HomeGroup = major security flaw in Windows 7
This document here: http://www.microsoft.com/DOWNLOADS/details.aspx?familyid=80B1AA5D-1B5A-4447-8036-ACC918BA7AF2&displaylang=en states that HomeGroup shared files can be accessed by older OSes using standard file sharing and shows how to do that. I've followed the exact step but when I share for example, some pictures from the Pictures library using HomeGroup on my Windows 7 computer, my entire users folder is shared/made available on the home network and accessible using any XP or Vista computer in the workgroup. I only want specific pictures or only those files I shared thru HomeGroup to be shared, but my entire user profile folder (%Userprofile%) gets shared. If this is a bug, this poses a privacy risk because files I don't want to be shared are also being shared.A Google search for: HomeGroup "users folder" (http://www.google.com/search?q=HomeGroup+%22users+folder%22&rls=com.microsoft:en-us:IE-SearchBox&ie=UTF-8&oe=UTF-8&sourceid=ie7&rlz=1I7GGIH_en)confirms this serious security/privacy risk in Windows 7 RTM.
October 27th, 2009 2:50pm

The problem has existed since Vista. It's not specific to Homegroups. In Vista and Windows 7 if you share any folder in a user's profile the whole user tree is shared. Yes, I agree, it's a serious security flaw. The folders are somewhat locked down with the default ACLs but many people don't use passwords and have very relaxed security. For small businesses this can be a big problem. Many accounting programs store data files in the user's profile, as they should by default. If a different user on the computer shares a folder suddenly the accounting data may be available to anyone on the network. When I bugged this I was told it was by design and would not be changed.Kerry Brown MS-MVP - Windows Desktop Experience
Free Windows Admin Tool Kit Click here and download it now
October 27th, 2009 4:54pm

As Kerry said, the symptom was by default since Windows Vista. To avoid the security factor, you can create a password on each profile on Windows 7 machine or share the pictures on another folder.Thanks,Novak
October 28th, 2009 5:45am

Of what use is setting a password if read+write permissions are given to "everyone"? The permissions need to be given to "Authenticated users".Anonymuos
Free Windows Admin Tool Kit Click here and download it now
March 10th, 2010 3:27pm

Holy ____. But on Vista/7, this only happens if using the Sharing Wizard. But you can use "Advanced Sharing" to share exactly as you want. But with HomeGroup, there is no advanced sharing. Once you share anything through HomeGroup, it's shared to Everyone on the network with Write permissions. EPIC FAIL.Anonymuos
August 9th, 2010 10:18pm

YOu have to remember that Share Permissions and NTFS Permissions combine to give you the effective permission. So if "Everyone" has full access to share C:/Users it doesn't really mean that they have full control permission on all files in Users directory, the local ACL/NFTS permissions further restrict access to files/folders same way as if you were accessing locally. When joining a Homegroup, Windows 7 automatically gives "Everyone" user group full control (read and write) ACL to share C:\Users but your files are still protected by local NFTS ACL permissions that you find under "Security" tab. "Therefore due to the Most Restrictive evaluation, the easiest way to set permissions is to provide the Users (preferably by Groups), Full Control on the Share side, but lock it down on the NTFS side (Security Tab). It works nicely, all the time, and is easier to document and keep track." Source: http://msmvps.com/blogs/acefekay/archive/2011/02/04/share-permissions-and-ntfs-permissions-folder-access-control-amp-folder-permissions.aspx
Free Windows Admin Tool Kit Click here and download it now
July 13th, 2011 4:30pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics