11.4 Sharing Folders
You can share folders with either 1) Simple sharing permission 2) Advanced sharing permission
*1) Simple sharing permission:* N/A *2) Advanced sharing permission:* Full Control *Allowed Actions:* -All Read and Change actions -Configure share permissions
You can share folders with either 1) Simple sharing permission 2) Advanced sharing permission
*1) Simple sharing permission:* Read/Write *2) Advanced sharing permission:* Change *Allowed Actions:* -All Read actions (browse, open files, copy files from the folder, run programs) -Write to files and change file attributes -Create new files and subfolders -Copy files to the shared folder -Delete files or subfolders
You can share folders with either 1) Simple sharing permission 2) Advanced sharing permission
*1) Simple/Advanced sharing permission:* Read *Allowed Actions:* -Browse the shared folder and its files -Open files in the shared folder and its subfolders -Copy files from the shared folder -Run programs
Adding a dollar sign ($) to the end of a share name creates an administrative share.
-Administrative shares are not visible when browsing the network. You must use the UNC path to connect to an administrative share. -By default, Windows automatically creates an administrative share for every volume, with the share name being the volume letter plus the dollar sign (such as C$). -Default administrative shares can only be accessed by a member of the Administrators group. Configure share permissions to control access to administrative shares you create yourself. -Your computer must be turned on (and be awake) before users can access the shared folder. -The network acts as a built-in network browser showing all networks and shared folders to which the user has access. This same information can be viewed in This PC and File Explorer.
Shared Folder Facts
-Both Allow and Deny permissions are used for advanced sharing, with Deny always overriding any Allow permissions. -Shared folder permissions are only set on the shared folder (at the folder level). Permissions granted to the folder apply to all files, subfolders, and files in subfolders within the shared folder. This is called *inheritance.* Inherited permissions are those permissions that are propagated to an object from a parent object. -Access to shared folders is controlled not only by the shared folder permissions but also by any NTFS permissions. Effective permissions to shared folders are the more restrictive of either share or NTFS permissions. -If a user is allowed to share access, but no NTFS permissions are set for the user or a group to which the user belongs, no access will be allowed. -Conversely, if a user has Full Control NTFS permissions but no share permissions, network access will not be allowed. *A common strategy for combining NTFS permissions is to:* -Assign Co-owner share permissions to Everyone. -Use NTFS permissions to control access. Use the principle of least privilege and add only necessary groups to NTFS permissions and assign only the necessary permissions. -Shared folder permissions apply only to users connected to the share through the network; NTFS permissions apply to both local and network access. For example, denying access using shared folder permissions will have no effect on the user's ability to access files when the user logs on locally. In that case, only the NTFS permissions will control access. -Shared folder permissions work on both FAT and NTFS permissions.
Be aware of the following when sharing files:
-You must explicitly enable file sharing before network users can access shared folders. When you share a folder for the first time, you are asked whether you want to enable file sharing. -To switch between simple and advanced sharing use the Advanced Sharing... button. *Use the following tools to manually share a folder:* -Shared Folder snap-in in Computer Management -Edit the properties for the folder in Windows Explorer -Use the Network and Sharing Center to enable Public folder sharing or media sharing -When you share a folder, you give it a name. The share name is not the same as the folder name, although they can be the same. *To access a shared folder on the network:* -Use the UNC path to the shared folder with the following syntax: *\\computername\sharename.* -Use the Network feature to browse the network for the computer and view any shared folders on that computer. -Use the *net use* command to map a drive letter to the shared folder. *net use* by itself lists the current connected shared folders and drive letters. *net use F: \\Wrk1\shared2* maps drive letter F: to a specific shared folder. *net use * \\Wrk1\shared2* maps the next available drive letter to the shared folder. -The */persistent:yes* switch reconnects the connection at each subsequent logon; */persistent: tono* makes the mapping temporary. *net use /?* or *net use?* lists the valid parameters for the net use command.
Shared folders
A set of files that are made available over the network to other users. Users can access the files through a network connection instead of having to log on locally to the computer. *You can share files in the following general ways:* -Manually share a folder -Share the Public folder on the network. You can choose to allow all users to read documents, or to read and modify documents in the Public folder. -If the Public folder is not shared, locally logged on users will still have access to the Public folder. *Share your own media files. When you choose to share your media files:* -Network users are given read access to the -Pictures, Music, and Videos folders in your user profile. -Media is streamed to the other computers, but files cannot be copied. -You can customize which computers have access, as well as the file types which you want to share.