared files and printers. You can find more technical details about this update in this Knowledge Base article (886185). Note If you have Automatic Updates turned on, this update has been automatically installed on your computer. |
Windows Firewall is designed to offer you substantial protection against hackers without inhibiting sharing of files and printers. Although adding exceptions can weaken that protection, Windows Firewall provides strong protection for most scenarios and we strongly recommend that you keep it turned on.
To disable file and printer sharing
1. | Click Start, and then click Control Panel. |
2. | Click Security Center, and then click Windows Firewall. |
3. | On the Exceptions tab, under Programs and Services, clear the check box next to File and Printer Sharing, and then click OK. |
