How To Create A Network Share And Set Permissions - ITU Online IT Training
Service Impact Notice: Due to the ongoing hurricane, our operations may be affected. Our primary concern is the safety of our team members. As a result, response times may be delayed, and live chat will be temporarily unavailable. We appreciate your understanding and patience during this time. Please feel free to email us, and we will get back to you as soon as possible.

How To Create a Network Share and Set Permissions

Facebook
Twitter
LinkedIn
Pinterest
Reddit

A network share is a shared folder or directory on a server or computer that allows multiple users or devices on a network to access, store, and manage files. Setting permissions on network shares is crucial to ensure that sensitive data is secure while providing appropriate access levels for users and groups. In this guide, we will walk through the steps for creating a network share, configuring file and folder permissions, and managing access for users and groups.

Whether you’re working in a small office or a large enterprise environment, correctly configuring network shares and permissions is essential for data security and collaboration. Let’s delve into the process.


Step 1: Create a Shared Folder

The first step in creating a network share is to set up a shared folder on a designated server or workstation.

1.1 Choose a Location for the Shared Folder

  • On your file server or a designated computer, navigate to the location where you want to create the shared folder (e.g., C:\Users\Public or a dedicated drive like D:\SharedFiles).

1.2 Create a New Folder

  • Right-click on the folder and select New > Folder. Give it a descriptive name (e.g., “ProjectFiles” or “HRDocs”).

1.3 Share the Folder

  • Right-click on the folder you created, then select Properties.
  • Go to the Sharing tab and click on Share.
  • Select the users or groups that you want to give access to this folder. You can choose from existing users or enter new ones.
  • Click Add, and choose the permissions level: Read, Write, or Full Control.

1.4 Configure Advanced Sharing (Optional)

For more control over the network share, click on Advanced Sharing:

  • Check the box labeled Share this folder.
  • Click on Permissions to specify detailed access permissions (described in Step 2 below).
  • Optionally, you can assign a share name, which is the name users will see when connecting to the network share (e.g., \\server\ProjectFiles).

Step 2: Set Folder Permissions

Folder permissions control what actions users and groups can perform on the shared folder. These permissions can be set at two levels:

  1. NTFS (file system) permissions – Control access to the file system on the local disk.
  2. Share permissions – Control access to the folder over the network.

You will need to set both NTFS and Share permissions to ensure the right balance of security and functionality.

2.1 Set NTFS Permissions

NTFS permissions are set on the local file system and determine the actions users can perform on the files and folders within the shared directory.

  • Right-click on the folder, and select Properties.
  • Navigate to the Security tab.
  • Click on Edit to change permissions for users or groups.
  • Add users or groups (if needed), and then select the permissions they should have:
    • Full Control – Can read, write, modify, and delete files/folders.
    • Modify – Can read, write, modify, and delete files/folders.
    • Read & Execute – Can read and run executable files.
    • Read – Can only view files and folders.
    • Write – Can create files and folders.

2.2 Set Share Permissions

Share permissions work alongside NTFS permissions to control access over the network. They are typically more restrictive than NTFS permissions.

  • Right-click the shared folder, then select Properties and go to the Sharing tab.
  • Click on Advanced Sharing and then Permissions.
  • Choose the level of access for each user or group:
    • Full Control – Allows users to create, modify, and delete files.
    • Change – Allows users to modify files but not delete them.
    • Read – Only allows viewing and opening files.

Note: If you grant Full Control in the Share permissions, but only Read permissions in NTFS, the most restrictive permission applies (i.e., the user can only read the files).


Step 3: Manage Access for Users and Groups

Managing access for users and groups is essential for ensuring that only authorized individuals can access certain network shares. You can manage users and groups through Active Directory (AD) or locally on the computer.

3.1 Add Users to the Shared Folder

To give specific users access to the shared folder:

  • On the Security tab (within folder Properties), click Edit.
  • Add users or groups from the Add button, then specify their level of access (Full Control, Modify, etc.).
  • Click OK to apply the changes.

3.2 Use Active Directory Groups (For AD Environments)

If you’re in an Active Directory environment, it’s best to use groups to manage access:

  • Create a group in Active Directory Users and Computers.
  • Add the relevant users to the group.
  • On the folder’s Security tab, click Edit, and add the AD group to the permissions list. Assign appropriate permissions to the group.

3.3 Inheritance of Permissions

In Windows, permissions can be inherited from parent folders to subfolders. You can control inheritance to ensure that subfolders follow the same permission structure as the parent folder.

  • In the Security tab, click on Advanced.
  • In the Advanced Security Settings window, you can configure inheritance settings (Enable or Disable inheritance).

Step 4: Verify and Test the Network Share

After setting up the network share and permissions, it’s essential to verify that everything is working as expected.

4.1 Check Access for Users

Ask users to connect to the network share using the shared folder’s network path (e.g., \\server\ProjectFiles). Verify that they can access the folder according to the permissions you set.

4.2 Test Read and Write Operations

Test if the users can perform the appropriate actions:

  • Read: Can they view files in the folder?
  • Write: Can they add or modify files in the folder?
  • Full Control: Can they delete or change the permissions of files/folders?

4.3 Audit Share Access (Optional)

You can enable auditing to track who is accessing the shared folder and what actions they are performing. To enable auditing:

  • Open Local Security Policy and navigate to Advanced Audit Policy Configuration.
  • Enable Object Access Auditing.
  • Then, in the Folder Properties under the Security tab, click on Advanced > Auditing to set auditing permissions.

Best Practices for Network Shares and Permissions

When setting up network shares and managing permissions, consider the following best practices to ensure security and efficiency:

1. Use Least Privilege Access

Always assign the minimum permissions necessary for users to perform their tasks. Avoid giving users Full Control unless absolutely necessary.

2. Group Permissions Instead of Individual Users

Where possible, use Active Directory groups to manage permissions. Assigning permissions to groups simplifies user management and ensures consistent access across the network.

3. Regularly Review Permissions

Permissions should be reviewed periodically, especially when users leave or change roles. Removing access promptly helps maintain security.

4. Secure Sensitive Data

For sensitive data, consider additional security measures like encryption or password protection for shared folders. Use NTFS and Share permissions in combination to protect sensitive files.

5. Enable File Versioning

Consider enabling file versioning on your shared folders to avoid accidental file loss or corruption. This allows you to roll back to a previous version of the file if needed.


Frequently Asked Questions Related to Creating a Network Share and Setting Permissions

What are the differences between NTFS and share permissions?

NTFS permissions control access to files and folders on the local file system, while share permissions control access over the network. NTFS permissions are more granular and provide control over actions like read, write, and execute within the file system, including folder contents. Share permissions, on the other hand, define the access level for users accessing the share over the network, and they apply to the folder as a whole. Both work in tandem but can be configured separately, with the more restrictive permission taking precedence if there is a conflict.

Can I limit permissions on a specific file within a shared folder?

Yes, you can set specific NTFS permissions on individual files within a shared folder. This allows you to control access to sensitive files while maintaining more general permissions on the entire folder. To do this, right-click on the file, go to Properties, navigate to the Security tab, and adjust the permissions for the individual users or groups.

How do I share a folder with external users outside of my network?

To share a folder with external users who are not part of your local network, consider one of the following approaches:

  • Cloud Storage: Use platforms like OneDrive, Google Drive, or Dropbox for easy sharing with external parties. Upload your folder to the cloud and then share a link or set permissions for specific external users.
  • VPN (Virtual Private Network): If you need external users to access the shared folder directly from your network, you can set up a VPN. This will allow users to securely access internal resources as if they were part of the network.
  • Guest Access via File Server: Enable guest access on your file server for remote access, but this generally requires more advanced network configurations.

How can I prevent unauthorized access to shared folders?

To prevent unauthorized access to your shared folders, you can implement the following security measures:

  • Use Strong Authentication: Ensure all users accessing the network share have strong passwords and enable multi-factor authentication where possible.
  • Encrypt Sensitive Data: Use encryption on sensitive files within the share. You can enable BitLocker or use file-level encryption to secure data from unauthorized access.
  • Apply Least Privilege: Grant the minimum level of access necessary for each user.
  • Audit Access Logs: Set up audit logging to monitor access to shared folders for unauthorized access.
  • Use Firewalls and Network Segmentation: Limit which users and devices can access certain shares.

Can I set different permissions for different users on the same network share?

Yes, it is possible to set different permissions for different users or groups on the same network share by modifying both NTFS and share permissions. Here’s how you can do it:

  • NTFS Permissions: These permissions are applied to the files and folders on the local server or computer. By using NTFS permissions, you can allow or restrict actions (e.g., read, write, modify) for individual users or groups.
  • Share Permissions: These permissions apply to the folder when accessed over the network. You can assign different access levels to different users or groups using share permissions.
  • Combining Permissions: Both sets of permissions can be configured independently. The most restrictive permission will always apply.

Leave a Reply

Your email address will not be published. Required fields are marked *


What's Your IT
Career Path?
All Access Lifetime IT Training

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Total Hours
2815 Hrs 25 Min
icons8-video-camera-58
14,314 On-demand Videos

Original price was: $699.00.Current price is: $349.00.

Add To Cart
All Access IT Training – 1 Year

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Total Hours
2785 Hrs 38 Min
icons8-video-camera-58
14,186 On-demand Videos

Original price was: $199.00.Current price is: $129.00.

Add To Cart
All Access Library – Monthly subscription

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Total Hours
2788 Hrs 11 Min
icons8-video-camera-58
14,237 On-demand Videos

Original price was: $49.99.Current price is: $16.99. / month with a 10-day free trial

You Might Be Interested In These Popular IT Training Career Paths

Entry Level Information Security Specialist Career Path

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Total Hours
113 Hrs 4 Min
icons8-video-camera-58
513 On-demand Videos

Original price was: $129.00.Current price is: $51.60.

Add To Cart
Network Security Analyst Career Path

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Total Hours
111 Hrs 24 Min
icons8-video-camera-58
518 On-demand Videos

Original price was: $129.00.Current price is: $51.60.

Add To Cart
Leadership Mastery: The Executive Information Security Manager

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Total Hours
95 Hrs 34 Min
icons8-video-camera-58
348 On-demand Videos

Original price was: $129.00.Current price is: $51.60.

Add To Cart

What is BitLocker?

Definition: BitLockerBitLocker is a full-disk encryption feature included with Microsoft Windows operating systems. It is designed to protect data by providing encryption for entire volumes.Introduction to BitLockerBitLocker is a security

Read More From This Blog »

Cyber Monday

70% off

Our Most popular LIFETIME All-Access Pass