Home | Resource Guides | Tech Tips | Network Administration | Hardware | Certification

Tech Tips › Windows XP › Security

Tech Tips / Windows XP / Security

All are guests

Among the many changes that Microsoft made in Windows XP are some minor yet very important changes in the security model. If you have a local network, you'll definitely want to know them. If you're not connected to a network and other users don't remotely connect to your machine, this information will not affect you.

If you're running a network and have Windows XP Home Edition or Windows XP Professional in a workgroup (not in a domain), you'll need to know that all inbound network connections are authenticated as Guest. In other words, when someone tries to access files on your machine, they are authenticated as Guest on your machine, even if they have defined a different username and password. All remote connections are treated equally: Everyone who tries to access the remote computer will have the same permissions. It's very important to realize that any user who can access your computer from the network can access the shared files.

This puts your sharing infrastructure in an all-or-nothing mode. Either you allow all users access to your shared file or deny access to everyone. This might work fine in a home environment, but it's not recommended for corporate networks.

To disable this feature and return to the old per-user permissions:

1. Open the Local Security Policy console in the Administrative Tools folder.
2. Browse down to: Computer Configuration\Windows Settings\Security Settings\
   Local Policies\Security Options.
3. Double-click on the Network Access: Sharing And Security Model For Local Accounts.
4. Change the settings from Guest Only to Classic. This feature is, by default, set to Classic when Windows XP Professional is joined to a domain.