Main PC Data Files Visible on Laptop

Topic

New Reply

Greetings All-

I think the thing I understand the least about Windows is networking.  Here goes.  I keep all my data files on my main PC.  They are located primarily on a single SSD drive and backed up to two separate spinning platter drives, E, F, & J respectively.  I have a few of these files (very few) also stored on my laptop. None of these being even remotely sensitive.  Recently I noticed on my laptop in Explorer, all three (and only those three) data drives listed under Network.  I can now open any of these data files on my laptop.  This is a very recent system change, one that I do not want.  My main PC is connected to the router via ethernet, and my laptop is connected via wireless.  My PC has WIN 10 Pro 22H2, and my laptop has WIN 11 Home 21H2, both with March updates.  I have some file sharing enabled as the three user accounts on my main PC all have access to and share the three data drives.  Up until recently (I think), the sharing did not include other computers.  As always, any insights woulkd be appreciated.  Thanks.

Casey H.

Reply | Quote

Replies

You shouldn’t need to enable Windows file sharing in order to access files on local drives E, F & J.

I have file sharing turned off here now, so do not have recent experience with its specifics, but file sharing typically enables other computers on your network to access local files.

Windows 10 Pro 22H2

1 user thanked author for this post.

Casey H

Reply | Quote

When I built this PC back in 2020, I found that with permissions set to all, it was still necessary in order for each user to access the data drives.  What surprises me is that this condition has only recently surfaced.  The PC files have never been visible before, and so I’m wondering what took place.

Casey

Reply | Quote

Here is a basic tutorial about file and folder sharing over a local network in Windows 10. Maybe by walking through this you can sort out what’s happening.

How to Share Files and Folders Over a Network in Windows 10 and Windows 11

https://www.tenforums.com/tutorials/111783-share-files-folders-over-network-windows-10-a.html

Windows 10 Pro 22H2

1 user thanked author for this post.

Casey H

Reply | Quote

I guess I have it sorted out.  The sharing changes I made back when I first assembled the computer were made from within the security tab, when I was “denied access.”  I find that by unsharing from the sharing tab in the main properties window, the problem has gone away.  The drives are no longer visible to my laptop, but are still available to all three desktop user accounts.  What I don’t understand is why this reality just occurred.  I don’t believe I could have been that unobservant in the last 3 plus years, covering two separate laptops. Perhaps the March update had something to do with it.

Separate but related issue/decision: There are great benefits to being able to access my main PC’s files from my laptop.  If my laptop is stolen, I’m understanding the only way to access the main computer’s files would be if it were logged on to my router, possible only if the culprit was parked within wireless range.  I could easily change the router’s password, plus those for all my email accounts, microsoft, and google.  There’s nothing really on my laptop that could be considered sensitive.  I think I’ll leave things the way they are.  Thanks John.

Casey

Reply | Quote

Casey H wrote:

the only way to access the main computer’s files would be if it were logged on to my router

Correct.

The best way to prevent the laptop being accessed if stolen is to encrypt the disk with Bitlocker  (Pro) or Veracrypt (Home).

cheers, Paul

2 users thanked author for this post.

Kirsty, Casey H

Reply | Quote

I’m somewhat hesitant to encrypt the whole disk because I’m unsure of how it works when trying to boot from flash media, if that should ever become necessary for a system restore.  I’m fearful of being locked out.  Right now I keep all my data on a separate drive (main PC) or on a separate partition (laptop).  In my main PC’s case, all my sensitive information is located in a veracrypt file container.  There is no sensitive data on my laptop.

Casey

Reply | Quote

Casey H wrote:

I’m somewhat hesitant to encrypt the whole disk because I’m unsure of how it works when trying to boot from flash media, if that should ever become necessary for a system restore. I’m fearful of being locked out.

I understand that reluctance. There are a few other details involved to think about…

For example, I use BitLocker whole disk encryption on my main desktop boot drive. I have to “unlock” the drive with a password every time I boot. The drive stays unlocked as long as Windows is running. It’s been many years since I tried Veracrypt, so I will not attempt to compare them.

It took some time, but I finally figured out how to get along with a fully encrypted volume.

Since I use Macrium Reflect to create full backup system images, here are a few items I must pay attention to. If I want boot from flash media (Macrium Rescue) to restore one of those images (the images themselves are not BitLocker encrypted) I have 2 options:

1. Unlock the BitLocker volume at flash boot so that the restore can replace the image inside of the current encrypted BitLocker volume without having to encrypt it again.
2. Restore the image to the locked drive which wipes out the BitLocker volume and keys, and then encrypt the volume again.

Since an encrypted (locked) volume is not accessible using an ordinary boot from flash media, it is necessary to unlock the locked volume to gain access to it from the flash boot. In my case the choice is to either allow Macrium Rescue Media to contain the key and automatically unlock the volume, or else use the Windows command prompt within the Rescue Media (Windows PE) to manage BitLocker manually.

Otherwise option #2 is the result.

In any case, if you have an unencrypted copy of an image handy you can access your data without needing to access an encrypted volume. By default when you image a BitLocker protected volume from a “live” Windows session while that volume is currently unlocked, that image you make of it onto an external drive is also not encrypted.

Windows 10 Pro 22H2

3 users thanked author for this post.

Kirsty, windbg, Casey H

Reply | Quote

Restoring to an encrypted disk is not an issue because the partition is not encrypted, only the data within it is – unless you use disk hardware encryption, which has flaws and Bitlocker reverts to software encryption.
When you restore you replace the partition.

If you need to restore some data, do it from within Windows.

Veracrypt uses the above model.

cheers, Paul

2 users thanked author for this post.

Kirsty, Casey H

Reply | Quote

Paul T wrote:

Restoring to an encrypted disk is not an issue because the partition is not encrypted, only the data within it is

This info pertains to Windows 10 Pro and BitLocker using software encryption:

Restoring to an encrypted disk is not an issue, but you do have 2 options. Either way works but one results in an encrypted restore, while the other one does not. I have done it both ways over many years, and I prefer the first.

BitLocker actually encrypts the partition, not the disk. For example, on my Windows 10 Pro boot drive only the C: (boot) partition is encrypted (indicated in Windows Disk Management), but the recovery and EFI partitions are not encrypted.

(1) If the encrypted C: boot partition being restored is “unlocked” first, then the contents of that partition are restored in an already encrypted state onto the C: drive. The existing BitLocker recovery key is still intact and you’re back in business right away.

(2) But if your encrypted partition is locked when you attempt to restore, that works OK but the data is restored in an unencrypted state since the BitLocker partition is replaced by the one in your image which is not “BitLockered”. You will then need to re-encrypt the partition after the restore, and a new BitLocker recovery key will be assigned. That takes a bit more time.

And something else for Macrium users to consider with option #2: if you want to use the bootable rescue media to manage BitLocker for you, then you will also need to rebuild it to update it with the new Recovery Key.

Windows 10 Pro 22H2

2 users thanked author for this post.

windbg, Casey H

Reply | Quote

Would not the image/clone data that Macrium creates be encrypted? Or does it just set on the backup drive in the open?

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

wavy wrote:

Would not the image/clone data that Macrium creates be encrypted?

No, not if the image/clone was made while Windows was “online”.

In that case, BitLocker has already “unlocked” the  Windows partition when the system was booted. All data read/written by Windows applications from that point on is “in the open”. The data on the drive is actually encrypted, but on-the-fly encryption with the drive takes place by BitLocker.

So Macrium or any other program like it actually copies the BitLocker “unlocked” data provided “in the open”. The image/clone would then need to be stored in a secure location, or encrypted or password protected by other means.

I have never tried it, but I assume that an offline (Windows not running) image/clone would copy the encrypted partition sector by sector, in which case the data would remain in an encrypted BitLocker “locked” state.

Windows 10 Pro 22H2

1 user thanked author for this post.

wavy

Reply | Quote

See my backup thread for more details on backing up an encrypted disk.
VeraCrypt and Backup

cheers, Paul

3 users thanked author for this post.

Kirsty, Casey H, wavy

Reply | Quote