In an Active Directory environment, best practices for sharing files on Windows Vista computers include the following:
- Turn off Network Discovery in a domain environment, as it can generate excessive network traffic that can interfere with normal network activities.
- Publish shared folders in Active Directory so that users can search for them in the directory and access them instead of having to browse the network to find them.
- Use Group Policy to prevent users on Windows Vista computers from sharing files on their computers from their user profiles unless they are local administrators on their computers. For more information, see the section titled “Managing File Sharing Using Group Policy” earlier in this chapter.
- Allow only advanced users the ability to share folders on their computers by giving them administrative rights on their computers.
Note: Do not make users local administrators on their computers unless you understand the consequences of doing so. One consequence is that they will be able to share folders and open firewall exceptions on their computers. Sharing folders from desktop computers in a domain environment may mean that important documents are being stored on computers instead of on network file servers, and since desktop computers are not normally backed up, this can mean lost work. Educate users to store files instead within shared folders on network file servers where their work can be centrally backed up regularly.