If you want to configure access to files over the network for one or more users, you need to configure file sharing on the computer on which these files are stored. A common way to deploy a shared resource for storing files is by configuring a Windows file share. In this case, we are talking about a Windows SMB share, and this file share can be configured on any Windows version.
This blog post explains how to configure a Windows file share on Windows Server 2022 to allow multiple users to access this share.
What Is a File share
A file share is a directory on a computer, server, or virtual machine that contains files and directories that are accessible to other users via the network by using one of the supported file sharing protocols. A file share can be configured on any operating system supporting the appropriate file sharing protocol, for example, SMB or NFS.
Both client Windows versions (Windows XP, 7, 8, 10, etc.) and server Windows versions (Windows Server 2003, 2008, 2012, 2016, 2019, etc.) support Windows file sharing via the SMB protocol. However, Windows Server versions provide more capabilities compared to the client versions. For example, the maximum number of concurrent connections. In this blog post, we will explain how to set up a server for file sharing in Windows or, in other words, how to configure a file server.
Our Window Server Environment
We configure a Windows SMB share in Windows Server 2022 that is in a workgroup. The configuration principle for Windows machines in an Active Directory domain is identical, but you need to specify (determine) domain users and local users on computers when setting share permissions.
The parameters of our Windows file server are:
- IP address: 192.168.101.209
- Computer name: Win2019
The workflow in this article can be used for older Windows Server versions. As for client Windows versions, you can mostly follow the same Windows file sharing workflow for top editions like Windows XP Pro, Windows 7 Ultimate, Windows 10 Pro, etc. However, note that there may be certain limitations.
Creating Users and Groups
First of all, we need to create users. Using existing user accounts in Windows for file sharing is technically possible, but this approach is not recommended for security reasons. That is why, we will not use the existing administrator and user accounts to configure a Windows file share, and we will not provide these credentials to users accessing the share.
We will create special accounts for users who need to access the file share server. If a username and password on a file server are the same as a user’s username and password on a remote client computer for Windows logon, then credentials are not prompted when accessing a Windows SMB share. This feature makes accessing a file share more convenient for users and optimal for administrators.
Open the Computer Management window, which you can access by going to Server Manager > Tools > Computer Management. Alternatively, you can simply run the compmgmt.msc command in CMD.
Note: In an Active Directory domain, you need to open the Active Directory Users and Computers window on a domain controller to create domain users and groups. You can do it by running dsa.msc in the command line or the Run (Win+R) prompt. Use Active Directory Users and Computers instead of Computer Management on a domain controller.
Creating users
- In the Computer Management Window that opens (that can also be called a collection of Microsoft Management Console snap-ins), go to System Tools > Local Users and Groups > Users.
- After selecting Users, right-click in the empty space of the right pane and click New User in the context menu.
Enter a user name, which will be used for user authentication when accessing a Windows file share. Keep in mind that this account can also be used for login on the current Windows Server machine. The name of our user is user1.
- If your file server is a domain member, the created domain user accounts can be used to log in to domain computers.
- Enter a password and confirm the password.
- Click Create
- We create more users the same way. The users that we create for accessing the file share server are:
- user1, user2, user3, user4
- user11, user12, user13, user14
Creating groups
When you need to configure access with the same settings for several users, it is more convenient to manage groups of users.
We create two groups in our fileshare server configuration example:
- Group_A – for providing full access to the file share (Read, Write, Change). The group contains the following members: user1, user2, user3, user4.
- Group_B – for providing read-only access to the share. The group contains the following members: user11, user12, user13, user14.
You can create a group, add users to the group, and configure access to a Windows SMB share for a group rather than adding each user separately in the share configuration and configuring the same settings for each user manually.
To create a new group:
- Right-click Groups in the Computer Management window and click New Group in the context menu.
- Enter a group name (which is Group_A in our case) in the New Group window (see the screenshot below).
- Click Add to add users to the group.
- In the Select Users window, enter a user name such as user1, then click Check Names. When the user name is entered correctly, this user name is underlined and displayed as a full name (ComputerName\UserName or DomainName\UserName). To continue adding users, press Space or add semicolon and enter the next user name, then click Check Names, and so on.
If you want to set access for a local user account created on the computer that is a domain member, enter the full user name manually, like this: ComputerName\UserName. You can similarly enter the full name of a domain user.
- After entering all needed user names and checking them, click OK to save settings and close the Select Users window.
- Click Create in the New Group window to finish group creation.
Windows File Sharing Setup
Once we have created the needed users and groups, we can move forward to set up the Windows file share.
- Select the directory that you want to share or select a new directory. We create a new directory in our example and the path to this directory is: E:\share
- Right-click this directory (folder) and in the context menu, hit Properties.
Setting up sharing permissions
- Select the Sharing tab in the directory Properties window and click the Advanced Sharing button.
- Select the Share this folder checkbox in the Advanced Sharing window and click Permissions.
You can see that everyone can read the contents of the shared folder by default. Everyone is the default group containing all users on the current computer. In our example, we select Everyone and click Remove because we need to create a custom configuration.
- Click Add to add the needed users and groups for configuring access to the Windows SMB share for them.
- The Select Users or Groups window is opened.
- Enter the name of users and groups for which you want to configure access. In our case, we enter Group_A.
- Click Check Names like you did when adding users to a group. An entered name is underlined and displayed in the full format if the name is correct (and exists). You can enter multiple user or group names if needed.
- Click OK to save settings and close this window.
- We can see Group_A in the list of group or user names in the Permissions window for our share folder.
- Select this user/group (Group_A in our case) and select the Allow Full Control checkbox.
- Then we add Group_B just like we added Group_A. Let’s keep the read-only sharing permissions for Group_B.
- We also add the built-in Administrators group and enable full access for administrators. (If a computer is a domain member, you can use the Domain Administrators group).
- Click OK to save permissions for the Windows file share and close the Permissions window.
Setting file system permissions
We have now configured file sharing permissions for the shared folder. In addition to that, we must configure file system permissions for this folder to set the appropriate access for users. NTFS is the file system we use on Windows volumes.
- Select the Security tab in the Properties window for the shared folder. Default NTFS permissions are set for CREATOR OWNER, SYSTEM, Administrators and Users.
- Click Edit to set permissions for a folder on the file system level.
- As you can see, users in the Users group have read access to this folder by default.
- Click Add to add the needed group or user and set permissions for them at the file system level.
- The Select Users or Groups window opens.
- Enter the name of the user or group that you want to add (Group_A in our case).
- Click Check Names.
- Hit OK to save settings.
- Select Group_A in the list of users and groups. Select the Allow Full Control checkbox to grant full access to Group_A.
- Add Group_B just like you added Group_A.
- We preserve the default permissions, which include Read & Execute, List folder contents, and Read for Group_B.
- Click OK in the Permissions window. Click OK in the shared folder Properties window.
We have configured sharing permissions and file system permissions for the shared folder. Similarly, you can create other shares on file sharing servers.
Accessing a Windows SMB Share
Now users can access the Windows file share (SMB share) from their computers.
To access the Windows SMB share from another computer, open Windows Explorer (click the My Computer or This PC icon) and enter the network address of the file server in the address bar in the format: \\Server-IP-Address or \\Server-Name
We enter the path:
\\192.168.101.209
We access this file share from a Windows machine after logging in as user1.
We can see a shared folder with the name share on our shared file server.