Permission to share folder

I have created a privileged user on a Windows 2008 R2 (DC).
I don't want him to be a member of "Server operators", but I want to allow him to create file shares on the server. By default this is not allowed.
Does anyone know how to do this?
In registry I have tried to give him full permission to ./lanmanserver, but it doesn't work,

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lionel MMSmall Business IT ConsultantCommented:
This is not a perfect solution but it will work--you can make him a member of the server operators but limit him to logon to only one server in his user setup in Domain Users and Computers.
MJOMJOAuthor Commented:
Unfortunately, this is not a solution.
I wonder why this is so difficult?
SandeshdubeySenior Server EngineerCommented:
This cannot be performed with adding the user to admin group.You can do one think over here create share folder and assign the ownership of folder  to user and assign full control to user on root share folder.Now user can create sub folders in share and assign security permission but s/he cannot share the folder.

Also it is not recommend to have file server role on DC it should be on member server.
I wonder why this is so difficult?
It's not. It's just that your requirements are very specific and may not be something that was considered worthwhile providing a function.

As the permissions for messing wit the filesystem (shares/file security etc) is quite critical to the running of the server, it is assumed that a person with access to mess with shares/security would also be allowed some authority over the server itself.

In general, a server hosting shares wouldn't also be a DC, so you could provide 'server operators' permission without exposing the entire network.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MJOMJOAuthor Commented:
I know, running file shares on a DC is not best way to do it, but this is in Vest Africa and the resources are limited.
Anyway, I got an explanation and I'll see if it's possible to install an extra server (DC).
Thanks to everybody.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.