After examining the Distributed file system, Removable Storage, and Remote Storage, discussing sharing folders on the network or the Internet sounds a bit commonplace. Nevertheless, sharing folders is important and we're going to tell you how to do it anyway. So there.
You can administer shared folders in Windows 2000 in two ways. You can right-click a shared folder in Windows Explorer and choose Sharing from the shortcut menu, or you can use the Shared Folders MMC snap-in. The Shared Folders MMC snap-in provides a way of viewing all of the file shares at once, along with the current connections and open files. Windows Explorer doesn't. Therefore, we're going to talk about the Shared Folders MMC snap-in now, and we'll talk about Windows Explorer later, in the "Configuring Web Shares" section.
To use the superior Shared Folders tool, follow these steps:
Figure 16-26. The Shared Folders tool in the Computer Management console.
Windows 2000 makes it easy to share a folder or volume on the system with other users on the corporate network. Just follow these steps:
Figure 16-27. The Create Shared Folder dialog box.
REAL WORLD Setting Permissions
We strongly recommend that you implement NTFS file-level permissions instead of share-level permissions. Using share-level permissions alone isn't secure enough in most instances, and using both introduces an unacceptable level of complexity.However, there are some exceptions to this rule; for example, you might want to permit all users to access a volume in a certain subfolder but allow only a certain group to access the root directory. (Administrators can always access the root folder for a drive by connecting to the drive's hidden administrative share, for example, C$.) In this instance, you could create two file shares: one at the subfolder level with no share-level security and one at the root-folder level with share-level security to allow only the specified group access.
Somewhat more useful is the ability to hide file shares by adding the dollar sign ($) character to the end of the share name. This notation allows any user to connect to the share—provided he or she knows the share name. Once users connect, they're still bound by NTFS security permissions, but this can be handy for storing useful power tools that an administrator might want to be able to access from a user's system and user account. File security isn't really an issue—you just don't want users mucking around with the files.
To stop sharing a folder on the network, follow these steps:
If you need to disconnect users from the server for some reason—say to close off the server while you update the files—follow these steps:
CAUTION
Be kind to your users and warn them before disconnecting them. Disconnecting a user who is working on a file can cause data loss and resultant ill feelings.
You can limit the number of simultaneous user connections you want to allow to a shared folder so that a given shared folder doesn't overburden the server with user connections. To do so, follow these steps:
Figure 16-28. The General tab of a shared folder's Properties dialog box.
NOTE
Windows 2000 Professional supports a maximum of 10 simultaneous users.
As mentioned previously, you really shouldn't use share-level permissions in most instances unless you're not using NTFS file-level security. Share-level permissions allow or deny access to a shared folder depending on the user's group membership and the security settings of the file share. File-level security, on the other hand, has a much more granular level of control, providing the ability to grant or deny users and groups the ability to perform a wide range of actions on both folders and individual files. Since you would normally use NTFS permissions in a situation where security is important, we generally don't recommend setting share-level permissions. You can do it, however, so here's how. (You can also change NTFS permission using this procedure, which is kind of handy.)
See Chapter 9 for more information on setting NTFS permissions.
If you have IIS installed on the system, you have the ability to share any folder on the system with all Web users on the intranet that can access the server. Typically, Web shares are set up with IIS, but you can also do it quickly using Windows Explorer. Follow these steps:
Figure 16-29. The Edit Alias dialog box.
TIP
For more thorough control over the Web shares, launch the Internet Services console from the Administrative Tools folder on the Start menu. See Chapter 27 for more information.