Sharing drives and folders is a common practice as most users are not going to log onto a server directly to access their data files. Instead, a drive or folder will be shared (known as a shared folder), and they will access the data files over a network. To help protect against unauthorized drive or folder access, you should use share permissions along with NTFS permissions (assuming the shared folder is on an NTFS volume). When a user needs to access a network share, he or she will use the UNC, which is servernamesharename.
Share a Folder
To share a drive or folder, perform these steps:
- In Windows Server 2003, right-click the desired drive or folder and select Sharing and security. In Windows Server 2008, right-click the drive or folder, select Properties and select the Sharing tab, then click the Advanced Sharing button.
- Select Share this folder.
- Type in the name of the shared folder.
- If necessary, specify the maximum number of people that can access the shared folder at the same time.
- Click the Permissions button.
- By default, Everyone is given the Allow Read shared permission. You can then remove Everyone, expand the Read shared permission, or add additional people.
- After users and groups have been added with the proper permissions, click the OK button to close the Permissions dialog box. See Figure 1.
- Click OK to close the Properties dialog box.
The share permissions that are available are as follows:
- Full control: Users who are allowed this permission have Read and Change permissions, as well as additional capabilities to change file and folder permissions and take ownership of files and folders.
- Change: Users who are allowed this permission have Read permission and the additional capability to create files and subfolders, modify files, change attributes on files and subfolders, and delete files and subfolders.
- Read: Users with this permission can view file and subfolder names, access the subfolders of the share, read file data and attributes, and run program files.
As with NTFS, you can allow or deny each share permission. To simplify managing share and NTFS permissions, Microsoft recommends giving everyone Full control at the share level, then controlling access using NTFS permissions. In addition, because a user can be member of several groups, it is possible for a particular user to have several sets of permissions to a shared drive or folder. The effective share permissions are a combination of the user’s permissions and the permissions of all groups of which the user is a member.
When a person logs onto the server and accesses files and folders without using the UNC, only the NTFS permissions apply, not the share permissions. When a person accesses a shared folder using the UNC, you must combine the NTFS and share permissions to see what a user can do. To figure overall access, first calculate the effective NTFS permissions. Then determine the effective shared permissions. Finally, apply the more-restrictive permissions between the NTFS and shared permissions.
This lesson is a part of File and Print Services chapter from 98-365 Windows Server Administration Fundamentals Prep course. More lessons in this chapter are
The Practice tests included in this course are: