Windows XP File Sharing Mysteries: Part 2
Pages: 1, 2
Looking Under The Hood
What really happens though when Bob and Alice run the Network Setup Wizard? Basically, in addition to the change in the UI (the new Sharing tab), there are also changes to his machine's configuration. These changes, of course, are stored in the Registry, and since Alice is curious to know exactly what's being changed, she does the following:
Before she runs the wizard, Alice takes a snapshot of her registry by opening Regedit and right-clicking the root node My Computer and selecting Export. She names the exported *.reg file before.reg and saves it in her My Documents folder (which is "Alice's Documents" in My Computer).
- She then runs the wizard, accepting the prompts exactly as Bob did, and reboots her machine afterward.
- She now takes another snapshot of her registry, names it after.reg, and saves it in the same location.
- Now she goes to the Microsoft Download Center and searches for "Windows XP SP2 Support Tools for Advanced Users," downloads these tools, and installs them on her machine.
- Once the tools have been installed on her machine, she clicks Start and then Run, types "windiff", and clicks OK. This starts WinDiff, a tool you can use to compare two versions of a text file to find their differences.
- From WinDiff's File Menu, Alice selects Compare Files and opens before.reg, followed by after.reg. Then she double-clicks on the file displayed in the WinDiff window to perform a line-by-line comparison of the two *.reg files.
Once WinDiff is finished comparing the files, the result looks something like Figure 4.
The lines highlighted in yellow are new to the second (after) file and were not present in the first (before) file. Similarly, lines highlighted in red are present in the first (before) file but not in the second (after) file. Pressing
F8 will jump ahead to the next difference, while
F7 will display the previous one.
F8 many times, Alice finally finds a registry key that looks like it may have something to do with file sharing (Figure 5):
Alice notes that WinDiff indicates that running the Network Setup Wizard on her machine has created a new registry value named
SharedDocs under the
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares key. While the information stored in the registry value looks like gibberish, this is just a limitation of how WinDiff interprets Unicode text data. If Alice opens Registry Editor (
regedit.exe) and finds this value, it looks like Figure 6.
This registry value is of the type
REG_MULTI_SZ (multi-string), and if she double-clicks on this value it looks like Figure 7.
Figure 7. The value of the
REG_MULTI_SZ registry value named
Aha, now she's getting somewhere. This is obviously the registry setting for her Shared Documents folder that has been shared on the network as
SharedDocs, and a search of the Microsoft Knowledge Base brings up this article concerning the
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares key, which explains how to export this key to be able to recreate your shares on a different machine.
Where to Go from Here
At this point, Alice looks for more documentation on the
LanmanServer\Shares key and its possible data values of its multi-string registry values. Unfortunately there's not much public documentation available on this. So she's tempted to start playing around a bit: What happens if I change
CSCFlags from 0 to 1? What happens if I change
Permissions from 0 to 1? What happens if I change
Type from 0 to 1?
Well, remember that you shouldn't go around making changes to your registry unless you know what you're doing. In fact, when Alice tried indiscriminately changing some of these values, at one point, when she started her system and her network connection was being initialized, an error message appeared saying "The system process C:\WINNT\SYSTEM32\SERVICES.EXE terminated unexpectedly with status code 128. The system will shut down and restart," and her machine got into an endless reboot cycle. Booting to Safe Mode let her change these values back to their original settings, though, and that got her out of the mess she found herself in!
Of course, an experienced admin might be able to guess what these values mean. For example, the
CSCFlags data value is particularly interesting because it sounds cryptic, but in fact it's kind of obvious--it controls the client-side caching setting for the share. One (unofficial) source I found indicates that the UI settings for client-side caching (found on the Sharing tab only when Simple File Sharing has been disabled--I'll talk about that in a future article) correspond to
CDCFlags values as follows:
||Client-side caching setting in the UI|
|0||Manual caching for documents|
|16||Automatic caching for documents|
|32||Automatic caching of programs and documents|
Of course, it's easy to verify if these values are correct--you simply change the client-side caching settings for the share and see what effect this has on your registry value. I'll leave it to the reader at this point to explore this further and determine what
Type mean and what possible values they can have.
Path, of course, is obvious, since it's the path to the folder being shared.
Return to the Windows DevCenter.