Before you start sharing resources on your Vista workstations, you should do a little pre-planning. The last thing you want to do is allow everyone access to everything. Although that may sound very democratic, it is an invitation to disaster. Nosy users on the network will quickly start looking at things they shouldn’t. All it takes is one disgruntled user to destroy or share important company data with competitors.

Properly configuring sharing permissions become more complicated as your network grows and as you want to grant resource access to more users. In an environment without a centralized server to store user ID and password information, each individual Vista workstation stores authentication information. Therefore, as you can imagine, as the number of users who want to share and have access to data grows, your administration duties grow almost exponentially.

Unfortunately, in a non-centralized networking environment, there is no easy way to coordinate password changes. Therefore, if a user changes their logon password on one Vista workstation, the user must also change their password on every Vista workstation on which they are accessing shared files. Either that or when they reconnect to the workstation, they must remember their old password.

Therefore, when planning to share resources, you should start by figuring out who needs access to what, and what kind of access they need. Even if you do not have a centralized server, you should try to centralize file access as much as possible. If one user has a powerful machine and does not use it too much, you may be able to use it as a pseudo-server of sorts. That will make it easier to administer user IDs, passwords, and permissions.

When it comes to identifying the required permissions, only grant the basic permissions that users need. Do not automatically grant users Full Control at the root of a shared drive. Because of inheritance, doing such a thing may create unwanted rights to subdirectories where you do not want users going. Instead, create multiple shares, sharing and granting permissions at the folder level.