oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button

Windows XP File Sharing Mysteries: Part 2
Pages: 1, 2

Looking Under The Hood

What really happens though when Bob and Alice run the Network Setup Wizard? Basically, in addition to the change in the UI (the new Sharing tab), there are also changes to his machine's configuration. These changes, of course, are stored in the Registry, and since Alice is curious to know exactly what's being changed, she does the following:

Before she runs the wizard, Alice takes a snapshot of her registry by opening Regedit and right-clicking the root node My Computer and selecting Export. She names the exported *.reg file before.reg and saves it in her My Documents folder (which is "Alice's Documents" in My Computer).

  1. She then runs the wizard, accepting the prompts exactly as Bob did, and reboots her machine afterward.
  2. She now takes another snapshot of her registry, names it after.reg, and saves it in the same location.
  3. Now she goes to the Microsoft Download Center and searches for "Windows XP SP2 Support Tools for Advanced Users," downloads these tools, and installs them on her machine.
  4. Once the tools have been installed on her machine, she clicks Start and then Run, types "windiff", and clicks OK. This starts WinDiff, a tool you can use to compare two versions of a text file to find their differences.
  5. From WinDiff's File Menu, Alice selects Compare Files and opens before.reg, followed by after.reg. Then she double-clicks on the file displayed in the WinDiff window to perform a line-by-line comparison of the two *.reg files.

Once WinDiff is finished comparing the files, the result looks something like Figure 4.

Thumbnail, click for full-size image.
Figure 4. Changes to the Registry as a result of running the Network Setup Wizard. (Click for full-size image)

The lines highlighted in yellow are new to the second (after) file and were not present in the first (before) file. Similarly, lines highlighted in red are present in the first (before) file but not in the second (after) file. Pressing F8 will jump ahead to the next difference, while F7 will display the previous one.

After pressing F8 many times, Alice finally finds a registry key that looks like it may have something to do with file sharing (Figure 5):

Thumbnail, click for full-size image.
Figure 5. Changes to HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares (Click for full-size image)

Alice notes that WinDiff indicates that running the Network Setup Wizard on her machine has created a new registry value named SharedDocs under the HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares key. While the information stored in the registry value looks like gibberish, this is just a limitation of how WinDiff interprets Unicode text data. If Alice opens Registry Editor (regedit.exe) and finds this value, it looks like Figure 6.

Thumbnail, click for full-size image.
Figure 6. The SharedDocs registry value created by running the Network Setup Wizard on Alice's machine. (Click for full-size image)

This registry value is of the type REG_MULTI_SZ (multi-string), and if she double-clicks on this value it looks like Figure 7.

Figure 7
Figure 7. The value of the REG_MULTI_SZ registry value named SharedDocs

Aha, now she's getting somewhere. This is obviously the registry setting for her Shared Documents folder that has been shared on the network as SharedDocs, and a search of the Microsoft Knowledge Base brings up this article concerning the HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares key, which explains how to export this key to be able to recreate your shares on a different machine.

Where to Go from Here

At this point, Alice looks for more documentation on the LanmanServer\Shares key and its possible data values of its multi-string registry values. Unfortunately there's not much public documentation available on this. So she's tempted to start playing around a bit: What happens if I change CSCFlags from 0 to 1? What happens if I change Permissions from 0 to 1? What happens if I change Type from 0 to 1?

Well, remember that you shouldn't go around making changes to your registry unless you know what you're doing. In fact, when Alice tried indiscriminately changing some of these values, at one point, when she started her system and her network connection was being initialized, an error message appeared saying "The system process C:\WINNT\SYSTEM32\SERVICES.EXE terminated unexpectedly with status code 128. The system will shut down and restart," and her machine got into an endless reboot cycle. Booting to Safe Mode let her change these values back to their original settings, though, and that got her out of the mess she found herself in!

Of course, an experienced admin might be able to guess what these values mean. For example, the CSCFlags data value is particularly interesting because it sounds cryptic, but in fact it's kind of obvious--it controls the client-side caching setting for the share. One (unofficial) source I found indicates that the UI settings for client-side caching (found on the Sharing tab only when Simple File Sharing has been disabled--I'll talk about that in a future article) correspond to CDCFlags values as follows:

CSCFlag value Client-side caching setting in the UI
0 Manual caching for documents
16 Automatic caching for documents
32 Automatic caching of programs and documents
48 Disabled

Of course, it's easy to verify if these values are correct--you simply change the client-side caching settings for the share and see what effect this has on your registry value. I'll leave it to the reader at this point to explore this further and determine what MaxUsers, Permissions, Remark, and Type mean and what possible values they can have. Path, of course, is obvious, since it's the path to the folder being shared.

Mitch Tulloch is the author of Windows 2000 Administration in a Nutshell, Windows Server 2003 in a Nutshell, and Windows Server Hacks.

Return to the Windows DevCenter.