Sharing drives and folders is a common practice as most users are not going to log onto a server directly to access their data files. Instead, a drive or folder will be shared (known as a shared folder), and they will access the data files over a network. To help protect against unauthorized drive or folder access, you should use share permissions along with NTFS permissions (assuming the shared folder is on an NTFS volume). When a user needs to access a network share, he or she will use the UNC, which is servernamesharename.

Share a Folder

Sharing Drives and Folders 1

Sharing Drives and Folders

To share a drive or folder, perform these steps:

  1. In Windows Server 2003, right-click the desired drive or folder and select Sharing and  security. In Windows Server 2008, right-click the drive or folder, select Properties and select the Sharing tab, then click the Advanced Sharing button.
  2. Select Share this folder.
  3. Type in the name of the shared folder.
  4. If necessary, specify the maximum number of people that can access the shared folder at the same time.
  5. Click the Permissions button.
  6. By default, Everyone is given the Allow Read shared permission. You can then remove Everyone, expand the Read shared permission, or add additional people.
  7. After users and groups have been added with the proper permissions, click the OK button to close the Permissions dialog box. See Figure 1.
  8. Click OK to close the Properties dialog box.

The share permissions that are available are as follows:

  • Full control: Users who are allowed this permission have Read and Change permissions, as well as additional capabilities to change file and folder permissions and take ownership of files and folders.
  • Change: Users who are allowed this permission have Read permission and the additional  capability to create files and subfolders, modify files, change attributes on files and subfolders, and delete files and subfolders.
  • Read: Users with this permission can view file and subfolder names, access the subfolders of the share, read file data and attributes, and run program files.

As with NTFS, you can allow or deny each share permission. To simplify managing share and NTFS permissions, Microsoft recommends giving everyone Full control at the share level, then controlling access using NTFS permissions. In addition, because a user can be member of several groups, it is possible for a particular user to have several sets of permissions to a shared drive or folder. The effective share permissions are a combination of the user’s  permissions and the permissions of all groups of which the user is a member.

When a person logs onto the server and accesses files and folders without using the UNC, only the NTFS permissions apply, not the share permissions. When a person accesses a shared folder using the UNC, you must combine the NTFS and share permissions to see what a user can do. To figure overall access, first calculate the effective NTFS permissions. Then determine the effective shared permissions. Finally, apply the more-restrictive permissions between the NTFS and shared permissions.

Network Discovery and Browsing

In Windows Server 2003, you need only two services to provide and access shared folders. The Workstation service allows you ...
Read More

Looking at Special and Administrative Shares

An administrative shares are a shared folders typically used for administrative purposes and usually hidden. In Windows, there are several ...
Read More

This lesson is a part of File and Print Services chapter from 98-365 Windows Server Administration Fundamentals Prep course. More lessons in this chapter are

Introducing NTFS

NTFS is the preferred file system in part because it supports much larger hard disks and a higher level of ...
Read More

Sharing Drives and Folders

Sharing drives and folders is a common practice as most users are not going to log onto a server directly ...
Read More

Looking at Printers

One basic network service is network printing, in which multiple users can share the same printer. This is a cost-effective ...
Read More

Enabling Auditing

Security can be divided into three areas. Authentication is used to prove the identity of a user. Authorization gives access ...
Read More

The Practice tests included in this course are:

98-365 Windows Server Administration Fundamentals Practice Test 1

Instructions for 98-365 Windows Server Administration Fundamentals Practice Test 1 This page shows the instructions for 98-365 Windows Server Administration ...
Read More

98-365 Windows Server Administration Fundamentals Practice Test 2

Instructions for 98-365 Windows Server Administration Fundamentals Practice Test 2 This page shows the instructions for 98-365 Windows Server Administration ...
Read More

98-365 Windows Server Administration Fundamentals Practice Test 5

Instructions for 98-365 Windows Server Administration Fundamentals Practice Test 5 This page shows the instructions for 98-365 Windows Server Administration ...
Read More

98-365 Windows Server Administration Fundamentals Practice Test 4

Instructions for 98-365 Windows Server Administration Fundamentals Practice Test 4 This page shows the instructions for 98-365 Windows Server Administration ...
Read More

98-365 Windows Server Administration Fundamentals Practice Test 3

Instructions for 98-365 Windows Server Administration Fundamentals Practice Test 3 This page shows the instructions for 98-365 Windows Server Administration ...
Read More