With standard folder sharing, two levels of permissions are used: share permissions and NTFS permissions. Share permissions define the maximum level of access, and no one can ever have more permissions than those granted by the share. NTFS permissions set on files and folders further restrict the permitted actions. Table 11-3 lists the share permissions you can assign.
Table 11-3. Share permissions Permission How it's used
Owner Grants full access to the shared file or folder. People with this permission can read files, change files, change file and folder permissions, and take ownership of files and folders.
Read/Write Grants permission to read files, create files and subfolders, modify files, change attributes on files and subfolders, and delete files and subfolders.
Read Grants permission to view file and subfolder names, read files and file attributes, access the subfolders of the share, and run program files.
As with NTFS permissions, you can assign share permissions to both users and groups. If you've granted share permissions to a group and a user is a member of that group, the user also has those permissions. If a user is a member of multiple groups, the user's effective share permissions are the highest level assigned. For example, if someone is a member of both Group A, to which you've assigned Reader permission, and Group B, to which you've assigned Owner permission, this person's effective permissions are those of Owner.
You can override this behavior by specifically denying an access permission. Denying permission takes precedence and overrides permissions that you've granted to groups. If you don't want a user or a group to have a permission, configure the share permissions so that the user or the group is denied that permission. For example, if you don't want the user to have Owner permission, deny this permission to the user's account.
When you create the first standard folder share on a computer, Windows creates the File and Printer Sharing exception in Windows Firewall to allow other computers on the network to access the share. This inbound exception is configured for Server Message Block (SMB).
Windows Explorer supports basic sharing and advanced sharing. With basic sharing, you can share any folder except for the root folder of a drive. With advanced sharing, you can share the root folder of a drive and any other folder. Keep the following in mind:
• When you create a share outside of your profile, users access the share by using the UNC path to the share. For example, if you share the C:\My Data folder as Data on EngPC26, other people can access the folder using the UNC path \\EngPC26\Data.
• When you share a folder within your profile, other people access the share by using a path that is relative to the Users folder on your computer. This occurs because Windows configures sharing in relation to where the folder is located in the Users folder. For example, if my login name is WilliamS and I share my Documents folder on EngPC18, the UNC path to the share is \EngPC18\Users\WiUiamS \Documents.
To use basic sharing, right-click the folder you want to share in Windows Explorer, click Share With and then do one of the following:
• Select Nobody to turn off sharing.
• Select Homegroup (Read) to create a read-only shared folder for computers in the homegroup.
• Select Homegroup (Read/Write) to create a read-write shared folder for computers in the homegroup.
• Select Specific People to explicitly specify who should be able to access the shared folder.
When you select Specific People, Windows Explorer opens the File Sharing Wizard, shown in Figure 11-15.
Choose people to share with
Type a name and then click Add. or ciick the arrow to find someone,
['m having trouble sharing
['m having trouble sharing
Figure 11-15. Sharing folders with specific people.
Use the wizard to specify the users and groups that have access to the share by completing the following steps.
1. Type a name, and then Click Add, or click the selection arrow to find someone. In homegroups, you'll be able to select Homegroup to share the folder within the homegroup. In workgroups, computers will always show only local accounts and groups. In domains, you'll see local users and groups and also be able to find users in domains.
2. When you click Add, the selected users and groups are added to the Name list. You can then configure permissions for each user and group by clicking an account name to display the Permission Level options and then choosing the appropriate
permission level. The options for permission levels are Read, Read/Write, and Remove. You can't assign ownership when working with file shares.
3. Click Share to create the share. After Windows creates the share, write down the share name or click the "copy" link to copy the link so you can paste into another program (see Figure 11-16). Click Done.
You can use advanced sharing by following these steps:
1. In Windows Explorer, right-click the folder you want to share and then select Properties. This opens the folder's Properties dialog box.
2. On the Sharing tab, click Advanced Sharing. In the Advanced Sharing dialog box, shown in Figure 11-17, select "Share this folder."
3. Windows sets the share name to the folder name by default. You can change the name if you want to.
4. Click Permissions. Use the "Permissions For..." dialog box to configure access permissions for the share. The options for permission levels are Full Control (which is the equivalent of Owner), Change (which is the equivalent of Read/Write) and Read. Click OK.
5. Click Caching. Use the Offline Settings dialog box to specify whether and how data is cached for offline use. Click OK.
6. On the Sharing tab, you'll see the network path to the share. Write down the share path. Click Close.
Figure 11-17. Configuring advanced file sharing
To stop sharing a folder, right-click a folder that is shared, point to Share With and then select Nobody.
Was this article helpful?