~ A Tip A Day ~ - Page 21

LoneRanger · #**301** 05-30-2008, 12:46 PM

30 May 2008:

Receive All Types of Attachments

My clients email me attachments, and I can usually open them without a
problem. But the other day, I received this message where the attachment should have been: "Outlook blocked access to the following potentially unsafe attachments: product list.mdb."

By default, Microsoft Outlook won't allow you to send or receive certain types of attachments, such as .mdb and .exe files; instead, you'll just get that error message. The rationale is that these files can contain viruses or other harmful code, but the fact that Outlook doesn't let you easily disable or at least customize this feature is just plain stupid. What's even more ridiculous is that Word (.doc ) files, which are one of the most common transports of viruses, aren't blocked by default.
The simple fix is to have the sender resend the file, but with a different filename extension. (Better yet, have him zip up files to get them past the blocker, and make them smaller to boot.) I know what you're thinking: how secure is my system if Outlook can be so easily fooled by
renaming product list.mdb to product list.mda? The answer: it isn't doing a good job, which is why spyware and viruses remain such a monumental problem in the PC world.

But what if the sender can't be reached, and you need the file right away? Or what if you need to be able to receive .mdb attachments every week?

To change the way Outlook works, you'll need to fiddle with the Windows Registry. Close Outlook and open the Registry Editor (go to Start Run and type regedit ). If you're using Office XP/2002, expand the branches to HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\O utlook\Security . If you're using Office 2003, expand the branches to
HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\O utlook\Security .
Next, create a new string value by selecting Edit --> New --> String Value. In the right pane, type Level1Remove for the name of the new value. Double-click the new Level1Remove value to edit it, and type the filename extensions you'd like Outlook to allow in the "Value data" box.
Extensions should be typed in lowercase, without the leading dots (.), and separated by semicolons (. For example, type: exe;mdb;vbs
to allow .exe , .mdb , and .vbs attachments, respectively. Click OK and then close the Registry Editor when you're done.

Now, restart Outlook and open that email with the error message. You should now be able to open those previously blocked attachments. (If an attachment is still blocked, you likely got the filename extension wrong.)

Note: Of course, receiving all attachments means you'll now be able to get potentially harmful files via email. Even though the majority of viruses are actually contained in files Outlook doesn't block by default, such as .zip files, exercise caution when opening any files you subsequently receive. Certainly make sure to scan all incoming attachments manually with your antivirus program, or, if you don't trust yourself to remember, have your antivirus program automatically scan all incoming files. When in doubt, contact the sender to make sure they actually sent you the attachment in question before you open it .

LoneRanger · #**302** 05-31-2008, 11:17 AM

31 May 2008:

Hide Old Email Recipients

When I start to type the name of a recipient in an outgoing email message, my email program shows me a long list of matching names and addresses. Where did all these names come from, and how can I clean out the list?

Email programs build these lists by culling names you've typed previously, names of people in your In and Out mailboxes, and names in your address book. Unfortunately, this can include misspelled and obsolete names as well as valid ones.

To remove a single name or address from the history list in Outlook or Eudora, type the first few letters and, when the history list appears, highlight the errant entry (see Figure) and press the Delete key.

You can also disable the history list completely. In Outlook, go to Tools --> Options, choose the Preferences tab, click the E-mail Options button, and then click the Advanced E-mail Options button. Uncheck the "Suggest names while completing To, cc, and bcc fields" box, and click OK in each dialog box.

In Eudora, go to Tools --> Options, choose the Auto-completion category, and uncheck the boxes next to all the options under the "Auto-complete items in recipient fields with data from" heading.
If you don't want to disable the feature but you want to make it harder to accidentally select the wrong name, check the "Don't auto-complete, just list matches" box and click OK when you're done.

LoneRanger · #**303** 06-01-2008, 12:16 PM

01 June 2008:

Back Up Stored Email

Ever since my hard disk crashed last year, I've been paranoid about backing up my important data. Most of my files are easy enough to find in the My Documents folder, but I'll be darned if I can figure out where my email is located.

Backing up your email is as simple as making copies of the mailbox files. Their locations depend on the email software you're using.

Note: Eudora's .mbx files share the same format as Unix mailbox files, so if you want to import a few years' worth of mail you've
been reading with Pine, it's as simple as FTPing the file into your Eudora folder (in ASCII mode) and renaming the file with the .mbx
extension. Restart Eudora, and the imported mailbox will show up in the Mailbox menu !

Eudora typically stores its email in either the application folder (usually \Program Files\Qualcomm\Eudora ) or your user data folder (\Documents and Settings\{username}\Application Data\Qualcomm\Eudora ). Each mailbox is stored in two files:
messages are stored in a plain-text .mbx file, and a corresponding "table of contents" is stored in a binary .toc file. So, to back up your Out mailbox, you'd need to copy both out.mbx and out.toc .

Mailboxes in folders are stored in actual folders (e.g., Business.fol contains the .mbx and .toc files for your Business folder). Your best bet is to back up the entire Eudora folder and all of its subfolders, which will catch all your email, your address book, your personalities, and all your
account settings.

Outlook, on the other hand, stores all your email, contacts, and even your calendar in a single binary .pst file located in your \Documents and Settings\{username}\Local Settings\Application Data\Microsoft\Outlook folder. (The exception is Outlook in a networking environment using
Exchange Server, where your .pst file is stored on a file server somewhere; in this case, contact your administrator for help.)

Note: Since all of Outlook's data is bundled up in such a tidy package, there's no simple way to merge it with the Outlook data on another computer (say, if you quit your job and wanted to take your email home). Of course, you can overwrite one .pst file with another, but then you'll lose all your email on the target system. One solution is the Microsoft's own Personal Folders Backup add-in for Outlook 2003, freely available from http://www.microsoft.com/downloads/ .

If you're using Outlook Express, your email is stored in separate .dbx files one for each mailbox in the \Documents and Settings\{username}\Local Settings\Application Data\Identities\{some long string of characters}\Microsoft\Outlook Express folder. Just back up the entire folder, and you're set.

LoneRanger · #**304** 06-02-2008, 12:24 PM

02 June 2008:

Email Long URLs

Whenever I send an email containing a long web address, my recipient
complains that it doesn't work. I finally realized that the long address was being broken apart somewhere along the way, but it's a hassle telling people that they need to reassemble broken URLs.

You've discovered the evils of word wrap. Your typical computer displays lines 80 characters wide. If you send someone a mondo URL, her email program will break it up into separate lines.

Since email vendors have yet to fix this glitch, one neat fix is to shrink the URL before you send it.

For example, TinyURL (TinyURL.com - shorten that long URL into a Tiny URL ) can take any horrendously long URL, such as:
Google Maps
112&t=k&hl=en
and turn it into a tidy, easy-to-email URL like:
Google Maps

TinyURL is fast and free, and the URLs it makes never expire. Also available is SnipURL (Snipurl / Snurl / Snipr - Snippetty snip snip with your looong URLs! ), which does pretty much the same thing but adds tracking features.

So, what do you do when someone sends you a long URL? Well, you can highlight it, copy it to the clipboard (Ctrl-C), and then paste it into Notepad (Ctrl-V), where you can then proceed to manually reassemble the URL onto one line. (Take care to remove extraneous characters, such as spaces and punctuation, while leaving in the stuff that belongs.) Then, copy it again and paste it back into your web browser's address bar. Or, if you're using Firefox or Mozilla Suite, you can streamline this process with the free Open Long URL extension (https://addons.mozilla.org/extension...firefox&id=132 ). Install the extension, restart your browser, and then select File --> Open Long URL. Paste the long, broken URL into the box and click OK, and the extension will reassemble the URL for you and open the page. See? Much easier than fixing our email software.

LoneRanger · #**305** 06-03-2008, 12:37 PM

03 June 2008:

Network Two Computers

I want to set up a home network, but I can't figure out what I need to make it work. I thought Gosford Park was confusing, but this is ridiculous!

Well, to start with you need at least two computers, and a way to connect them. If you're assembling a wired Ethernet network, you're in luck: almost every PC manufactured after 1998 or so has a built-in Ethernet Network Interface Card (NIC). (Many newer PCs and nearly all laptops produced after 2003also include wireless cards.)

For the most part, network cables have gone the way of the dinosaur, because of the convenience offered by wireless networking. But cables still offer a fast, hassle-free connection that's susceptible to neither interference nor intruders.

If you decide to go the cable route, you'll need category-5 patch cables to connect each PC to your router. (If you're setting up a wireless network, you'll also need one of these cables to connect the wireless router to your DSL or cable modem.) Or, for a quick-and-dirty two-PC network without a router, a single category-5 crossover cable will do in a pinch.

Of course, you'll also need a router, which serves as a hub for the aforementioned cables. (If you want to connect any computers wirelessly, you'll need to get a wireless router that includes a built-in access point.) Routers let you share an Internet connection among any number of
computers, and even offer protection from the outside world by way of a built-in firewall.

After you've properly installed the drivers for your network adapters (wireless or otherwise), Windows should do the rest without much help from you but unfortunately, it doesn't always work out that way. (If you run into trouble installing the network adapters or other hardware, you can fix most simple configuration problems by completing the cumbersome Network Setup Wizard on all PCs in your network. Open the Network Connections control panel, and click the "Set up a home or small office network" link on the left side. (Or, if you don't see the Network
Tasks pane, double-click the Network Setup Wizard icon.) Click the Next button on the first few pages, and then answer the questions as follows:
If you're asked about disconnected network hardware, place a check-mark next to the "Ignore disconnected network hardware" option, and click the Next button. On the "Select a connection method" page, choose Other, and click the Next button. On the "Other Internet connection methods" page, choose the "This computer connects to
the Internet directly…" option, and then click the Next button. When asked for a computer name, choose a unique, one-word name for your PC (each computer must have a different name), leave the description field blank, and click the Next button. On the "Name your network" page, Windows will automatically name your network "MSHOME," even if you've previously typed a different network name. Type a new name if you want, but make sure all the other PCs on your network share the same network name. Click the Next button. On the "File and printer sharing" page, choose the "Turn on file and printer sharing" option if you want to exchange files over your network, and then click the Next button.

Proceed through the following (mostly pointless) screens by clicking the Next button, and when you arrive at the "You're almost done" page, choose "Just finish the wizard." Click the Next button, and then click the Finish button. Whew!

Back in the Network Connections window, select View --> Details to show the pertinent information. Right-click the "LAN or High-Speed Internet" connection you're using, and select Properties. Then, select Internet Protocol ( TCP/IP) from the list and click the Properties button to
show the Internet Protocol (TCP/ IP) Properties dialog box (see Figure).

In most cases, selecting the "Obtain an IP address automatically" and "Obtain DNS server address automatically" options will suffice. If, however, you can't get your network to work with automatic addressing, try the following settings:

1. Choose the "Use the following IP address" option.

2. In the IP address field, type 192.168.1.100 . (When you configure the second PC on your network type 192.168.1.101 in the IP address box. For the third PC, type 192.168.1.102 , and so on.)

Note: Often, networks don't work because Windows and your router fail to negotiate the correct addresses automatically. The first three numbers in each PC's IP address (e.g., 192.168.1 .) must exactly match the first three numbers in the IP address of your router usually 192.168.1.1 or 192.168.0.1 which you can get from your router's documentation. Only the last number (e.g., 100, 101, 102 ) must be different for each PC .

3. In the Subnet mask field, type 255.255.255.0 .

4. In the Default gateway field, type the IP address of your router (usually 192.168.1.1 or 192.168.0.1 ).

5. In the "Preferred DNS server" and "Alternate DNS server" fields, type the IP addresses of your ISP's primary and secondary DNS servers, respectively. Contact your ISP or visit your ISP's web site for this information.

6. Click OK in both boxes when you're done.

Note: The addresses you type for the subnet mask, gateway, and DNS servers should be the same for all PCs on your network .

These "static IP" numbers will help ensure that all the PCs on your network can communicate reliably with each other. For best results, set static IP addresses on all the PCs on your network.

Return to the Network Connections window when you're done. The Status column shows whether or not a connection has been established (e.g., "Connected" or "Network cable unplugged").

If it says "Acquiring network address," it means Windows is in the process of establishing a connection; if you see this for more than, say, 10 seconds, it means your router isn't automatically assigning your PC a proper IP address. If you're connecting wirelessly, this error typically appears when you haven't supplied the necessary WPA or WEP security key. For wired networks, this error could indicate a problem with
the router, the cabling, or the NIC and its drivers. If the "Obtain an IP address automatically" option is selected in the TCP/IP Properties dialog box for your network connection, try specifying a static IP address, as described earlier, to fix this problem.

If the status column says "Limited or no connectivity," it usually means a connection has been established but your IP address is incorrect; make sure that the first three numbers in your PC's IP address match the first three numbers in your router's IP address, and that the fourth is different from any other PC on your network.

LoneRanger · #**306** 06-04-2008, 12:45 PM

04 June 2008:

Share Files with Other Computers

I need to access a bunch of documents on my office desktop PC from my laptop. I want to open the files over the network and avoid the whole CD/floppy/USB drive shuffle, but I can't get it to work.

There are a handful of steps you need to take to configure your PCs before you can exchange files between them on your network:

1. Complete the Network Setup Wizard on each PC on your network. Computers"), and make sure you enable file sharing when prompted.

2. If you're using Windows XP Professional or Windows XP Media Center Edition, open Windows Explorer, select Tools --> Folder Options, and choose the View tab. Remove the check mark next to the "Use simple file sharing (Recommended)" option, and click OK. (This option is not
available in Windows XP Home Edition.)

3. The next step is to formally share the appropriate folder on the main PC. Open Windows Explorer and navigate to the folder containing the files you want to open remotely. Right-click the folder, select Properties, and choose the Sharing tab.

In Windows XP Home, check the "Share this folder on the network" box. In Windows XP Professional and Media Center Edition, select the "Share this folder" option (see Figure). (If Windows asks whether you understand the "risks," confirm that you indeed wish to enable file sharing.)

Enter a descriptive name in the "Share name" field. This is the name used for your folder when you view it over the network.

Note: If you're using Windows XP Home Edition and the "Share this folder on the network" option is grayed out, remove the check mark next to the "Make this folder private" option. If that option is grayed out as well, click the "another folder" link at the bottom of the window, remove the check mark next to the "Make this folder private" option on the window that appears, and click OK. Then return to the folder you want to share and try again .

4. If you want to be able to remotely modify, delete, or create new files in this folder, you must set the permissions accordingly. In XP just place a check mark next to the "Allow network users to change my files" option.

5. When you're done, click OK. A little hand icon will appear over the yellow folder icon to identify it as shared.

But you're not finished yet! For the sake of security, the desktop computer holding the files you want to share must have a password associated with the owner of the files. What's more, users trying to access those files remotely must be able to provide the same user-name
and password. This user validation may be transparent or may require a login, depending on who owns the files:

When you first connect to the PC with the shared files, Windows will check to see if the usernames of the owner of the shared files and the one using the remote PC are the same.

If the usernames are different, Windows will ask for a username and password. For example, if "Jane" on one computer tries to read the files on a computer belonging to "Rutiger," Jane will be required to type Rutiger as well as Rutiger's password in order to access the shared files.
If the username is the same on both PCs, the passwords must match. For example, if "Rutiger," while logged into one computer, tries to access files belonging to "Rutiger" on another computer, and each Rutiger account has precisely the same password, Windows will grant access to the files without any prompt at all. But if the passwords on both accounts
don't match exactly, Windows may not let you in, even if you type the correct username/password combination into the login box. The solution: just change one of the passwords so they match.

Note: Once you choose a password, Windows will ask you for it every time you power up your PC.

Once you have the user accounts and passwords straightened out on all your PCs, open Windows Explorer on the remote computer the one accessing the files on that desktop PCand navigate to the My Network Places folder, shown in Figure.

You may see several familiar-looking folders in My Network Places , such as My Documents on Laptop or C on Desktop . Windows Explorer automatically creates these folder shortcuts to provide easy access to frequently accessed shares. If you don't see the folder you want here,
don't panic; just open the Entire Network folder, then Microsoft Windows Network , then the name of your workgroup (e.g., MSHOME ), and finally the name of the PC with the files you want (e.g., Desktop ).

Note: Want to share bits of data without hassling with files? The Copycat utility, free from r2 Studios , automatically transfers the contents of your clipboard (used to hold data that you cut or copy) to all the PCs on your network. Just highlight some text on one machine, and press Ctrl-C; then, on another PC, press Ctrl-V to paste it anywhere you like !

Note: If you get an "Access is denied" error at any point, it means the owner of the files on the other computer has set permissions to keep you from messing with his data. If you have control over the other PC, see "Protect Shared Files" for help .

Inside the folder, you'll find a listing of the folders, printers, and (for some reason) scheduled tasks shared on that PC. Open any shared folder to access the files therein as though they were stored on your own hard disk: copy or move via drag and drop, rename, delete, or just double-click to open the files in place.

LoneRanger · #**307** 06-05-2008, 12:43 PM

05 June 2008:

Find Missing Computers in My Network Places

I'm trying to open a file on another PC on my network, but it doesn't show up in My Network Places . This is driving me crazy!

This is a really common problem, and one that is not always easily solved. First, a remote computer may not appear in My Network Places if it doesn't have any files or printers shared.

Shared folders on remote PCs can show up in two places in the My Network Places folder: shortcuts to previously accessed folders sometimes appear right in the My Network Places folder itself, but for a complete list, navigate to \ Entire Network\ Microsoft Windows Network , open your network (e.g., MSHOME ), and then open any PC to show its shared folders and printers.

Also, you may or may not see a PC that is in another workgroup in the Microsoft Windows Network folder in My Network Places . If you don't see the other workgroup, and you have control over the other PC, change its workgroup name to match the rest of the PCs on your network.

Open the System control panel (or right-click My Computer and select Properties), and then choose the Computer Name tab. The name of your PC, as well as the workgroup to which it belongs, is shown here (see Figure); click the Change button to rename the PC or join a different workgroup. All the PCs on your network should belong to the same workgroup, but no two PCs should share the same computer name.

If the workgroup matches but the PC still doesn't show up, one trick that often works is to type the name of the PC directly into Windows Explorer's address bar. (If you don't see the address bar, select View Toolbars --> Address Bar.) Erase the text in the address bar, and type two backslashes followed by the missing PC's name, like this: \\misterx
where misterx is the name of the remote PC. Press Enter, and with luck and about 510 seconds of patience Windows should list the shared folders on the remote computer.

If you still can't see the PC, make sure the network is functioning on both the remote computer and the local PC (the one you're sitting in front of). If they're both connected to a router that provides a shared Internet connection, for instance, open a web browser on each PC to test the connection. If you can load a web site, the network is working.
Often, you can force stubborn computers to show up by setting a static IP address for each PC on your network. Then use the ping command to test connectivity. Select Start --> Run, type cmd , and click OK to open a Command Prompt window, and then type:

ping 192.168.1.107

In this example, 192.168.1.107 is the IP address of the remote PC; replace this with the appropriate address. If you get a reply like the following from the remote machine, it means your computer can see and successfully communicate with that machine on your network:
Reply from 192.168.1.107: bytes=32 time=3ms TTL=64
If, on the other hand, you see a timeout message like this, the connection is broken:

Request timed out.

File sharing will not work as long as ping returns this error, so your best bet is to check your hardware and IP address settings instead of toiling with the My Network Places folder.

If the network checks out but you still can't see the remote PC, try restarting both computers and resetting your router (refer to your router's instructions for the reset procedure).

If all else fails, it's likely a problem with the hardware. Try replacing the cables if you have a wired network

LoneRanger · #**308** 06-06-2008, 10:11 PM

06 June 2008:

Protect Shared Files

I want to share a bunch of files with other PCs on my network, but I'm
worried that doing so will allow anyone to see them. How do I protect my data?

Any computer connected to your PC over a network including the several billion machines on the Internet may be able to access the files in your shared folders. Thus, the best way to protect your data is to not share it in the first place. If you need to share files, exclude folders that contain particularly sensitive data.

The first thing you need to do is set a password for your user account. Open the User Accounts control panel, select your account from the list, and then click "Create a password." Type your password twice, followed by a clue to act as a reminder down the road (you may well need it),
and then click the Create Password button when you're done. Thereafter, anyone wanting to access your files from another computer on your network will have to supply the password (with some exceptions for Windows XP Professional).

Now, unless you employ some sort of firewall anyone outside your local network namely, everyone on the Internet can access your data (and yes, no matter how uninteresting you may think the contents of your PC are, this can happen to you). Windows XP comes with the "Windows Firewall," a feeble software-based solution, but nothing beats a hardware firewall placed between you and the rest of the world. If you don't have one already, get yourself a router for this purpose.

What About Encryption?

Windows XP Professional also has some built-in data encryption features, but encryption offers no more protection than restrictive permissions when using shared folders. Rather, encryption is designed to protect your data from those who use your PC directly, either by sitting in front of it
or by remote control using Terminal Services (a.k.a. Remote Desktop).

Warning: If you're using a wireless network, anyone within range may be able to join your network and access your files.

For any more protection, you'll need to use permissions , which are special settings that control precisely who can do what to your files. Permissions are available only in Windows XP Professional (and Media Center Edition); if you're using Windows XP Home, your ability to protect your data effectively stops here.

On an XP Pro system, every file, folder, and drive has two sets of permissions you can set: permissions for local users (other people sitting at your PC), and permissions for anyone accessing your files through a shared folder. To set the permissions for a shared folder, right-click the folder, select Properties, choose the Sharing tab, and then click the Permissions button. The Share Permissions window, shown in Figure, shows a list of configured users in the top list, and the specific things the selected user is allowed to do down below.

First, make sure your own username appears in the upper list; if it doesn't, or if it merely shows "Everyone" (like the one in Figure), click the Add button. Type your usernameor the username of the person you want to be able to access your stuff in the "Enter the object names to select" field, and then click the Check Names button. If Windows underlines what you've typed, the username is okay; otherwise, you'll get a "Name not Found" message. Click OK when you're done adding names.

Next, highlight your username in the "Group or user names" list, and place checkmarks in the boxes in the Allow column below as you see fit. Want others to be able to read the files in this folder but not change any of them? Put a checkmark in the Read box, but not in the Full Control
or Change boxes.

Note: In most cases, you won't have to bother with the checkboxes in the Deny column unless you start messing with "groups" of users. Permission to carry out a given action is implicitly denied as long as there's no checkmark in the corresponding Allow box .

If you want to deny any user access to your files particularly the self-explanatory "Everyone"highlight the username, and click the Remove button. Now, any user who is not expressly listed here (or included in any groups listed here) will not have access to your shared files.

When you're done, click OK. The changes take effect immediately and apply to the selected folder share, as well as to all subfolders and files contained therein.

Note: By adding someone else's username to the Permissions window, you can protect your data without handing over your username and password. If your PC is part of an NT domain (typical in a corporate environment), you can add users from your domain or even another domain by clicking the Locations button to change the scope of the user validation. But on a home network, you'll need to create a new user account on your PC (using the User Accounts control panel) before you can type it into the Permissions window .

LoneRanger · #**309** 06-07-2008, 05:17 PM

07 June 2008:

Share an Entire Drive

I looked at the Sharing tab for my C : drive, and the "Share this folder"
option is selected, meaning the drive is currently being shared. However, I don't see it in My Network Places . What's going on?

In Windows XP Professional (and Media Center Edition), all drives are shared automatically. For instance, the Sharing tab for drive C: on your PC probably looks like the one shown in Figure. (None of this applies to Windows XP Home.)

Microsoft calls this an administrative share , and it's enabled by default so that tools such as the Computer Management utility (accessed by going to Start --> Run and typing compmgmt.msc ) running on a remote computer can operate on your PC. The dollar sign at the end of the share name (e.g., C$ ) identifies it as a hidden share, which means it won't ever show up in My Network Places . All it takes to view a hidden share is to type the share name into Windows Explorer's address bar, like this:

\\mycomp\c$

In this example, mycomp is the name of your computer. Provided there aren't any password or permission restrictions, anyone can access the files in this shared folder as readily as any non-hidden share.

Warning: Yes, administrative shares indeed constitute a potential security risk, as they allow access to any files on your hard disk, whether they're in folders you've specifically shared or not.

Now, you can use these administrative shares to access your drives remotely, as explained earlier, but if you want to share your drive so that it shows up in My Network Places , just click the New Share button at the bottom of the window. In the New Share dialog box, type a share name (e.g., C ), set any permissions, and click OK.

Note: Concerned about security? Instead of sharing the entire drive, just share the individual folders you need to access across your network .

LoneRanger · #**310** 06-08-2008, 12:22 PM

08 June 2008:

List All Your Shared Folders

I know a folder is being shared when I see that little hand icon on top of the yellow folder icon. But all it takes is one forgotten share to leave my private files open to prying eyes. Can I get a comprehensive, reliable list of everything being shared on my PC?

You can simply open the My Network Places folder in Windows Explorer and navigate through Entire Network to find your PC and a list of all its shared resources, but this listing doesn't necessarily show everything that's being shared. Specifically, any hidden shares are, well, hidden.

To view all your network shares including the hidden ones select Start --> Run, type compmgmt.msc , and click OK to open the Computer Management tool. In the System Tools branch on the left, click the [+] icon next to Shared Folders to expand it, and then highlight the Shares folder, as shown in Figure.

Any share with a dollar sign at the end of its name (e.g., C$ ) is hidden. While hidden shares don't show up in My Network Places , you can access them just as readily as non-hidden shares.

From here, you can right-click any share and select Stop Sharing to turn it off, making this window a very convenient place to quickly tighten up security on your system. If you add or remove any shares in Windows Explorer, press the F5 key or click the Refresh button on the toolbar to update the list.

Although you can stop sharing any hidden share (such as C$ ) in this window, Windows will recreate all administrative shares the next time you start your computer, in effect sharing every file on your PC whether you want it to or not. To stop this from happening, see "Tomorrows Tip"

LoneRanger · #**311** 06-09-2008, 01:52 PM

09 June 2008:

Turn Off Administrative Shares

Windows insists on sharing my entire hard disk, despite the fact that I've only elected to share specific folders. What are administrative shares, and why can't I turn them off?

Hmm… it's almost as though Microsoft cares more about corporate strategy than the personal security of their customers. Funny, that.
If you're using Windows XP Professional (or Media Center Edition), your entire hard disk is indeed being shared on your network whether you like it or not.

If you open Windows Explorer, right-click drive C :, and select Sharing and Security, you'll see that the drive is already shared as C$ . This is called an administrative share , and although the $ suffix makes it hidden in My Network Places , users on your network can still browse the
share thereby gaining access to all the files on your drive by typing the following path into Windows Explorer's address bar:

\\mycomp\c$

where mycomp is the name of your PC. Combine this with the fact that user accounts don't have passwords by default, and you'll see how insecure Windows XP can be.

Administrative shares allow network administrators to install software, run Disk Defragmenter, or perform other maintenance on your PC remotely. But unless you're in a corporate environment, you have nothing to gain by leaving this back door open… and everything to lose.

To patch this hole, open the Registry Editor (go to Start --> Run and type regedit ), and navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\lanmanserver\parameters . In the right pane, double-click the AutoShareServer value, type 0 in the "Value data" field, and click OK. Then double-click the AutoShareWks value, type 0 in the "Value data" field, and click OK. Close the Registry Editor when you're done.

Next, go to Start --> Run, type compmgmt.msc , and click OK to open the Computer Management tool. In the System Tools branch on the left, click the [+] icon next to Shared Folders to expand it, and then highlight the Shares folder. To manually remove the administrative shares, right-click each one (e.g., C$, D$, E$ ) and select Stop Sharing. Go ahead and remove any hidden share (anything with a dollar sign in the name), with the following three exceptions:

IPC$ , which stands for Inter-Process Communication, is used for remote administration of your computer, something very few people need outside of a corporate environment. Although it has been proven that the IPC$ share can be exploited, the only way to disable it permanently is to turn off file sharing altogether. You can stop sharing IPC$ temporarily, but Windows will recreate the share the next time you restart.

print$ is used to exchange printer driver files when you share a printer. You should leave this share intact.

wwwroot$ will be present if Microsoft's Internet Information Server (IIS) software is installed. Leave this share intact if you want to use your computer as a web server or a web software development platform.

When you're done, restart your computer, and then reopen the Compute