Configure folder shares
When you share a folder, other users can connect to the shared folder and its contents across the network. Shared folders available on the network are no different from normal folders, and they can contain applications, corporate data, or private data. Be careful when creating a network share, to ensure that you do not accidentally provide access to a user or group of users who should not have access. By default, everyone on the network is given read access to the share, although you can change this setting.
Normally, a shared folder is located on a file server, but in a small network environment, the sharing can be located on a Windows 10-based computer or network- attached storage (NAS) device. When choosing the device or server, the resources should be available whenever the users need them and, often, this means the server is always on.
By providing a central location for shared folders to reside on, you enable the following features.
- Simplification of management
- User familiarity
- Ease in backing up data
- Consistent location and availability
When a user tries to use resources accessed on a shared folder, the access permissions are determined by taking into consideration both the share permission and the NTFS security permissions. The most restrictive set of permissions prevail to the user.
Ensure that you do not create shared folders where the share permissions (SMB) become the primary access security mechanism. They are more restrictive than the NTFS permissions because users gaining access to the resource locally or by logging on through Remote Desktop would completely bypass SMB permissions. It is therefore essential for NTFS permissions to be configured independently to protect the resource. Create a share To allow access to a locally stored folder across a network, first share the folder. Files contained in folders are also shared, but files cannot be specifically shared independently, except from within a user profile.
There are a number of ways you can create a share, for example:
- Shared Folders snap-in
- File Explorer
- Command prompt
- Windows PowerShell cmdlets
Create a share by using the Shared Folders snap-In
You can create and manage file shares centrally on your computer by using the Shared Folders snap-in, which can be loaded into an empty Microsoft Management Console (MMC), or the snap-in found in Computer Management.
When you create a new share in the Shared Folders snap-in, the Create A Shared Folder Wizard appears and guides you through specifying the folder path, share name, description, and other settings.
By default, the share name will be the same as the folder name, and permissions for the share are set at read-only access for the Everyone group, but you can choose other options or full customization by completing the underlying Share Permissions discretionary access control list (DACL) page.
The Shared Folders snap-in enables you to view existing shares and modify their properties, including settings such as offline file status, share permissions, and even the NTFS security permissions.
Tip:
To launch the Create A Shared Folder Wizard directly from a command prompt, use Shrpubw.exe.
Sharing folders by using File Explorer
There are three methods of sharing a folder in File Explorer.
- Use the Share With option, found on the Share tab on the ribbon bar (also called Network File And Folder Sharing).
- Select Advanced Security from the Share tab on the ribbon bar.
- Use the Sharing tab in the Properties dialog box.
All the methods present you with slightly different GUIs and wizards from which to choose the sharing options. Although they all result in sharing folders that can be accessed across the network, the main difference between each method is the speed and simplicity that some offer the novice.
In practice, most home users and small businesses prefer to use the sharing wizards found on the ribbon bar, but more experienced users seek the advanced level of control that can be gained through the Sharing tab in the Properties dialog box.
Tip: Review the three options for configuring shares and pay attention to the limitations of the wizard-based methods. The wizards configure the file system permissions automatically, based on the limited choices they present.
Sharing from the command prompt
The command prompt enables you to share a folder by using the net share command. To create a simple share, you would use the following example.
net share MyShareName=c:\Temp\Data /remark:"Temp Workarea"
This command shares the c:\Temp\Data folder with the share name MyShareName and includes a description of Temp Workarea.
You must have administrative privileges to create a shared folder by using Net Share.
Review the additional command-line options that you can use with Net Share, as shown in Table.
Option Description /Grant:user Enables you to specify Read, Change, or Full permission Share permissions for the specified user /Users:number Enables you to limit the number of users who can connect to the share concurrently (default and maximum for Windows 10 is 20 users) Remark:"text" Enables you to add a description to the share /Cache:option Enables you to specify the offline files coaching options for the share sharename/Delete Enables you to remove an existing share
Note: Sharing Caution
The Net Share command will not create a folder and share it. You can only share folders that already exist on the computer.
Sharing by using Windows PowerShell
If you need to script the creation of shares, Windows PowerShell is the most appropriate choice and provides several cmdlets that enable you to manage shares in Windows 10. Windows PowerShell offers more in both scope and functionality than Net Share and will continue to expand in the future.
An example command for creating a share is:
New-SmbShare -Name MyShareName -Path c:\Temp\Data
Other Windows PowerShell cmdlets used in the administration of shares are shown in Table.
Cmdlet Description Get-SmbShare Lists the existing shares on the computer. Get-SmbShareAccess Lists the access control list of the SMB share. New-SmbShare Creates a new SMB share. Set-SmbShare Modifies the properties for an existing share Remove-SmbShare Deletes an existing share Grant-SmbShareAccess Sets the share permissions on an existing share Get-SmbShareAccess Lists the current share permissions for a share
Note: Multiple Shares:
Sometimes you might want to provide different groups access to the same shared resources. You can share the same folder multiple times and use a different share name and share permission settings for each instance. Each group should only be able to access the share that they have permission for.
Shared folders permissions
Permissions that are set on the share determine the level of access a user has to the files in the share. They can be set on FAT or later file systems. When you use the NTFS file system, be careful not to restrict access at the share level, because this might affect the effective permissions. You can configure the permissions when you share a folder and set a level that the user or group will have when they connect to the folder through the share across the network.
Sharing permissions have three options.
- Read: Users and groups can view the files, but they cannot modify or delete them.
- Change: Users and groups can open, modify, delete, and create content, but they cannot modify file or folder permissions; the Change permission incorporates all Read permissions.
- Full: Users and groups can perform all actions, including modifying the permissions; the Full permission incorporates all Change permissions.
Unlike in earlier versions of Windows, there is no longer a visual icon or indicator in File Explorer to distinguish whether a folder is shared. All shared folders on your device appear in the Shared Folders node of the Computer Management console. You can also view the shared folders that exist on your device by using the Get-SmbShare Windows PowerShell cmdlet or typing net view \\localhost /all at the command prompt.
After a user has found the share in File Explorer, they can access the files directly. Another common way that users can connect to a shared folder over the network is by using the shares Universal Naming Convention (UNC) address. UNC addresses contain two backward slashes (\\) followed by the name of the computer that is sharing the folder and the shared folder name; for example, the UNC name for the Marketing shared folder on the LON-DC1 computer in the Newways.com domain would be:
\\LON-CL1.Newways.com\Marketing
Configure public folders
Windows 10 continues to provide support for public folder sharing, which can offer a simplified way to make files that you copy into a public folder immediately available to other users on your computer or network.
Public folder sharing is not enabled by default in Windows 10, but when it is turned on, anyone with a user account on your computer, or any Windows device on your network, can access the contents of the public folders, and the default permissions for public folders enable members of the Everyone group to read, write, change, and delete any public files.
By default, Windows 10 provides the following public folders.
- Public Documents
- Public Downloads
- Public Music
- Public Pictures
- Public Videos
To share something publicly with your friends or colleagues, copy or move it into one of the public folders. You can navigate to these folders directly in File Explorer from the %systemdrive%\Users\Public folder.
To turn on the Public folder-sharing feature, follow these steps.
- Open Network And Sharing Center.
- Click Change Advanced Sharing Settings.
- Expand the All Networks profile section.
- In the Public Folder Sharing section, select Turn On Sharing So Anyone With Network Access Can Read And Write Files In The Public Folders.
- Click Save Changes.
- Accept the UAC if prompted.
To turn off public folder sharing, select Turn Off Public Folder Sharing in the Network And Sharing Center.
Public folder sharing does not allow you to fine-tune sharing permissions, but it does provide a simple and user-friendly way for users to make their files available to others.
When you enable public folder sharing, the Everyone system group is granted full control permissions for the share and underlying folder permissions.