“Users” folder shared with everyone

Posted on

QUESTION :

Today I found something strange on my newly installed Windows 7 OS – my “users” folder C:Users was shared and “Everyone” had full access… I disabled that and now it seems fine, however I’m a bit scared actually, I’d like to know what caused that and if my system is compromised.

ANSWER :

There is a known phenomena that shares the entire users folder, related to public folder sharing. see a description here: http://scottiestech.info/2009/09/25/windows-7-file-sharing-fixing-the-entire-user-directory-shared-problem/

Please note however, that share permissions stack on top of disk permissions, so if your user profile does not allow Everyone Full Control, then the share permissions don’t override that. in fact MS recommends that all shares use permissions of Everyone Full Control, and that the folders shared implement actual permissions.

The reason is that backing up a disk or rebuilding your OS preserves file system permissions, but not shares/share permissions, so if you put all your ACL logic in the share, and the share is lost, the permissions are lost with it, and your users will end up with more access than they should.

I know seeing a folder with share permissions of Everyone Full control is scary, but its probably not that bad unless you have opened up the permissions on your account folders.

info on how to configure public folder sharing in win7 here:
http://howtech.tv/basics/how-to-do-public-folder-sharing-in-windows-7/

Here is the official word from Microsoft TechNet, The C:Users folder is shared when any sub folders from C:Users<username> is shared. The article is stale and mostly unhelpful, but worth knowing to complete the story.

In addition to Frank’s answer, if you need to remove the share, go to Control Panel > Folder Options > View tab. Scroll down to the bottom and uncheck “Use Sharing Wizard (Recommended)”. Then remove the share on Users folder.

Leave a Reply

Your email address will not be published.