coreyb
Wed Apr 27 22:28:01 CDT 2005
There were actually a HUGE number of changes in the file server between 4.2
and 5.0. Very close to entire re-write of the server. The 4.2 server was
similar to a Win 9x server. Very little authentication, always viewed as a
downlevel, and performance was significantly weaker. In 5.0 the server is
much more like a Win XP server. We added support for Read Only file
shares, added support for more SMBs to improve the Windows XP -> Windows CE
user experience, and did a lot of work surrounding stability. I have a CE
file server running in my home office that's been on for over a year.
The server was definitely locked down more by default to ensure that it
gets used in the most secure manner. We didn't want everyone just
disabling authentication and sharing all the files on the OS, as that poses
a serious security risk to the end-user. We also wanted the ability to
restrict the file server to particular network cards. For example, I want
my file server available on my private wired network, but not over my WiFi
card which can be seen outside my house.
"Think of a washing machine where you have to enter a user name and password
to use it.
Now think of one where you have to do that every time you turn it on :("
Now think about an internet trojan that turns on your washing machine and
never lets you turn it off. Or wipes all the contacts off your phone. Or
replaces all the pictures in your electronic picture frame with
pornography/advertisements.
I'm not sure why I would share files on my washing machine but I am sure
that if I did so, I would want someone to authenticate before being allowed
to change them.
Now that said, there is a HowTo document that walks you step-by-step
through creating a file share:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wcecomm5/ht
ml/wce50tsktestingfileserver.asp. Note: the doc says you should use IE on
the local device to configure the server, but you don't need to. You can
simply use "ipconfig /d" to get the machine's ip address in the debug
output of Platform Builder or a Network Sniffer and then browse to
http://<IP Addr>/remoteadmin from a desktop pc.
Note that under the AdapterList documentation it mentions that "*" can used
to serve on all adapters. Docs here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wcecomm5/ht
ml/wce50consmbserverregistrysettings.asp
To get the regkeys you need, you can use the ISAPI configuration tool
described in the doc, and then copy out all the keys under
HKLM\Services\SMBServer and HKLM\Ident. Some examples below (Note the
location of the AdapterList value):
[HKEY_LOCAL_MACHINE\Services\SMBServer]
"AdapterList"="*"
"DLL"="smbserver.dll"
"Keep"=dword:1
"Order"=dword:12
"Prefix"="SMB"
"Index"=dword:0
[HKEY_LOCAL_MACHINE\Services\SMBServer\Shares\MyShare]
"UserList"="ADMIN"
"Path"="\Temp"
"Type"=dword:0
[HKEY_LOCAL_MACHINE\Ident]
"Name"="TestCEName"
"OrigName"="WindowsCE"
"Desc"="WindowsCE Device"
If you still want to disable authentication because it doesn't make sense
for your scenario, we've left that option available. The UseAuthentication
registry value replaced the NoSecurity value and you can set:
[HKEY_LOCAL_MACHINE\Services\SMBServer\Shares]
"UseAuthentication"=dword:0
Don't forget that you need to refresh the SMB Service after you make
registry changes to get the service to reload the settings. From PB you
can do this with "Windows CE>s services -d refresh SMB0:"
***** BIG NOTE ******
I tried out UseAuthentication==0 just to make sure it was still working,
and it wasn't. I believe this is due to a change that was made between 4.2
and 5.0 as we attempted to better support XP clients with SPNEGO
authentication. Please work with PSS (Product Support Services) and they
can start a process to get you a QFE fix for Windows CE 5.0.
I would like to apologize that this feature is not functioning as you would
expect. I will work to ensure that our tests better catch this scenario in
the future.
-Corey Burke
Windows CE Networking QA Team