Windows Folder Share: 101 (Part 1)

The following documentation covers the basic secure methods for sharing data on a network. Utilizing Windows Folder Sharing capabilities in a Active Directory environment, we will cover the following: Creating a Folder, Sharing a Folder, Modifying the Permissions of the Share, and Modifying the Permissions of the Folder.

1 | Creating the Folder

Creating a new folder is one of the most basic functionalities a user of a Windows system should know how to do. It is the best way to categorize and organize your personal or work files on your system.

  • On your computer, open the drive or volume you would like to create the folder on, this is also the drive. I do not recommend that you use the C:\ Drive, for security reasons, and the plain old fact that typically your Operating System (OS) is installed there. Use a completely separate hard drive (physical or iSCSI attached LUN).
  • Versions of Windows may vary slightly, since Windows 10 is the standard Operating System as of writing this, we will use that as a guide, other versions will be similar.
  1. On the “Home” tab, find the “New folder” icon and click on it.
  2. Name your new folder something you’ll remember; this name doesn’t necessarily matter; however I recommend you keep it simple, and adhere to Windows restrictions on folder naming, it will tell you if you cannot use certain characters.

2 | Targeted Sharing

  1. Right click on the folder you want to share and go to the properties (bottom of the menu)
  2. Click on the Sharing tab
  3. Click on the Advanced sharing… button
  4. Check the “Share this folder” checkbox (you’ll notice the options become available)
  5. On the share name, you can leave it default (it uses your folder’s name) unless you intend to make it a hidden share (more on those later), in which you would simply add a “$” to the end of it.
  6. Add any comments you want to the share, this is helpful when managing multiple shares on a system.
  7. Click on the Permissions button below the comments text area
  8. You will want to highlight the Everyone group object listed and click the “Full Control” allow check box. ( NOTE: This grants the base file system permissions users will need to interact with the shared folder period. We will lock down the permissions by Windows Users and Groups / Active Directory Users and Groups )
  9. Click OK on the Permissions dialog window
  10. Click OK on the Sharing dialog window
  11. Click on the Security tab
  12. Click on the Advanced button towards the bottom or the dialog window
  13. Click on Add towards the bottom of the “Advanced Security Settings for <Folder>” dialog window
  14. In the “Select User or Group” dialog that appeared, enter the name of the security group here and click on Check Names to validate it ( NOTE: It is best practice to use security groups where possible, this is to avoid having a user SID with no associated account on the share if a user leaves, or an account is deleted. )
  15. Click on OK
  16. Under the “Basic Permissions” section, give the newly added security group any set of permissions necessary. I’ll cover permissions in another post.
  17. Click on Apply
  18. Validate your share is working by visiting it via the UNC/SMB path: \\<System Name>\<Folder Name>\ or smb://<System Name>/<Folder Name>
  19. If it worked, close the remaining dialog windows.

Leave a Reply

Your email address will not be published. Required fields are marked *