How To Create a Network Share and Set Permissions

A network share is a shared folder or directory on a server or computer that allows multiple users or devices on a network to access, store, and manage files. Setting permissions on network shares is crucial to ensure that sensitive data is secure while providing appropriate access levels for users and groups. In this guide, we will walk through the steps for creating a network share, configuring file and folder permissions, and managing access for users and groups.

Whether you’re working in a small office or a large enterprise environment, correctly configuring network shares and permissions is essential for data security and collaboration. Let’s delve into the process.

Step 1: Create a Shared Folder

The first step in creating a network share is to set up a shared folder on a designated server or workstation.

1.1 Choose a Location for the Shared Folder

• On your file server or a designated computer, navigate to the location where you want to create the shared folder (e.g., C:\Users\Public or a dedicated drive like D:\SharedFiles).

1.2 Create a New Folder

• Right-click on the folder and select New > Folder. Give it a descriptive name (e.g., “ProjectFiles” or “HRDocs”).

1.3 Share the Folder

• Right-click on the folder you created, then select Properties.
• Go to the Sharing tab and click on Share.
• Select the users or groups that you want to give access to this folder. You can choose from existing users or enter new ones.
• Click Add, and choose the permissions level: Read, Write, or Full Control.

1.4 Configure Advanced Sharing (Optional)

For more control over the network share, click on Advanced Sharing:

• Check the box labeled Share this folder.
• Click on Permissions to specify detailed access permissions (described in Step 2 below).
• Optionally, you can assign a share name, which is the name users will see when connecting to the network share (e.g., \\server\ProjectFiles).

Step 2: Set Folder Permissions

Folder permissions control what actions users and groups can perform on the shared folder. These permissions can be set at two levels:

1. NTFS (file system) permissions – Control access to the file system on the local disk.
2. Share permissions – Control access to the folder over the network.

You will need to set both NTFS and Share permissions to ensure the right balance of security and functionality.

2.1 Set NTFS Permissions

NTFS permissions are set on the local file system and determine the actions users can perform on the files and folders within the shared directory.

• Right-click on the folder, and select Properties.
• Navigate to the Security tab.
• Click on Edit to change permissions for users or groups.
• Add users or groups (if needed), and then select the permissions they should have:
  • Full Control – Can read, write, modify, and delete files/folders.
  • Modify – Can read, write, modify, and delete files/folders.
  • Read & Execute – Can read and run executable files.
  • Read – Can only view files and folders.
  • Write – Can create files and folders.

2.2 Set Share Permissions

Share permissions work alongside NTFS permissions to control access over the network. They are typically more restrictive than NTFS permissions.

• Right-click the shared folder, then select Properties and go to the Sharing tab.
• Click on Advanced Sharing and then Permissions.
• Choose the level of access for each user or group:
  • Full Control – Allows users to create, modify, and delete files.
  • Change – Allows users to modify files but not delete them.
  • Read – Only allows viewing and opening files.

Note: If you grant Full Control in the Share permissions, but only Read permissions in NTFS, the most restrictive permission applies (i.e., the user can only read the files).

Step 3: Manage Access for Users and Groups

Managing access for users and groups is essential for ensuring that only authorized individuals can access certain network shares. You can manage users and groups through Active Directory (AD) or locally on the computer.

3.1 Add Users to the Shared Folder

To give specific users access to the shared folder:

• On the Security tab (within folder Properties), click Edit.
• Add users or groups from the Add button, then specify their level of access (Full Control, Modify, etc.).
• Click OK to apply the changes.

3.2 Use Active Directory Groups (For AD Environments)

If you’re in an Active Directory environment, it’s best to use groups to manage access:

• Create a group in Active Directory Users and Computers.
• Add the relevant users to the group.
• On the folder’s Security tab, click Edit, and add the AD group to the permissions list. Assign appropriate permissions to the group.

3.3 Inheritance of Permissions

In Windows, permissions can be inherited from parent folders to subfolders. You can control inheritance to ensure that subfolders follow the same permission structure as the parent folder.

• In the Security tab, click on Advanced.
• In the Advanced Security Settings window, you can configure inheritance settings (Enable or Disable inheritance).

Step 4: Verify and Test the Network Share

After setting up the network share and permissions, it’s essential to verify that everything is working as expected.

4.1 Check Access for Users

Ask users to connect to the network share using the shared folder’s network path (e.g., \\server\ProjectFiles). Verify that they can access the folder according to the permissions you set.

4.2 Test Read and Write Operations

Test if the users can perform the appropriate actions:

• Read: Can they view files in the folder?
• Write: Can they add or modify files in the folder?
• Full Control: Can they delete or change the permissions of files/folders?

4.3 Audit Share Access (Optional)

You can enable auditing to track who is accessing the shared folder and what actions they are performing. To enable auditing:

• Open Local Security Policy and navigate to Advanced Audit Policy Configuration.
• Enable Object Access Auditing.
• Then, in the Folder Properties under the Security tab, click on Advanced > Auditing to set auditing permissions.

Best Practices for Network Shares and Permissions

When setting up network shares and managing permissions, consider the following best practices to ensure security and efficiency:

1. Use Least Privilege Access

Always assign the minimum permissions necessary for users to perform their tasks. Avoid giving users Full Control unless absolutely necessary.

2. Group Permissions Instead of Individual Users

Where possible, use Active Directory groups to manage permissions. Assigning permissions to groups simplifies user management and ensures consistent access across the network.

3. Regularly Review Permissions

Permissions should be reviewed periodically, especially when users leave or change roles. Removing access promptly helps maintain security.

4. Secure Sensitive Data

For sensitive data, consider additional security measures like encryption or password protection for shared folders. Use NTFS and Share permissions in combination to protect sensitive files.

5. Enable File Versioning

Consider enabling file versioning on your shared folders to avoid accidental file loss or corruption. This allows you to roll back to a previous version of the file if needed.

Frequently Asked Questions Related to Creating a Network Share and Setting Permissions