Setup Share Folders with NTFS Permission in Windows Server 2019

MSFT WebCast
5 Mar 201911:33

Summary

TLDRThis tutorial video demonstrates various methods to create a shared folder in Windows Server 2019, enhancing accessibility for network users. It covers using Server Manager Console, File Explorer, and Computer Management Console, detailing each step from selecting the server and folder path to setting permissions for different user groups. The video also highlights the importance of configuring NTFS permissions and access-based enumeration for secure and controlled data sharing. By the end, viewers will understand how to effectively manage shared folders to improve collaboration within a network environment.

Takeaways

  • 😀 The video demonstrates various methods to create a shared folder in Windows Server 2019.
  • 🔧 Using Server Manager Console, you can create a new share folder by navigating through File and Storage Services, then Shares.
  • 📁 Two default shared folders, 'Matlock' and 'SYSVOL', are automatically created when a server is promoted as a domain controller.
  • 🖥️ The video shows selecting 'SMB Share - Quick' for general file sharing, which is one of the five available share profiles.
  • 📂 Custom paths can be used to create a shared folder on a specific server, like the domain controller WS2019-01.
  • 📝 When creating a share, it's important to name the share folder without spaces and provide a description if necessary.
  • 👀 Enabling 'Access-based enumeration' prevents users from seeing files and folders they don't have permission to access.
  • 🔄 'Allow caching of shares' is an option that allows offline users to access the content of the share folder.
  • 🛠️ Customizing permissions involves disabling inheritance and setting explicit permissions for different users or groups.
  • 👥 The video uses Active Directory Users and Computers to assign permissions to a security group for the shared folder.
  • 🔄 The 'Creator-Owner' concept is explained, where users who create files or folders within the shared folder gain full control over them.
  • 🔄 The video also covers using File Explorer and Computer Management Console as alternative methods to create shared folders.
  • 🚫 It's noted that sharing permissions set in File Explorer can override NTFS permissions, emphasizing the importance of proper configuration.
  • 💻 The final method mentioned is using the command line to create shared folders, though it's not demonstrated due to its complexity.

Q & A

  • What is the purpose of creating a shared folder in Windows Server 2019?

    -Creating a shared folder in Windows Server 2019 allows network users to access data stored on the server from their client computers, based on the permissions assigned to the shared folders.

  • How can you access the Server Manager console to create a new share folder?

    -To access the Server Manager console, you need to open it and navigate to the left-hand side where you will find 'File and Storage Services'. Click on that and then click on 'Shares' to see the list of current share folders.

  • What are share profiles and why are they used when creating a new share folder?

    -Share profiles are pre-configured settings that determine the type of sharing that is suitable for different needs. They are used to streamline the process of creating a new share folder and to ensure that the share is optimized for its intended use, such as general file sharing, advanced SMB share applications, or NFS sharing.

  • What is the 'SMB Share - Quick' profile used for?

    -The 'SMB Share - Quick' profile is used for general file sharing. It is suitable when you have a standard file server role installed on your server and you need to share files in a basic manner.

  • How do you specify the local path for a new shared folder?

    -To specify the local path for a new shared folder, you need to select 'Type a custom path', then click on 'Browse'. You will then be able to navigate to the desired location on the server's drives and select the folder you wish to share.

  • What is 'Access-based enumeration' and why is it enabled?

    -Access-based enumeration is a feature that prevents users from seeing files and folders they do not have permission to access. It is enabled to enhance security by ensuring that users only see and can access content they are permitted to view or use.

  • How can you customize permissions for a shared folder?

    -To customize permissions for a shared folder, you can click on 'Customize Permissions' during the share folder creation process. Here, you can disable inheritance and set explicit permissions for different users or groups.

  • What is the significance of disabling inheritance when setting permissions on a shared folder?

    -Disabling inheritance allows you to set unique permissions for the shared folder that are not inherited from parent folders. This ensures that the security settings for the shared folder are tailored to its specific needs and are not automatically applied from higher-level folder permissions.

  • How can you assign permissions to a specific department, such as HR, for a shared folder?

    -You can assign permissions to a specific department by using Active Directory Users and Computers to select the appropriate security group, such as 'Azure Users' for the HR department, and then granting them the desired permissions on the shared folder.

  • What happens when a user creates a file or folder under a shared folder with customized permissions?

    -When a user creates a file or folder under a shared folder with customized permissions, they become the 'creator-owner' of that file or folder. As the creator-owner, they have full control over the subfolders and files they create.

  • How can you confirm that a user can access and use the shared folder with appropriate permissions?

    -To confirm that a user can access and use the shared folder with appropriate permissions, you can log in as that user on a client computer and attempt to access the shared folder using its UNC path. You can then test creating, renaming, and deleting files and folders to verify that the permissions are correctly assigned.

  • What are the different methods to create a shared folder in Windows Server 2019 as mentioned in the script?

    -The script mentions three methods to create a shared folder in Windows Server 2019: using the Server Manager console, using File Explorer, and using the Computer Management console. Additionally, it mentions the command line method but does not go into detail as it is more complicated for permission assignments.

  • How does sharing a folder through File Explorer differ from sharing through the Server Manager console?

    -Sharing a folder through File Explorer is a more user-friendly method that involves right-clicking on the folder, selecting 'Properties', and then the 'Sharing' tab to share the folder. It allows for quick sharing with default permissions. In contrast, sharing through the Server Manager console provides more granular control over permissions and settings, suitable for more complex or secure sharing requirements.

  • Why is it important to specify NTFS permissions when creating a shared folder?

    -Specifying NTFS permissions is important because it allows you to control the access and actions that users can perform on the shared folder at the file system level. This ensures that users have the appropriate level of access and helps maintain the security and integrity of the data stored in the shared folder.

  • What is the impact of setting sharing permissions to 'Everyone Full Control' at the sharing level?

    -Setting sharing permissions to 'Everyone Full Control' at the sharing level allows every user to have full control over the shared folder, which can be a security risk. It is important to carefully consider who needs access and what level of access is appropriate to prevent unauthorized access and potential data breaches.

  • How can you manage permissions and other settings for a shared folder after it has been created?

    -After a shared folder has been created, you can manage its permissions and other settings by selecting the folder, right-clicking, and choosing 'Properties'. From there, you can access the 'Sharing' tab to manage sharing permissions and the 'Security' tab to manage NTFS permissions.

Outlines

00:00

👨‍💻 Introduction to Creating Shared Folders in Windows Server 2019

In this section, the video introduces the topic of creating shared folders in Windows Server 2019. It explains the importance of sharing folders to make data accessible to network users. The process involves using the Server Manager console to create a new shared folder, emphasizing the necessity of permissions and different share profiles available for various scenarios.

05:02

🖱️ Setting Up SMB Share Quick in Server Manager

This paragraph details the steps to create a shared folder using the SMB Share Quick profile in Server Manager. The steps include selecting the server, defining the share path, naming the folder, and configuring basic share settings such as access-based enumeration and caching. It also explains how to set NTFS permissions, including customizing permissions by disabling inheritance and assigning specific permissions to security groups.

10:02

📂 Verifying Shared Folder Access and Permissions

Here, the video demonstrates how to verify that the shared folder is correctly configured. It shows the process of accessing the shared folder from a client computer, ensuring that users have the appropriate permissions to create and manage files within the shared folder. The section confirms that permissions are properly assigned by creating and renaming folders as an HR user.

🖥️ Creating Shared Folders Using File Explorer

This section covers an alternative method of creating shared folders using File Explorer. It involves creating a new folder, setting share permissions, and verifying access from a client computer. The process includes configuring both share-level and NTFS permissions, emphasizing the difference between them and the impact on user access.

🔧 Creating Shared Folders Using Computer Management Console

The video outlines another method for creating shared folders using the Computer Management console. The steps include selecting the location, setting offline file settings, and configuring permissions. The video also mentions the complexity of using command-line tools for this task and concludes by summarizing the various methods available for creating shared folders in Windows Server 2019.

Mindmap

Keywords

💡Windows Server 2019

Windows Server 2019 is a server operating system developed by Microsoft. It is the core platform for the video's tutorial, which demonstrates how to create a shared folder on this system. The video's theme revolves around enhancing network accessibility and data sharing, and Windows Server 2019 provides the necessary tools and services to achieve this.

💡Share Folder

A share folder is a directory on a server that is accessible over a network. In the context of the video, creating a share folder allows users to access data stored on the server from their client computers. The script discusses different methods to set up share folders to facilitate data access and collaboration.

💡Server Manager Console

The Server Manager Console is a tool within Windows Server used for managing server roles and features. In the video script, it is used to create a new share folder. The console provides a graphical interface for administrators to configure and manage shared resources on the server.

💡File and Storage Services

File and Storage Services is a feature within Windows Server that allows administrators to manage file shares and storage. The script mentions accessing this feature through the Server Manager Console to create and manage share folders, emphasizing its role in the server's file-sharing capabilities.

💡Shares

In the context of Windows Server, shares refer to the shared folders that are accessible over the network. The script describes viewing and managing these shares through the Server Manager Console, which is crucial for setting permissions and ensuring proper access control.

💡SMB Share

SMB (Server Message Block) is a network file sharing protocol used for sharing files, printers, and other resources on a network. The video script explains selecting SMB Share Quick as a profile for creating a share folder, which is suitable for general file sharing within a Windows environment.

💡NTFS Permissions

NTFS (New Technology File System) permissions are security measures that control access to files and folders on a Windows system. The script details customizing NTFS permissions for a share folder, which is essential for defining who can access, modify, or execute files within the shared directory.

💡Access-Based Enumeration

Access-Based Enumeration is a feature that allows users to see only the files and folders they have permission to access. The script mentions enabling this feature to enhance security by preventing users from viewing resources they should not have access to.

💡UNC Path

A UNC path (Universal Naming Convention path) is a format for file paths that are used to access files over a network. In the script, the UNC path is used to access the shared folder from a client computer, demonstrating how users can connect to the server's resources.

💡Active Directory Users and Computers

Active Directory Users and Computers is a Microsoft Management Console snap-in that allows administrators to manage users, groups, and computers within an Active Directory environment. The script describes using this tool to assign permissions to a security group for a shared folder, illustrating how to control access at a user level.

💡File Explorer

File Explorer, also known as Windows Explorer, is a file manager for Windows that allows users to navigate the file system and perform operations on files and folders. The script mentions using File Explorer as an alternative method to create a share folder, providing a user-friendly approach for those familiar with Windows interfaces.

💡Computer Management Console

The Computer Management Console is a tool in Windows that provides a centralized location for managing the system's hardware, software, and security. The script refers to using this console to create a share folder, indicating another method available to system administrators for sharing resources.

Highlights

Introduction to creating a share folder in Windows Server 2019 for network accessibility.

Using Server Manager Console to create a new share folder.

Accessing File and Storage Services in Server Manager to manage shares.

Overview of existing share folders and the process to create a new one.

Selecting a share profile suitable for general file sharing or specific applications.

Choosing SMB Share Quick for file sharing simulation.

Selecting the server and custom path for the new shared folder.

Creating a new folder named 'HR data' on the domain controller.

Assigning share folder name and setting local and remote paths.

Enabling access-based enumeration to control visibility of files and folders.

Configuring permissions for the share folder.

Disabling inheritance and setting explicit permissions for HR department.

Assigning permissions to HR users for creating files and folders.

Confirmation of share folder creation and its accessibility.

Using File Explorer as an alternative method to create a shared folder.

Setting sharing permissions and NTFS permissions via File Explorer.

Demonstration of creating a 'public folder' with read-only sharing permissions.

Using Computer Management Console to create and manage share folders.

Customizing sharing and NTFS permissions in Computer Management Console.

Verification of shared folder accessibility from a client computer.

Conclusion summarizing the methods to create share folders on Windows Server 2019.

Transcripts

play00:00

her friends welcome to a mess up the pep

play00:02

cast in today's video I'm going to show

play00:05

you the different methods to create a

play00:08

share folder in Windows Server 2019

play00:11

sharing folders makes them accessible to

play00:14

your network users and by sharing

play00:17

folders user can access the data which

play00:19

is stored on server from that client

play00:22

computer which is part of your accurate

play00:24

to mean based on the permission which is

play00:28

assigned to your share folders so in the

play00:31

vast method we are going to use a saw

play00:33

manager console to create a new share

play00:36

folder for that you need to open your

play00:38

saw manager and on your soul manager on

play00:41

left hand side you will find file and

play00:44

storage services you need to click on

play00:47

that and then after you will see shares

play00:50

so you need to click on shares as well

play00:53

here you can see a list of share folders

play00:56

currently exist on your server as you

play01:00

can see we have two to share food is

play01:02

currently on our server which is matlock

play01:04

on an sis wall and it is created

play01:06

automatically when you promote your

play01:09

server as a domain controller to create

play01:12

a new share folder we need to click on

play01:14

tasks here we have options for new share

play01:17

so selected on this console as you can

play01:23

see we need to select a profile for this

play01:26

share here we have a total 5 share

play01:29

profile and the by default selected

play01:31

profile will be a zombie shared quick

play01:33

which is suitable for a general file

play01:36

sharing for example if you have a F SRM

play01:39

install on your server that time you can

play01:41

use a zombie share advanced or SMB share

play01:43

applications if you have NFS installed

play01:46

on your server that time you can use and

play01:48

FS share quick and NFS advanced for the

play01:52

simulation I'm going to select SMB share

play01:55

quick let's click on next here we need

play01:58

to select our server and in the previous

play02:01

video we have added our members over to

play02:03

this server manager console as well and

play02:05

that's why that server is also listed

play02:07

here now we want to create a shared

play02:09

folder on our domain controller that's

play02:11

why I'm going to select WS to k-19

play02:13

- this is 0-1 if you want to share your

play02:17

entire volume that time you can select

play02:19

select by volume and select the drive

play02:21

which you want to share but we want to

play02:25

share a folder that's why we need to

play02:27

select type a custom path then click on

play02:31

browse and on a domain controller

play02:34

I have only one Drive and which is my C

play02:37

Drive so let's select and to create a

play02:40

new folder or we need to click on new

play02:42

folder here I'm going to give name HR

play02:45

data

play02:48

okay last select the folder so our local

play02:51

path will be C colon slash at your data

play02:53

select the folder and click on next now

play02:57

what will be the name of the share

play03:00

folder as you can see as your data

play03:02

I selected by default you just need to

play03:04

take care of one thing that don't leave

play03:08

space in between the name in a share

play03:10

folder and that we don't have if you

play03:13

want to add description about the share

play03:15

food you can this is the local path to

play03:18

that share food and this is the remote

play03:20

path to access that share folder as we

play03:23

come next here we have options for an

play03:27

able access based enumeration which I

play03:30

want to enable enabling access based

play03:33

enumeration means preventing users from

play03:36

seeing files and folders they do not

play03:40

have permission to access to see that at

play03:43

least you need read or equivalent

play03:45

permission then allow caching of share

play03:49

is also selected that means offline

play03:52

users can access the content of this

play03:54

share folder as well I'm going to click

play03:57

on next and here we have a options to

play04:00

customize the permission as you can see

play04:03

by default share permission will be

play04:05

everyone full control so if we need to

play04:08

set up NTFS permission as well so I'm

play04:10

going to click on customize permissions

play04:12

to change the permission and the first

play04:14

thing which I'm going to do is disabling

play04:17

inheritance let's click on it select

play04:21

convert inherited permissions into

play04:23

explicit permission on the subject and

play04:25

now I want to remove both who uses entry

play04:31

ok so now we have a system admin status

play04:34

and created order we want to create the

play04:38

share folder for our HR department let

play04:42

me open Active Directory users and

play04:44

computers

play04:46

ok let's click on HR oh you here we have

play04:50

HR user 1 2 & 3 and all those three uses

play04:54

are a member of Asha users so we are

play04:57

going to use the security group to

play04:59

assign permission on that

play05:01

shareholders as minimize it minimizes

play05:05

this concern as well okay so let's click

play05:07

on add click on select a principal you

play05:11

can select user group or building

play05:14

security group as well I'm going to use

play05:18

Azure uses let's click on check name and

play05:20

fine let's click on OK now here we have

play05:23

a type of permission so we want to allow

play05:26

on these folders subfolders and files we

play05:30

want to click on show advanced

play05:32

permissions because we want to give them

play05:34

a permission to create a file and folder

play05:37

as well and this permission will be

play05:41

applicable for these folder only fine

play05:45

let's click on ok so now they are able

play05:48

to create files and folders under this

play05:52

folder and once they create any file at

play05:56

folder they will become creator-owner

play05:57

and created owner have full control on

play06:00

subfolders and file

play06:02

fine let's click on apply and ok and

play06:07

click on next this is the information

play06:10

whatever things we have selected that

play06:13

will be visible to us here let's click

play06:15

on create to create a shared folder done

play06:18

the share was successfully created let's

play06:21

click on close to close this console

play06:23

let's go back to our saw manager console

play06:25

and here we go here we have an azure

play06:28

data if you want to modify any settings

play06:30

related to this share food you can for

play06:33

that you need to select the folder right

play06:35

click on it and go for the properties as

play06:40

quicken permissions and here from this

play06:43

console you can manage your permission

play06:45

other settings will be available to you

play06:48

on this console as well that's going ok

play06:50

we want to also confirm that a user can

play06:54

say the share folder and use a muscle

play06:56

permission to create a folder under this

play06:59

a share folder so let's go back to our

play07:01

client computer on this computer I'm

play07:04

going to log in as the HR user 1 and

play07:10

the share food for that I'm going to use

play07:14

UNC path WS dokie 19 - this is 0-1 here

play07:22

we have a char data folder let's open it

play07:25

that means user have at least read

play07:27

permission as user can access that

play07:30

folder let me create a new folder here

play07:35

and on this folder is created by a che

play07:41

user 1 and if user can rename that

play07:43

folder

play07:44

that means user has a permission to

play07:46

delete that folder as well let's see the

play07:48

permission of this folder click on

play07:53

security and here as you can see as I

play07:57

use a 1 is listed there a sulukim

play07:59

advance and if we see the permission

play08:04

about a char user 1 you can see as I use

play08:06

the one is owner of this folder and that

play08:10

user has a full control on this folder

play08:12

as well fine so our permission is

play08:15

properly assigned to this share folder

play08:17

as well as the folder or which is

play08:19

created under the main a root shell

play08:22

folder fine

play08:24

now this is the first method in the

play08:26

second method that is the older one we

play08:28

can use of File Explorer and by using

play08:32

File Explorer we can create a share

play08:34

folder as well so let's open ctrio let

play08:37

me create one more food

play08:42

ask you name public folder so that food

play08:45

must be accessible by our uses let's

play08:48

select the folder right click on it and

play08:50

go to the properties here we have a

play08:53

sharing tab solace click on it we are

play08:57

not doing for this year we're doing for

play08:59

@one sharing

play09:00

let's click on it select share this

play09:04

folder and this will be the name of a

play09:06

folder that's quick on permission so if

play09:10

you want to assign any kind of

play09:11

permission you can assign it from here

play09:13

we're going with the everyone a read

play09:16

permission say general permission will

play09:17

be everyone full control and then you

play09:20

have to specify the NTFS permission to

play09:22

control the permission of that share

play09:25

folder

play09:25

fine let's click on OK apply ok and

play09:28

close only so we have at a sharing level

play09:32

we have a read-only permission last

play09:35

check on our client computer sorry

play09:40

let's look on OK and here we have

play09:44

public folder as well let's open it and

play09:46

let's try to create a new folder as you

play09:50

can see we don't have permission because

play09:52

at the sharing level we have given the

play09:53

permission to a read-only

play09:55

even if user has full control at NTFS

play09:59

live well

play10:00

still user is not able to create folder

play10:02

under this shared folder fine let's

play10:06

cancel it and thus close it let's go

play10:08

back to over to main controller we can

play10:10

also use computer management console to

play10:13

create share folder as well okay and

play10:19

here you need to right-click and select

play10:21

new share click on next browse the

play10:25

location let's expand Sidra let's make a

play10:30

new folder shared one will be the name

play10:35

let's click on ok next and here we have

play10:40

a certain settings about offline file as

play10:42

well that we are not going to change

play10:43

let's become next and here we have a

play10:47

permission to customize it so the

play10:49

similar console is there you can change

play10:51

the sharing permission and NTFS

play10:53

permission from here working with the

play10:55

default one that's to come finish let's

play10:59

go back to a client computer and let's

play11:00

see whether that folder is there or not

play11:02

and here we go we have a shared one we

play11:06

can also use a command not share to

play11:10

create a share folder but that we are

play11:12

not going to use because in that command

play11:14

to assign a permission is very

play11:16

complicated one so these are the way by

play11:19

using this methods you can create a

play11:21

share folder on your Windows Server 2000

play11:25

19 computer that concludes our video

play11:28

demonstration thank you all for watching

play11:31

this with you

Browse More Related Video

Your Old PC is Your New Server

How To Configure DNS on Windows Server 2019 | Joining Client In Server 2019

Install and Configure DHCP Server in Windows Server 2019 Step By Step Guide

Self Host 101 - Set up and Secure Your Own Server

Generate C# Model from existing Microsoft SQL Server Database

Discord 新手完全指南!全地球人都在瘋的社群平台,再不用 Discord 你就 Out 了!

Rate This

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
Windows ServerShare FoldersNetwork UsersFile SharingServer ManagementPermissionsNTFSSMB ShareDomain ControllerServer 2019