The following documentation covers the basic secure methods for sharing data on a network. Utilizing Windows Folder Sharing capabilities in a Active Directory environment, we will cover the following: Creating a Folder, Sharing a Folder, Modifying the Permissions of the Share, and Modifying the Permissions of the Folder.
1 | Creating the Folder
Creating a new folder is one of the most basic functionalities a user of a Windows system should know how to do. It is the best way to categorize and organize your personal or work files on your system.
- On your computer, open the drive or volume you would like to create the folder on, this is also the drive. I do not recommend that you use the C:\ Drive, for security reasons, and the plain old fact that typically your Operating System (OS) is installed there. Use a completely separate hard drive (physical or iSCSI attached LUN).
- Versions of Windows may vary slightly, since Windows 10 is the standard Operating System as of writing this, we will use that as a guide, other versions will be similar.
- On the “Home” tab, find the “New folder” icon and click on it.
- Name your new folder something you’ll remember; this name doesn’t necessarily matter; however I recommend you keep it simple, and adhere to Windows restrictions on folder naming, it will tell you if you cannot use certain characters.
2 | Targeted Sharing
- Right click on the folder you want to share and go to the properties (bottom of the menu)
- Click on the Sharing tab
- Click on the Advanced sharing… button
- Check the “Share this folder” checkbox (you’ll notice the options become available)
- On the share name, you can leave it default (it uses your folder’s name) unless you intend to make it a hidden share (more on those later), in which you would simply add a “$” to the end of it.
- Add any comments you want to the share, this is helpful when managing multiple shares on a system.
- Click on the Permissions button below the comments text area
- You will want to highlight the Everyone group object listed and click the “Full Control” allow check box. ( NOTE: This grants the base file system permissions users will need to interact with the shared folder period. We will lock down the permissions by Windows Users and Groups / Active Directory Users and Groups )
- Click OK on the Permissions dialog window
- Click OK on the Sharing dialog window
- Click on the Security tab
- Click on the Advanced button towards the bottom or the dialog window
- Click on Add towards the bottom of the “Advanced Security Settings for <Folder>” dialog window
- In the “Select User or Group” dialog that appeared, enter the name of the security group here and click on Check Names to validate it ( NOTE: It is best practice to use security groups where possible, this is to avoid having a user SID with no associated account on the share if a user leaves, or an account is deleted. )
- Click on OK
- Under the “Basic Permissions” section, give the newly added security group any set of permissions necessary. I’ll cover permissions in another post.
- Click on Apply
- Validate your share is working by visiting it via the UNC/SMB path: \\<System Name>\<Folder Name>\ or smb://<System Name>/<Folder Name>
- If it worked, close the remaining dialog windows.