Shared Folders

Previous page
Table of content
Next page

After examining the Distributed file system, Removable Storage, and Remote Storage, discussing sharing folders on the network or the Internet sounds a bit commonplace. Nevertheless, sharing folders is important and we're going to tell you how to do it anyway.

Using the Shared Folders Snap-In

You can administer shared folders in Windows 2000 in two ways. You can right-click a shared folder in Windows Explorer and choose Sharing from the shortcut menu, or you can use the Shared Folders MMC snap-in. The Shared Folders MMC snap-in provides a way of viewing all of the file shares at once, along with the current connections and open files. Windows Explorer doesn't. Therefore, we're going to talk about the Shared Folders MMC snap-in now, and we'll talk about Windows Explorer later, in the section entitled Configuring Web Shares.

To use the clearly superior Shared Folders tool (not that we're biased), follow these steps:

  1. Open the Computer Management MMC snap-in from the Administrative Tools folder on the Start menu, or enter %SystemRoot%\System32\Compmgmt.msc in the Run dialog box or at a command prompt.
  2. Expand the Shared Folders folder in the console tree (Figure 17-26).
  3. Use the Shares, Sessions, and Open Files folders to view the current file shares on the system you're managing and to see how much activity the shares are getting.

Figure 17-26. The Shared Folders tool in the Computer Management console.

Setting Up Shared Folders

It's easy to share a folder or volume on the system with other users on the corporate network. Just follow these steps:

  1. In the Computer Management console, open the Shared Folders folder in the console tree.
  2. Right-click the Shares folder and choose New File Share from the shortcut menu.
  3. In the Create Shared Folder dialog box shown in Figure 17-27, click Browse to locate or create the folder you want to share.

Figure 17-27. The Create Shared Folder dialog box.

  1. Enter the name you want to give the file share. This name should ideally be DNS and NetBIOS compatible for the best interoperability with downlevel and non-Microsoft clients.
  2. Enter a description for the shared folder in the Share Description box, and then click Next.
  3. Optionally, specify the Share Level permissions for the folder, and then click Finish.

Real World

Setting Permissions

We strongly recommend that you implement NTFS file-level permissions instead of share-level permissions. Using share-level permissions alone isn't secure enough in most instances, and using both introduces an unacceptable level of complexity.

However, there are some exceptions to this rule; for example, you might want to permit all authenticated users to access a volume in a certain subfolder but allow only a certain group to access the root directory. (Administrators can always access the root folder for a drive by connecting to the drive's hidden administrative share, for example, C$.) In this instance, you could create two file shares: one at the subfolder level with no share-level security and one at the root folder level with share-level security to allow only the specified group access.

Somewhat more useful is the ability to hide file shares by adding the dollar sign ($) character to the end of the share name. This notation allows any user to connect to the share—provided he or she knows the share name. Once users connect, they're still bound by NTFS security permissions, but this can be handy for storing useful power tools that an administrator might want to be able to access from a user's system and user account. File security isn't really an issue—you just don't want users mucking around with the files.

Ending Folder Sharing

To stop sharing a folder on the network, follow these steps:

  1. In the Computer Management console, open the Shared Folders folder in the console tree and then open the Shares subfolder.
  2. Right-click the shared folder you want to stop sharing and choose Stop Sharing from the shortcut menu.
  3. Click OK.

Disconnecting Users

If you need to disconnect users from the server for some reason—say to close off the server while you update the files—follow these steps:

Be kind to your users and warn them before disconnecting them. Disconnecting a user who is working on a file can cause data loss and resultant ill feelings.

  1. Open Shared Folders in the Computer Management console, and then open the Sessions subfolder.
  2. Right-click the user you want to disconnect, and choose Close Session from the shortcut menu.
  3. To disconnect all sessions, right-click the Sessions folder and choose Disconnect All Sessions from the shortcut menu.
  4. To close an open file, click the Open Files folder, right-click the file you want to close, and then choose Close Open File from the shortcut menu.
  5. To close all open files, right-click the Open Files folder and choose Disconnect All Open Files from the shortcut menu.

Limiting Simultaneous Connections

You can limit the number of simultaneous user connections you want to allow to a shared folder so that a given shared folder doesn't overburden the server with user connections. To do so, follow these steps:

  1. Open Shared Folders in the Computer Management console, and then open the Shares subfolder.
  2. Right-click the shared folder you want to limit access to, and then choose Properties from the shortcut menu.
  3. To place no limit on the number of connections you allow to the shared folder (other than that set by the number of licenses you have), select the Maximum Allowed option in the General tab, as shown in Figure 17-28.

    Figure 17-28. The General tab of a shared folder's Properties dialog box.

  4. To manually limit the number of connections you want to allow to the shared folder, enter the number of connections you want to allow in the Allow box, and then click OK.

File shares hosted on computers running Windows XP or Windows 2000 Professional support a maximum of 10 simultaneous users.

Setting Permissions

As mentioned previously, you really shouldn't use share-level permissions in most instances unless you're not using NTFS file-level security. Share-level permissions allow or deny access to a shared folder depending on the user's group membership and the security settings of the file share and don't apply to locally logged-on users.

File-level security, on the other hand, has a much more granular level of control, providing the ability to grant or deny users and groups the ability to perform a wide range of actions on both folders and individual files for both network and local users. Because you would normally use NTFS permissions in a situation where security is important, we generally don't recommend setting share-level permissions. You can do it, however, so here's how:

  1. Open Shared Folders in the Computer Management console, and then open the Shares subfolder.
  2. Right-click the shared folder you want to set permissions for, and then choose Properties from the shortcut menu.
  3. Click the Share Permissions tab and have at it (see Chapter 10 for more information on permissions).

Although we discourage the use of share-level permissions, it is appropriate to replace the Everyone group with the Authenticated Users group (give it Full Control permission).

Click Caching in the General tab to control whether or not clients can cache the contents of the file share using the Offline Folders feature of Windows.

Configuring Web Shares

You can share folders with users on your intranet, as long as Internet Information Services (IIS) is installed on the system. Although most administrators will set up Web shares using IIS (discussed in Chapter 28), you can also do it using Windows Explorer. However, before you go about installing IIS and publishing folders on your intranet or anywhere else, proceed to Chapter 28 and review the security suggestions made there.

To share folders on your intranet using IIS, follow these steps:

  1. Open Windows Explorer, right-click the folder or drive you want to share on the Web, and choose Properties from the shortcut menu.
  2. Click the Web Sharing tab.
  3. Choose the Web site you want to share the folder on from the Share On drop-down list box.
  4. Select the Share This Folder option, and then in the Edit Alias dialog box that appears (Figure 17-29), enter the folder name you want to use for the share. Note that the alias you enter is appended to the Web site's name: http://myserver.mycompany.com/alias.
  5. Set the access permissions for the folder by selecting check boxes in the Access Permissions section of the dialog box. (It is important to set these access permissions, especially if the server is visible on the Internet.)
  6. Use the Application Permissions options to choose which level of permissions you want to grant to applications in this folder, and then click OK.

Figure 17-29. The Edit Alias dialog box.

For more thorough control over the Web shares, launch the Internet Services console from the Administrative Tools folder on the Start menu. See Chapter 28 for more information about this.


Previous page
Table of content
Next page
Microsoft Windows 2000 Server Administrator's Companion
Microsoft Windows 2000 Server Administrators Companion
ISBN: 0735617856
EAN: 2147483647
Year: 2003
Pages: 320
Authors: Charlie Russel, Sharon Crawford, Jason Gerend
BUY ON AMAZON
Java I/O
802.11 Wireless Networks: The Definitive Guide, Second Edition
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
.NET System Management Services
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
The Oracle Hackers Handbook: Hacking and Defending Oracle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy