Add/Modify a Share Control Policy

This function allows you to add or modify a share control policy.

Configuration Procedure

Ether the share control management page in either method:
Method 1: Select the User tab. Click the User Security Policy/Quick Start link on the page, and then click Share Control at the function description part.
Method 2: Select the User tab, and then select User Security Policy > Share Control from the navigation tree.
Click the Add button or the icon of a share control policy.
Configure the basic information of the share control policy and select the default action.
Click OK.

Allow Share: Select this option to allow terminals to share folders. Printer shares and IPC shares are excluded.
Forbid Windows XP Simple Share: Select this option to forbid Windows XP terminals to enable simple share. By default, simple share is enabled in an XP operating system. In simple share mode, a terminal allows other terminals to access its shared folders without entering the password. Security of this mode is very low.
Forbid Default Share: Select this option to forbid terminals to enable default share. By default, a Windows operating system enables default share for all logical disks. For example, to manage disk C of the system, other terminals only need to access \\host name\C$ and provide the administrator username and password. Default share is used to manage an entire disk remotely and also lacks of security.
Service Group: Specify the service group to which the share control policy belongs. Administrators or maintainers can add a share control policy to their associated service groups.
Default Action for Check Failure: Default action for check failure in the security level of the new share control.

When modifying a share control policy, you are not allowed to modify the name or service group.
You can specify not to share files with groups or users configured in the text box. The user groups or user names should be one per line. For domain users, you need to specify the user names in the format of domain name\user name. The system will check the user names in exact match mode. For instance, if you type test in the Exclude Groups or Users from Sharing text box, a terminal will not allow local user test or any user in any domain whose user name is test to access its share resources. If you type region\test, a terminal will not allow user test in domain region to access its share resources, but it will allow user test in another domain or local user test to do so.
The share check result can contain names of user groups starting with BUILTIN\, which indicate the user groups predefined in the operating system in the format of host name\user group.
The group or user name with sharing forbidden is that defined for permission control in Windows advanced sharing settings.