Folder Sharing 101

Hello,

Well, I hate to admit it  but I am a bit dyslexic when it comes to sharing folders. I've never really understood permissions and security. So, I need a simple tutorial or step by step explanation on how to do this. I would like to know how to do this the right way.

Here is a test scenario to work with. I have a folder called INSTALLS that I want to share with the name INSTALLS. Standard users have read only access. The INFORMATION SERVICES group has full control. Please list for me step by step how you would share this folder.

Thank you,

John

LVL 1
jhiebAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Guy Hengel [angelIII / a3]Billing EngineerCommented:
If the folder is on NTFS:
 Ensure the NTFS permissions are set like this:
   * Everyone (or better, Authenticated Users) : read
   * Information Services: full control

  Share the folder, and give everyone full control on the shareing.

The key is this:
  The effective permissions are the lowest from the sharing and the NTFS permissions.
MereteCommented:
does the group access a specified folder on the domain that is defaulted for sharing if so copy the INSTALLS. folder to that it should then be automatically shared. Your original folder will be intact and unshared.
VerifyMeCommented:
John, here is a step-by-step.

1. Select the folder you want to share.

2. Right-click the folder > select Sharing and Security...

3. In the Sharing tab select Share this folder and enter INSTALLS in Share name:

4. Depending on the version of the OS you may also have options for User limit, Permissions, and Caching. Unless you need to specific settings I'd recommend leaving it on the defaults. (I always recommend using NTFS permissions to control security whenever possible.)

5. Click Apply. Then select the Securities tab. This tab should be available unless you are using XP Home Edition or not using NTFS.

6. You should already have configured the groups you want to use. If you need help creating groups please let us know. Click Add and type in the names of your groups. (Example: Domain\INFORMATION_SERVICES or Computer\INFORMATION_SERVICES and Everyone.) You can Check names for verification or click on OK when you are finished.

7. The newly added groups should show in the list and you can now select and apply permissions to each of the groups as you wish. Click Apply and OK when you are completed.

8. Log into your new share from your networked computers by browsing in your My Network Places or by typing at the Run command \\ComputerName\INSTALLS

Let me know if anything is unclear. Happy networking.
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

jhiebAuthor Commented:
Yes, I have a domain and will give full access to the Information services group and read only access to everyone else.
jhiebAuthor Commented:
Hi VerifyMe,

Thank you for the steps. I followed them step by step but they didn't work. However, it's because I have a domain and am using NTFS. I added the the Group to the Permissions Button and then it worked. This is where I always get confused. I can usually get it to work but I don't really understand the difference and this is why I wanted to know how most IT people do it.

If I go to the Security Tab (after going through the above steps) there are a few default accounts that I really don't want to have access to such as EVERYONE. Isn't this a security risk?

I would still like some step by step instructions but remember that I am in a domain and the file system is NTFS. To make it more clear I'll give all users a group called CORPORATE and then the IT team will be INFORMATION SERVICES. I want CORPORATE to only READ the contents of the share and INFORMATION SERVICES should have full control. I suppose Administrators and Domain Administrators will have full control as well.

Thanks,
John
VerifyMeCommented:
Ah. This makes answering your question much easier. For your records and the benefit of others I'll repost the correct steps. I have the following criteria from you:

a. Network is using domain (assume name is DOMAIN) and NTFS.
b. Share folder will be called INSTALLS (assume that this is on a server)
c. Group CORPORATE will have read-only access
d. Group INFORMATION SERVICES will have full access

Here's the revised step-by-step:

1. Select the folder you want to share.

2. Right-click the folder > select Sharing and Security...

3. In the Sharing tab select Share this folder and enter INSTALLS in Share name:

4. Set User limit: to maximum unless you have a reason for specifying. One reason may be to limit the number of people accessing a single resource such as an Outlook .PST file which should only be accessed by one person at a time or if you want to moderate the load on the server.

5. Click on Permissions. By default this should have Everyone in the list of Group or user names:. If it doesn't, you can add it by clicking the Add button. Set Everyone to Full Control. (We will be using the NTFS permissions to control security and access and want the folder permissions to be transparent.) If there are other groups or users listed, you can ignore them or delete them. Apply and OK.

6. Clink on Caching. If you are using offline folders on your network you can leave it checked. (I personally recommend you uncheck this option unless you understand how this works. It can cause a lot of complications when used improperly and without a full understanding by your end-users. For an installation directory this is unnecessary) Click OK.

7. Click Apply. Then select the Securities tab. (This tab should be available unless you are using XP Home Edition or not using NTFS.)

8. You should already have configured the groups you want to use. Click Add. In the Select Users or Groups dialog box you'll see From this location: and the entry should be either your domain or the server you are on. Type in the name of the group you want to add.

9a. Type DOMAIN\CORPORATE and click OK. (If the computer is properly registered in the domain and the accounts are in place this should work else you'll get a Name Not Found dialog box and an option to search for the correct name.)

9b. Back at the Security tab. Select CORPORATE and set the appropriate permissions. For most Read-only applications you want to use Read, List Folder Contents, and Read & Execute. Checking Read & Execute will automatically select the others for read-only.

10a. Click Add. Type DOMAIN\INFORMATION SERVICES and click OK.

10b. Back at the Security tab. Select INFORMATION SERVICES and set the appropriate permissions. Checking Full Access will automatically select all the other permissions.

11. Remove any other groups or users that do not need explicit access to the folder. Domain Admins and Administrator can be removed from this list but they those accounts will always have the ability to take ownership and regain access. Everyone should be removed unless it is a public folder. Apply and OK.

12. Log into your new share from your networked computers by browsing in your My Network Places or by typing at the Run command \\ComputerName\INSTALLS.

Hope this revision sheds some light on your questions.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jhiebAuthor Commented:
Marvelous. Simply marvelous! Thank you for taking the time to go through this for me. I appreciate it.
VerifyMeCommented:
Glad it worked out. Thanks or the grade.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.