Setup Shared Folder in Windows Server 2012

Setup Shared Folder in Windows Server 2012

Microsoft have made lot of improvements in Server 2012. One of the major changes is Server Manager. Server Manager is now linked with almost all the server roles. Server Manager allows you to easily setup shared folder in Windows Server 2012. File Server role must be installed prior to be able to share files and folder on the network. Shared folders on the network allows many users to access the files and folders. Remember, folders can be shared but individual files cannot. In Server 2012, the File Server role is installed by default allowing users to share files and folders. The File Server sub-role is found under File and Storage Services server role in server role installation wizard. File Server in Server 2012 uses SMB 3.0 protocol.

Setup Shared Folder in Windows Server 2012

There are different ways to share a folder in Server 2012. Most efficient way is to use the Server Manager. Here, I will configure some shared folder from domain controller named MBG-DC1. So, let’s setup some shared folders. To do so, open Server Manager. Click File and Storage Services on the left pane. Then click Shares from the list. You will see the list of shared folders on this server. As you can see below there are two folders, netlogon and sysvol shared by default. This is because the server is AD DC.

Setup Shared Folder in Windows Server 2012

We have a scenario. We want to share a folder named Marketing to Marketing users group. We want only the marketing users to view and execute the contents of the folder. We already have Marketing users group set up and assigned users into the group. So, let’s create the shared folder. To create a new shared folder, click Tasks and click New share in Server Manager console.

New Share

New share wizard pops up. There are number of share profiles by default. You can choose any of these share profiles as seen below. I will choose SMB Share – Quick and click Next.

Quick

Now you are asked to provide the share location of the folder that you want to share. I will choose custom location as C:\Marketing. Then click Next.

Share Location

Type the share name and description of the shared folder. Then click Next. Click OK to create the new directory on path doesn’t exist warning.

Setup Shared Folder in Windows Server 2012

Now configure other settings. Here, I will check to enable access-based enumeration. This option makes the folder visible for users that have permission to access the folder otherwise the folder will be hidden. Allow caching of share option makes the folder to be accessed even when the user is offline. Click Next.

Other Settings

Here, configure the folder permission. The shared folder have shared folder permission and NTFS permission. These both permission work together to allow/deny users to access the shared folder. Microsoft recommends to allow full control for share permission and use NTFS permission to restrict and configure folder access. As you can see below, Share permissions: Everyone Full Control. The permission shown here, is the inherited NTFS permission from drive NTFS permission. To change the permission, click Customize permission.

Setup Shared Folder in Windows Server 2012

Click disable inheritance. Then select convert inherited permission into explicit permissions on this object.

Inheritance

You can see the changes below. Remove both User groups from the permission. This Users group contains all the users of the domain. We don’t want all the users of the domain to access this shared folder so remove it. Click Add to add the marketing group. Click Select a principaland add Marketing group. Select the basic permissions and click OK.

Marketing Permission

Now the overall permission for the Marketing folder looks like this. Users of marketing group can only read the files of Marketing folder.

Review Permission

Now let’s come back to the wizard. Click Next.

Permissions

Review the settings and click Create.

Share Folder Confirmation

The shared folder is now created. You can view the shared folder in Server Manager console.

View Share in Server Manager

In this way you can configure shared folder using Server Manager. Remember, NTFS permissions and shared folder permissions are different. If NTFS permission and shared folder permission are conflicting, then the most restrictive permission is applied. For example, if you configure NTFS permission to Full Control and shared permission to Read on a folder then the permission applied will be Read only. Best practice to manage permissions for shared folder is, configure full control permission for everyone and restrict the folder access using NTFS permission.

Clients can now access the shared folder by typing the UNC (Universal Naming Convention) path of the shared folder in windows explorer. In our case, the UNC path is, \\MBG-DC1\Marketing.

Accessing Shared Folder

In this way you can access the shared folder contents.