Sharing Files in Vista?
Why You Might Want to Try Network Magic



By Steve Kelly

Have we finally reached that point in computing history where computers and lots of other devices simply connected with some wires or, through the magic of physics, radio waves just share information? Does this have to be hard?

The good news is that file and printer sharing can be easy. With Network Magic; file and printer sharing are as easy as simply clicking a button in a friendly, easy to use, well thought out interface. If you want to learn more about how to share files quickly and easily, visit www.networkmagic.com

If you want to learn more about sharing files and printers in Vista without Network Magic, read on...

Surely, after years of development and billions of dollars in development costs, Vista simplifies something that is becoming as basic as sharing an mp3 file between two computers. After all, I really want to check out that new unplugged Korn song my kids like so much.

Vista has finally made this easy...right? To borrow a line from one of my favorite commercials, "You're coming to a sad realization. Permit or deny?"

The sad realization is that something as simple as sharing a file is still nowhere near as simple in the out of the box Vista experience as it should be. Particularly for someone who doesn't live and breathe networking or even own a costume for their favorite character in Star Wars. It's almost as though no one bothered to look at the experience from the standpoint of a neophyte user and validate that the experience flows from start to finish in a way that makes sense. There are places where it's not even close.

Let's walk through the process of sharing out a folder on Vista. In preparing for this article, I configured a computer with a fresh version of Vista Business Edition. The computer is not logged on to a domain. It has two local user accounts, one is called "mehome." There is another local user account on my hypothetical laptop, but for purposes of this discussion I'll be using "mehome." Both accounts are configured as administrator. This is probably not best practice, however, it is quite plausible and anyway, I'm sure User Account Control fixes all the related problems.

A reasonable scenario to consider is bringing this laptop home, sharing a directory containing some documents and editing those documents on another computer at home.
It only took one sentence to describe the scenario so it can't be that hard, right?

I want to edit "workstuff.doc" in the directory "c:\users\mehome\documents\stuff2".
So I use Explorer to browse to the appropriate directory.



This is easy enough, now I right-click stuff and select "Share..." I see the following:



Simple enough, now I click Share. We click Share and after clicking continue on the User Account Control prompt, our file should be shared. Public comments from at least one technical fellow at Microsoft not withstanding, UAC probably serves some purpose but the pop-ups sure get annoying.



Great! My folder is shared. This is where things start to get interesting. If you're reading this and you eschew those idiotic GUI's in favor of the command prompt, try for the moment to put yourself in the perspective of a neophyte user. I love my wife dearly and she's a smart woman, but it took me darn near 10 years to get her to the point where she sort of understands directory hierarchies. After all she asks; "If it's like a tree and my pictures are like leaves then shouldn't they be green?" Good question on her part, but I digress.

Try to keep yourself in this mindset as you go through these steps and imagine how easily a user could become confused if they barely understand what a directory hierarchy is.

Take a look at what was actually shared and the path that you can e-mail around or copy to "any program you choose" on the local computer (I'm still not exactly sure how that helps you use the share on another computer.) This seems to imply that for a remote computer to use the share, they need to enter the path

\\CJVISTABIZ-PC\users\mehome\documents\stuff2.

Why wouldn't it just be \\CJVISTABIZ-PC\stuff2? If we go out to the command prompt and type net share, here's what we see:



Wait a tick...it shared "c:\users". That at least seems a little odd.

Now I'll go over to my other computer running Vista and try to access my files. I click the Network link from the start menu and it opens up the dialog that follows showing the computers in my workgroup. I see my computer CJVISTABIZ-PC and double click it. I'm presented with a dialog to enter my credentials for that computer. I know an account on that computer, so I enter the credentials and I'm off and running.



Here's what we see:



This is what you would expect since c:\users was shared from CJVISTABIZ-PC. To be fair, the entirety of c:\users has NOT been shared. If I double click on Users here, all I will see is the "mehome" subdirectory and everything beneath it. In fact there are other directories under c:\users that I cannot see since I authenticated as "mehome".

However, there is an interesting side effect of the fact that it was not the subdirectory you specified, but c:\users that was actually shared. There is another user account on CJVISTABIZ-PC. If I use those credentials instead when prompted as I was before, this is what I see:



Notice that I now see the cjvistabiz subdirectory under c:\users. Granted, I have entered valid credentials that would enable me to access this directory. However, I NEVER shared that directory.

A reasonable counter-argument at this juncture is to point out that while all this is well and good, it's not really that big a deal since I do, in fact, need valid credentials to do any of this. This is true in the world of a security wonk. However, let's think about some real world scenarios that might arise in practice.

What if you want to share a file in the "stuff2" directory with a colleague at work or with your kid? There are a couple options. One is that Vista could have just shared the folder you selected to share and made it easy to specify that you want anyone to be able to read from it. Now I'm just being ridiculous so we'll move on.

Another option is to create an account for them on your machine. That's not a bad option. In the File Sharing dialog, just add that user name to the list of folks who may access the share and you'll be good to go...maybe. As it turns out, there are a couple pitfalls in this method that could send the user to the nearest Mac Store.

Yet another scenario is that you just tell your colleague or kid your username and password. Admittedly it goes against the grain of every security best practice known to mankind. Would someone be so wantonly heedless of the dictates of good security that they would do this? You know the answer is yes! Like the bartender who simply serves the drunk who careens into a tree on the way home from the tavern, Vista isn't responsible for irresponsible behavior. It does, however, create an environment where it's a reasonable outcome.

Now, might there be something in the entirety of your c:\users\mehome directory you don't want your colleague or kid to see? Would our neophyte user understand that they actually shared out the entirety of their c:\users\mehome folder? Would a lot of grief have been saved simply by sharing out the folder you thought you were sharing out?

So how about the first option? We could create a user account for the user. If we go back and look at the File Sharing screen and ACTUALLY read it we see there are some options here.

Side note: If you've ever watched a software usability test, I feel well within the boundaries of truth when I say that users don't actually read much of anything.

Here's the screen:



It says "Choose people to share with" right there in the title so maybe I could just handle my colleague here.

If I click on the arrow of the combo box next to the add button I see the following:



Now we're getting somewhere, I'll add everyone. I do that and click Share. I confirm the UAC prompt and we're good to go. Just as before, if I type "net share" at the command prompt, I see that the c:\users directory has been shared.

At least now my colleague can access the share without violating any laws of security. So I go over to my other Vista PC, click the "Network" button from the start menu and double click CJVISTABIZ-PC. Here's what we get:



Me: Okay, I shared the directory; you should be good to go.
Colleague in HR: "Hey, I need a username and password. What's yours? I want to see what you keep in your users directory. Especially in the Pictures folder."

Okay, how about that option where we create a new user account. Let's return once again to the file sharing screen and the pull-down where we added "Everyone."



Well there it is right there, "Create a new user..." When you choose that item you get the following:



EUREKA! I finally found it. "Turn User Account Control on or off." Wait...sorry...different topic.

Excuse me while I climb back up on my soap box...there, that's better. "WHAT ABOUT THE NEOPHYTE?" You know who I'm talking about. All those people who call you when they can't make something work that ought to be relatively simple. That's who I'm talking about. When they click "Create a new user..." is this what they expect to see?

Let's just make the leap and assume that through the process of elimination they figure out that "Manage another account" is probably the best place they could go since they selected "Create a new user..." and wound up here.

So they click that link and, assuming they didn't go turn UAC off, confirm the UAC prompt. They see the following:



Well, I'll admit that even my mom could probably figure out how to create that new account now that we've gotten her this far. With great trepidation I click on "Create a new account" having no idea where it's likely to go. Great! It does what you would expect and brings up a simple dialog where I just type the new user's name and I'm off and running.



I name my new account HRColleague and click "Create Account." Voila...new account. Hmmm...I wonder what his password is?

Anyway, we're off and running. Even though the share is c:\users, my friend in HR only has access to files that are in the share directory, c:\users\mehome\documents\stuff2. So now let's watch our colleague access the share using their brand new user account. After all, our neophyte probably pulled a few hairs out along the way and they're excited to go have their colleague use that new account.

Our colleague clicks the Network link from the Start Menu. They double click on CJVISTABIZ-PC and enter their credentials, blank password and all.



Now you have a couple options when your friend in HR IM's you and says simply "It didn't work."

You can interrupt that scintillating article you're reading about Anna Nicole, go down to your friend's office and try to debug the problem.

You can respond to your friend "bummer" and continue reading.

But our neophyte is the responsible sort and he goes to help his friend. Remember, you're in the shoes of a technology neophyte, not the expert you are. Forget about the neophyte, how many users, given only a local user account name know how to go change the password for that user? I guess it's easy enough to:



At the risk of being a little ridiculous again; Couldn't, just maybe, the system have known you were creating a new user in response to clicking on "Create a new user..." in a dialog where the express purpose was to create a user for sharing files over the network. Given that useful context, couldn't the system have enabled the user to be successful by making sure the new user account...oh...I don't know....had a password?

At any rate, let's assume our neophyte follows the script above and gives their HR colleague a password.

Success at last! This even appears to be a pretty good option, if not a little confusing. If my friend in HR now tries to access the share by navigating through the Network option in the start menu, he still ends up at c:\users\mehome. However, they do not see anything in any of the subdirectories except for "stuff2", so this does appear to have accomplished the desired effect.

Well That Was Easy. Let's Stop Sharing Now

The process just illustrated is somewhat daunting to say the least. It's completely possible the user may never actually get to the point where they share a file successfully. So maybe, they do the unthinkable, follow the path of least resistance and just give their colleague their username and password.

After all, they can just stop sharing as soon as the file is copied so it's not that big a deal. Maybe.

So let's assume that we've shared out c:\users\mehome\documents\stuff2 for just the "mehome" user. Now neo's buddy in HR copies the file and we just stop sharing the folder. We navigate down to c:\users\mehome\documents and right click on "stuff2". There's nothing called "Stop Sharing" so I can probably do this by selecting "Share..." We'll make a leap and assume that our neophyte makes this logical jump. Here's what we get:



Hmmm...that doesn't look like what I want. Here are the exact sequences of steps I followed:

This is the dialog I see...now. In the interest of being honest, I have to admit that at some point today I saw it come up with a dialog that said "Change Sharing Options" and "Stop Sharing". So being a developer, I wanted to diagnose the problem. I rebooted both machines and shared the directory. Except this time, I never access it. Immediately attempt to remove the share by clicking "Share..." I got the same dialog as above.

No doubt there is someone at Microsoft who can explain why this happens. There's probably also someone who can explain why when creating a user from a context that clearly requires that user to have a password, they don't provide the option to enter a password. At any rate, I can say for a certainty that in trying to examine the experience a neophyte might encounter, this is what I'm seeing.

We've all been trained that there's a lot we can do by right clicking on something and looking at its properties. So we'll do that for c:\users\mehome\documents\stuff2. We click the sharing tab and here's what we see:



"Not Shared". Didn't I share this directory? As we've seen earlier, we didn't actually share this directory, we shared c:\users so while this is technically accurate, it is confusing to the point of incredulity.

What's the neophyte to do? I know there are options here, but once again, put yourself in the shoes of that person who calls you for tech support. Do they know that they can go to the command prompt and type "net share c:\users /d"?

We'll leave that alone for the time being since there is another option. Let's assume that our intrepid neophyte intuits from the file share they were given when they clicked "Share" that they might be able to stop sharing by right clicking on the c:\users directory. I'd argue that's a bit of a leap, but let's go with it.

Let's go back and right click on c:\users. This is what we get (after they click on the "Sharing" tab when the dialog comes up):



Great. It's pretty clear from this dialog where you go to stop sharing the directory you originally shared as c:\users\mehome\documents\stuff2.

Once again, we'll make a leap and assume that the neophyte clicks on "Advanced Sharing..." even though there is no text that indicates this would have anything whatsoever to do with no longer sharing a directory. Did I mention that we originally shared c:\users\mehome\documents\stuff2 and we right clicked c:\users to get here because there was no other way to stop sharing the directory?

Okay, so we click "Advanced Sharing..." and press Confirm on the UAC prompt. We get this dialog:



It's pretty obvious that we can stop sharing this folder by removing the check from "Share this folder". I'd argue that it's unlikely the neophyte would ever get here, but at least once they're here they can figure out what to do. Okay, so the directory is no longer shared and we're safe even though we let that guy in HR have our credentials.

Conclusion:

Isn't it great that Vista has finally made networking so easy?