What's new
  • Announcing New Ownership at Home Theater Forum. Learn More

XP Pro, sharing folder inside Program Files, permission problem (1 Viewer)

Rob Gardiner

Senior HTF Member
Feb 15, 2002
Hello everybody,

Most of my experience is with Windows 2000. I have avoided Windows XP precisely because of problems such as this one:

I am in an office with 2 PCs, both of which run Windows XP Pro. I need to share a folder on the server (it's technically a peer-to-peer network, but I'll use the words "server" and "client" to describe their roles) and allow the client to access a file within that shared folder.

The folder I need to share is the "QuickBooks 2005" folder, which is of course located inside the "Program Files" folder on the server.

Sharing the folder is no problem (once I turned off "Simple File Sharing", one of XP's many unnecessary features, which paradoxically makes things less simple). Setting permissions is likewise no problem. I have done this on Windows 2000 many times without incident. Locating the shared folder from the client PC is no problem. In fact, when I opened "My Network Places" on the client PC, the shared folder appeared automatically.

HOWEVER, when I attempt to open the folder and look at the contents inside, I get the following message:

As far as I can tell, the "QuickBooks 2005" folder on the server is properly shared. When viewing the folder in Windows Explorer, the folder icon appears as a file folder being shared by a generous hand. Right-clicking the folder and selecting "Sharing and Security..." indicates the following: "Share this folder" is selected. The "Share name:" is "QuickBooks 2005" (the same name that appears in "My Network Places" on the client PC). Further, clicking the "Permissions" button indicates that "Everyone" has "Full Control", as well as "Change" and "Read" permission.

I have even gone to the "Security" tab of the folder's properties, to ensure that "Users", "Power Users", and "Administrators" have "Full Control", as well as every other type of access. However, this should only affect local access, not access over the network, correct?

What makes this so infuriating is that there is another folder, also located within "Program Files" (called "DocumentAssemblyTemplates" belonging to another application, Amicus Attorney), that is being shared with no problem whatsoever. I have examined the sharing and permission settings on this shared folder and can't see any difference. The client can open and read the contents of this other shared folder, but not the QuickBooks one.

What am I doing wrong? Is there a checklist of items somewhere that may contain a potential solution? I understand Windows XP Pro places restrictions on the sharing of folders located within "Program Files". However, if this restriction were in place, I would not be able to access the "DocumentAssemblyTemplates" folder from the client PC. Why on earth can I access one shared folder but not the other?

QuickBooks of course refuses to provide support on their site for network issues like this, due to the great variety of possible network configurations.

Any help would be greatly appreciated.

Many thanks,

Kimmo Jaskari

Feb 27, 2000

Actually no. That is the "real" security setting on that machine. It specifies who or what can access that folder on your machine. You can have network sharing turned on to whatever super-permissive levels you want (and sharing with full access for everyone is a majorly bad idea, you basically never want to do that unless what is on the shared folder on the server is something completely unimportant that you don't mind if the world sees - or erases) but the file system permissions on the server machine will override that.

Keep in mind that Everyone means just that (assuming you alter the file permissions on the machine to permit it too). Anyone who can connect a device to the network in that office can just connect to your folder and do anything. Not just every authenticated user... everyone and anyone. Don't do it.

Now, if you were to connect the share from the client using a different username, one that was registered on the server host, it would probably work with the permissions you list (ie, access for users on that machine.) If you have a user on the server, say "Joe User" with the username "joeu", you could connect to the share from the client with "SERVERNAMEjoeu" and his password on the server and you'd almost certainly be good to go. By adding the first SERVERNAME part, you indicate that you want to authenticate against the servers local "domain", not the domain of your client.

So, the file system security must be set up in such a way that the user connecting over the network has access, otherwise access will be blocked. The easiest way is probably by specifying the domain as per the above, but you might also be able to add file system permissions in the reverse way (haven't tried it so I'm not 100% positive) - by allowing permissions for a specific user or groups of users on the client in the same way, "CLIENTCOMPUTERjoeu".

Users who are viewing this thread

Forum Sponsors

Forum statistics

Latest member
Recent bookmarks