An Overview of Shared Folders and Shared-Folder Permissions

Shared folder permissions are used to restrict access to a folder or file that is shared over the network. Folder sharing is normally used to grant remote users access to file and folders over the network. Web sharing is used to grant remote users access to files from the Web if Internet Information Services (IIS) is installed.

Members of the Administrators or Power Users group can share folders on a Windows member server. You have to be a member of the Administrators or Server Operators group to share folders on a domain controller of a domain. Users that have the Create Permanent Shared Objects user right are able to share folders as well. To share folders on NTFS volumes, you have to minimally have the Read permission.
When folders are shared, it is important to keep in mind that you can share folders only, and not files. For users that are locally logged on to a computer, shared folder permissions are irrelevant. Shared folders that are moved are no longer shared. When shared folders are copied, the copy is not shared. The original shared folder however remains shared.

A few disadvantages associated with share permissions are listed below:

• Shared folder permissions do not have as many permission options as NTFS permissions. The only shared folder permissions that can be assigned to users/groups are Read, Change, or Full Control.
  
• Share permissions are not inheritable.
  
• You cannot back up or audit shared folder permissions.
  
• If you move or even rename a shared folder, the shared folder permissions for that particular folder no longer exist.
  

Because of these disadvantages, shared folder permissions are typically utilized on drive volumes that are FAT or FAT32 volumes.
You can use Windows Explorer to share only local folders. If you want to share local folders and remote folders, you would have to use Computer Management. You can use the File Server Management MMC snap-in to manage shared folders.

The shared folder options that can be set when sharing a folder are listed below:

• Do Not Share This Folder: The folder can only be accessed locally.
  
• Share This Folder: The folder can be accessed locally and over the network.
  
• Share Name: The name users would see and utilize to access the folder.
  
• Description: Additional information on the shared folder.
  
• User Limit: The maximum number of connections that are concurrently permitted to the shared folder.
  
• Permissions: The manner in which users are allowed to access the folder.
  
• Offline Settings: The manner in which folders are cached at times when the folder is offline.
  

Shared folders basically enable users to access folders over the network. Shared folder permissions are used to specify those users that are allowed to access or connect to a shared folder over the network. Unlike NTFS permissions, shared folder permissions do not utilize access control lists (ACLs) to limit access to resources, and cannot be assigned to both folders and files. Shared folder permissions can only be specified for folders but can be specified for folders stored on volumes formatted with a file system other than NTFS.

The shared folder permissions that can be configured are summarised below:

• Read: The Read permission allows users to view folder and file names, and file data and the attributes of files. Users are also able to access the shared folder's subfolders, and run program files and scripts.
  
• Change: that are granted the Change permission can perform all of the functions granted by the Read permissions as well as create and delete files and subfolders. Users are also able to change file attributes, change the data in files, and append data to files.
  
• Full Control: Users that are granted the Full Control permission can perform all the tasks enabled by the Change permissions as well as take ownership of files, and change file permissions.
  

How to share a folder

Before you can set shared folder permissions, you have to share the particular folder over the network, that is, you have to create shared folders.

Use the steps below to share a folder using Windows Explorer:

• Right-click the folder that you want to share over the network and select Properties from the shortcut menu.
  
• When the Properties dialog box of the folder opens, click the Sharing tab.
  
• The Sharing tab is where you either enable or disable the share for the folder.
  
• Click the Share this folder option to create a shared folder.
  
• In the Share name box, enter a name for the share. This is the name that users will see or use to access the shared folder.
  
• In the Description box, enter a description for the shared folder or any other additional information.
  
• In the User limit section, the default setting is Maximum allowed. What this means is that the user limit is determined by the number of client access licenses available.
  
• You can alternatively click the Allow this number of users option, and then specify the user limit.
  
• Click OK.
  

Use the steps below to share a folder using Computer Management:

1. In Computer Management, right-click Computer Management in the console tree and click Connect to Another Computer from the shortcut menu.
   
2. Select the computer using the Select Computer dialog box.
   
3. Expand System Tools, Shared Folders and choose Shares in the console tree.
   
4. All existing shares are displayed.
   
5. Right-click Shares and click New Share from the shortcut menu.
   
6. The Share A Folder Wizard launches now.
   
7. Click Next on the initial screen of the wizard.
   
8. In the Folder Path box, enter the folder path that should be shared.
   
9. You can alternatively click Browse to locate the folder that should be shared. Use the Browse For Folder dialog box for this. Click Next.
   
10. In the Share Name box, enter a unique name for the share.
    
11. In the Share Description box, enter a description for the shared folder.
    
12. Click Change if you want to configure Offline Files settings or options. The default setting is that files which users define for offline use is available offline.
    
13. You can now set basic share permissions for the shared folder.
    
14. Click Finish.
    

How to publish shares in Active Directory using the File Server Management console to make it simpler for users to easily find shared folders in large networks, you should consider publishing the shared folder in Active Directory:

1. Open the File Server Management console.
   
2. Click Shares, right-click the shared folder that you want work with, and select Properties from the shortcut menu.
   
3. Click the Publish tab.
   
4. Enable the Publish This Share In Active Directory checkbox to publish the shared folder in Active Directory.
   
5. Enter a description for the share in the Description box.
   
6. In the Owner box, insert the e-mail address of the owner of the share.
   
7. Click OK.
   

How to view existing shared folder permissions using Computer Management

Use the steps below to view existing shared folder permissions:

1. Navigate to Computer Management.
   
2. Proceed to connect to the particular computer where the shared folder resides on.
   
3. Right-click the share, and choose Properties from the shortcut menu.
   
4. When the Properties dialog box opens, click the Share Permissions tab.
   
5. You can now view the users which can access the share. You can also view the type of access granted to users.
   

How to configure shared folder permissions via Windows Explorer

1. Open Windows Explorer.
   
2. Right-click the folder that you want to set shared folder permissions for and choose Properties from the shortcut menu.
   
3. When the Properties dialog box of the folder opens, click the Sharing tab.
   
4. In the Sharing tab, click the Permissions button.
   
5. When the Permissions for dialog box opens, click Add.
   
6. The Select Users,​ Computers, or Groups dialog box opens next.
   
7. Click Object Types, and check the Users checkbox. Click OK.
   
8. Enter the name of the user/group in the Enter the object names to select section. Click OK.
   
9. In the Group or user names box of the Permissions for dialog box, select the user/group.
   
10. Next, either Allow or Deny the shared folder permissions.
    
11. Click OK.
    

How to set shared folder permissions via Computer Management

1. In Computer Management, right-click the shared folder you want to configure permissions for and select Properties from the shortcut menu.
   
2. Click the Share Permissions tab.
   
3. Click Add.
   
4. When the Select Users, Computers, Or Groups dialog box opens, enter the name of the user/group you want to set shared folder permissions for. Click Check Names.
   
5. Click OK to add the user(s)/group(s) to the Name list box.
   
6. You can now proceed to set shared folder permissions for the user/group.
   
7. Click OK.
   

How to change existing shared folder permissions via Computer Management

1. In Computer Management, right-click the shared folder you want to change shared folder permissions for, and select Properties from the shortcut menu.
   
2. Click the Share Permissions tab.
   
3. Select the user/group whose permissions you want to modify in the Name list box.
   
4. Proceed to change the permissions granted for the user/group using the Allow and Deny checkboxes.
   
5. Click OK.
   

How to remove shared folder permissions for users or groups

1. In Computer Management, right-click the shared folder you want to remove shared folder permissions for; and select Properties from the shortcut menu.
   
2. Click the Share Permissions tab.
   
3. Select the user/group whose permissions you want to remove in the Name list box.
   
4. Click Remove.
   
5. Click OK.
   

How to stop a folder from being shared

1. In Computer Management, connect to the computer where the share resides on.
   
2. Navigate to the Shares node.
   
3. Right-click the share that you want to permanently remove; and select Stop Sharing from the shortcut menu.
   
4. Click Yes to verify that the share should no longer exist.
   

How to configure Web shares and Web shared folder permissions

1. Open Windows Explorer.
   
2. Right-click the folder that you want to share on the Web and select Properties from the shortcut menu.
   
3. Next, click the Web Sharing tab.
   
4. Use the Share On drop-down box to specify the particular Web site that you want to share the folder on.
   
5. In the Access Permissions area, specify the access permissions for the shared Web folder.
   
6. In the Application Permissions area, select permissions for applications in the folder.
   
7. Click OK.