Quote from: M3ta7h3adYou can get VPN to work from HOME?! blimey! Ive never got that working.

And beaker, you can connect to terminal services, but you cant use terminal services on the home machine.

I.E. you cant access home remotely. It also wont work on domains

That is semi-true.  Ive seen the hack involving the 2k3 disk and XP Home.  Just trying to remember where ive seen it.  Still not fully functioning, but should work ok.  

Yeah sorry, I mustnt have worded that very well.

I am trying to connect to TS/RD over VPN.

I am about 95% convinced that I am going to have to buy Pro.

http://ultravnc.sourceforge.net/

tried that?  Supposed to be ok, though ive never used it myself.  

Yeah, Ive got TightVNC on there for now but it means installing the client on the machines I want to remote from.

The biggest draw back is the lack of proper security on file shares and there appears to be nothing I can do about that

Theres always an FTP server if you want proper control over the access rights.

Not ideal, but tolerable if you get one that allows access through a nice web interface or similar.

Thats not a bad idea but somewhat limiting in the way I would like to share the files. It would mean that anything I want to share with permissions above "read-only" would have to go through the FTP server. Which really means that just my MP3 and TV stuff would be avaliable on windows shares :s

I cannot express in words how much I am ranting about the sh*tness of XP Home ! *rar*

What was I thinking ? And why oh why didnt I do some research first ?


And WHY OH WHY DID I STICK THE DAMN LICENSE STICKER ON THE PC !!!

Ã,£90 freaking quid ffs :s

http://www.ebuyer.com/UK/product/97544/rb/20863226916

Hmmm, I am looking at Windows Media Center 2005 now...

I have just stuck it on a VM and it appears to have all the features of XP Pro except the domain stuff; gpedit and a like.

Its Ã,£20 cheaper than Pro and more suited to one of the reasons for my new machine; delivering content to my 360 !

http://www.ebuyer.com/UK/product/114051

The "Everyone" group does NOT include the Guest account.

Something you should be aware of

Youre quite right but on XP Home it makes little difference as it appears that in order to share a folder in XP Home either the Guest Account or the Everyone group must have access at least read permission on the folder being shared.

The most annoying thing is that the ForceGuest policy setting is ignored, so all network connections are always authenticated as a Guest user. Therefore to access a network resource the Guest (or Everyone Group) account must have access to the shared resource.

You cannot even use specific NTFS File Permissions to override the Share Level permissions. As soon as you remove "Everyone"s permissions from an object you can no longer access it over the network. Regards of whether you have 2 identical User/Password accounts setup between the 2 PCs.

This carries even when the item is within a shared folder. i.e.

PC1 has an user account of "Dave", password "bob".
PC2 has an user account of "Dave, password "bob".

On PC1 a Folder "A" is Shared as "Read-only" on the network tab. By default the "Everyone" group is granted  NTFS Read permissions. In addition I grate "Dave" read permissions.
I create a subfolder within "A", folder "B" and by default it inherits its permissions from folder "A".  

I then access both folder "A" and folder "B" from the "Dave" account on PC2.

As expected everything is fine and I can browse both directories and their contents...

I then decide that I dont want "Everyone" having access to subfolder "B", so I revoke the NTFS read rights of "Everyone" on "B". So in theory, "B" will still be visible to "Everyone" as a folder within "A" but only the "Dave" account has access to read folder "B". Folder "B" should no longer be accessible to Joe Bloggs on PCWhatever.

Guess what? Not only can Joe Bloggs no longer access folder "B" but neither can the "Dave" account on "PC2". Thats the "Dave" account who has been given explicit read permission to the folder !

And so that is why, on XP Home, the Everyone and Guest account are one in the same.

Oh...

I have just finished trying to use the NTRights.exe app that is part of the Win2k3 Resource Kit to see if I could force the Network Logon rights under the bonnet. But alas, between me not really knowing what the hell goes on under the bonnet and the help file not really helping, it didnt happen

http://www.ss64.com/nt/ntrights.html

Its worth noting that on XP Home the ntrights.exe commands fail if "ForceGuest" has been disabled in the registry !

I should add, just for anyone who was reading this in the hope of finding a solution that there is really only one thing you can do to secure shares within XP Home and that is to change the Guest account password.

To change the Guest account password do the following:

Open a command prompt (Start->Run->cmd)
type: net user Guest

Once you have done that, anyone trying to access a share will be prompted to enter the Guest account password. If they know it theyll have access to all of your shares, if they don;t know it then they cannot get in.

This is useless to me as I have devices on the network that need to access the share and they do not allow me to specify a password.

To set the password back to blank, do the same but use "" for the password. Thats a set of empty double quotes.