Lesson 4: Configuring File

and Share Access

MOAC 70-410: Installing and
Configuring Windows Server 2012 R2
 Creating Folder Shares
Lesson 4: Configuring File and Share Access

© 2013 John Wiley & Sons, Inc. 2

 Creating Folder Shares
• Shares must be created in order for
network users to be able to access the
disks on the servers. You must determine:
o What folders you will share
o What names you will assign to the shares
o What permissions you will grant users to the
shares
o What Offline Files settings you will use for the
shares

© 2013 John Wiley & Sons, Inc. 3

 Creator/Owner
• You can share your own folders.
• Right-click and select Share with >
Specific People to access a simplified
interface.
• Use Sharing tab of the folder’s Properties
sheet for greater control.

© 2013 John Wiley & Sons, Inc. 4

 Creating Folder Shares

The File Sharing dialog box

© 2013 John Wiley & Sons, Inc. 5

 Creating Folder Shares

The Advanced Sharing dialog box

© 2013 John Wiley & Sons, Inc. 6

 Types of Folder Shares
• Server Message Blocks (SMB)
o The standard file-sharing protocol used by all
versions of Windows.
o Requires the File Server role service.
• Network File System (NFS)
o The standard file sharing protocol used by
most UNIX and Linux distributions.
o Requires the Server for NFS role service.

© 2013 John Wiley & Sons, Inc. 7

 Create a Folder Share

The Shares homepage

© 2013 John Wiley & Sons, Inc. 8

 Create a Folder Share

The Select the profile for this share page in the New Share
Wizard
© 2013 John Wiley & Sons, Inc. 9
 Create a Folder Share

The Select the server and path for this share page of the
New Share Wizard
© 2013 John Wiley & Sons, Inc. 10
 Create a Folder Share

The Specify share name page of the New Share

Wizard
© 2013 John Wiley & Sons, Inc. 11
 Create a Folder Share

The Configure share settings page of the New

Share Wizard
© 2013 John Wiley & Sons, Inc. 12
 Create a Folder Share

The Specify permissions to control access page of the New

Share Wizard
© 2013 John Wiley & Sons, Inc. 13
 Create a Folder Share

The Confirm selections page of the New Share Wizard

© 2013 John Wiley & Sons, Inc. 14

 Create a Folder Share

The new share on the Shares homepage in

Server Manager
© 2013 John Wiley & Sons, Inc. 15
 Assigning Permissions
Lesson 4: Configuring File and Share Access

© 2013 John Wiley & Sons, Inc. 16

 Assigning Permissions
The four permissions systems:
• Share permissions: Control access to folders
over a network.
• NTFS permissions: Control access to the files
and folders stored on disk volumes formatted
with the NTFS file system.
• Registry permissions: Control access to
specific parts of the Windows registry.
• Active Directory permissions: Control access
to specific parts of an Active Directory Domain
Services (AD DS) hierarchy.
© 2013 John Wiley & Sons, Inc. 17
 Windows Permissions
Architecture
• Access Control List (ACL)
• Access Control Entries (ACEs)
• Security principal Permission

ACL
Sales – Read
Managers – Full ACEs
Control
JSmith – Deny Access

Folder
Folder

Security Principal

© 2013 John Wiley & Sons, Inc. 18

 Basic and Advanced
Permissions
• Permissions allow you to grant specific
degrees of access to security principals.
• Preconfigured permission combinations
are called Basic Permissions.
• Advanced Permissions are more
granular and can be applied individually,
but are rarely used.

© 2013 John Wiley & Sons, Inc. 19

 Share Permissions
Share permission Allows or denies security principals the ability to:

Change file permissions.

Full Control Take ownership of files.
Perform all tasks allowed by the Change permission.

Create folders.
Add files to folders.
Change data in files.
Change Append data to files.
Change file attributes.
Delete folders and files.
Perform all actions permitted by the Read permission.

Display folder names, filenames, file data, and attributes.

Read Execute program files.
Access other folders within the shared folder.

© 2013 John Wiley & Sons, Inc. 20

 Set Share Permissions

The Permissions page of a share’s Properties sheet in

Server Manager
© 2013 John Wiley & Sons, Inc. 21
 Set Share Permissions

The Share tab of the Advanced Security Settings dialog box

for a share in Server Manager
© 2013 John Wiley & Sons, Inc. 22
 Set Share Permissions

A Permission Entry dialog box for a share in

Server Manager
© 2013 John Wiley & Sons, Inc. 23
 Set Share Permission

A new share permission entry in a share’s access

control list
© 2013 John Wiley & Sons, Inc. 24
 NTFS Authorization
• NTFS and ReFS support permissions.
• Every file and folder on an NTFS or ReFS drive
has an ACL with ACEs, each of which contains
a security principal and their permissions.
• Security Principals are users and groups
identified by Windows using security
identifiers (SIDs).
• During authorization, when a user accesses
a file/folder, the system compares the user’s
SIDs to those stored in the element’s ACEs to
determine that user’s access.
© 2013 John Wiley & Sons, Inc. 25
NTFS Basic Permissions—
Full Control
Folder File
• Modify the folder • Modify the file
permissions. permissions.
• Take ownership of the
folder.
• Take ownership of
• Delete subfolders and the file.
files contained in the • Perform all actions
folder. associated with all
• Perform all actions other NTFS file
associated with all other
NTFS folder permissions.
permissions.

© 2013 John Wiley & Sons, Inc. 26

NTFS Basic Permissions—
Modify
Folder File
• Delete the folder. • Modify the file.
• Perform all actions • Delete the file.
associated with the • Perform all actions
Write and the Read associated with the
& Execute Write and the Read
permissions. & Execute
permissions.

© 2013 John Wiley & Sons, Inc. 27

NTFS Basic Permissions—
Read & Execute
Folder File
• Navigate through • Perform all actions
restricted folders to associated with the
reach other files Read permission.
and folders. • Run applications.
• Perform all actions
associated with the
Read and List Folder
Contents
permissions.
© 2013 John Wiley & Sons, Inc. 28
NTFS Basic Permissions—
List Folder Contents
Folder File
• View the names of • Not applicable
the files and
subfolders
contained in the
folder.

© 2013 John Wiley & Sons, Inc. 29

NTFS Basic Permissions—
Read
Folder File
• See the files and • Read the contents
subfolders of the file.
contained in the • View the
folder. ownership,
• View the permissions, and
ownership, attributes of the
permissions, and file.
attributes of the
folder.
© 2013 John Wiley & Sons, Inc. 30
NTFS Basic Permissions—
Write
Folder File
• Create new files • Overwrite the file.
and subfolders • Modify the file
inside the folder. attributes.
• Modify the folder • View the ownership
attributes. and permissions of
• View the ownership the file.
and permissions of
the folder.

© 2013 John Wiley & Sons, Inc. 31

 Assign Basic NTFS Permissions

The Advanced Security Settings dialog box for a share in

Server Manager
© 2013 John Wiley & Sons, Inc. 32
 Configuring Volume
Shadow Copies
Lesson 4: Configuring File and Share Access

© 2013 John Wiley & Sons, Inc. 33

 Volume Shadow Copies
• Allow you to maintain previous versions of
files on a server.
• A copy of a file can be accessed even if a
file has been accidentally deleted or
overwritten.
• Can be implemented for entire volumes
only.

© 2013 John Wiley & Sons, Inc. 34

 Configure Shadow Copies

The Shadow Copies dialog box

© 2013 John Wiley & Sons, Inc. 35

 Configure Shadow Copies

The Settings dialog box

© 2013 John Wiley & Sons, Inc. 36

 Configuring NTFS Quotas
Lesson 4: Configuring File and Share Access

© 2013 John Wiley & Sons, Inc. 37

 NTFS Quotas
• Enable administrators to set a storage
limit for users of a particular volume.
• Users exceeding the limit can be denied
access or just receive a warning.
• Space consumed by users is measured by
the size of the files they own or create.

© 2013 John Wiley & Sons, Inc. 38

 Configure NTFS Quotas

The Quota tab of a volume’s Properties sheet

© 2013 John Wiley & Sons, Inc. 39

Configuring Work Folders
• Work Folders is a Windows Server 2012 R2 feature
that enables administrators to provide their users with
synchronized access to their files on multiple
workstations and devices, while storing them on a
network file server.
• To set up the Work Folders environment, you install
the Work Folders role service in  the File and Storage
Services role on a server running Windows Server
2012 R2, and create a new type of share called a sync
share .
o This installs the IIS Hostable Web Core feature , which
makes it possible for the server to respond to incoming
HTTP requests from Work Folders clients on the network.

© 2013 John Wiley & Sons, Inc. 40

Configuring Work Folders
• On the client side, you configure Work Folders
in the Windows 8.1 Control Panel, specifying
the email address of the user and the
location of the Work Folders on the local disk.
o The system also creates a system folder called
Work Folders, which appears in File Explorer and in
file management dialogs.
o When the user saves files to the Work Folders on
the client system, they are automatically
synchronized with the user’s folder on the Work
Folders server.

© 2013 John Wiley & Sons, Inc. 41

Copyright 2014 John Wiley & Sons, Inc.
All rights reserved. Reproduction or translation of this work beyond that
named in Section 117 of the 1976 United States Copyright Act without the
express written consent of the copyright owner is unlawful. Requests for
further information should be addressed to the Permissions Department, John
Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own
use only and not for distribution or resale. The Publisher assumes no
responsibility for errors, omissions, or damages, caused by the use of these
programs or from the use of the information contained herein.