Windows 7 : Managing Network Access

Sharing is the process of allowing network users access to a resource located on a computer. A network share provides a single location to manage shared data used by many users. Sharing also allows an administrator to install an application once, as opposed to installing it locally at each computer, and to manage the application from a single location.

The following sections describe how to create and manage shared folders, configure share permissions, and provide access to shared resources.

1. Creating Shared Folders

You can share a folder in two ways. To use the Sharing Wizard, right-click a folder and select Share. If the Sharing Wizard feature is enabled, you will see the File Sharing screen. Here, you can add local users.

However, you cannot use the Sharing Wizard to share resources with domain users. To share a folder with domain users, you should right-click the folder and select Properties, then select the Sharing tab, shown in Figure 1.

Figure 1. The Sharing tab of a folder's Properties dialog box

The Share button will take you to the Sharing Wizard. To configure Advanced Sharing, click the Advanced Sharing button, which will open up the Advanced Sharing dialog box. When you share a folder, you can configure the options listed in Table 1.

If you share a folder and then decide that you do not want to share it, just deselect the Share This Folder check box. You can easily tell that a folder has been shared by the group icon located at the bottom left of the folder icon. The following also holds true:

• Only folders, not files, can be shared.

• Share permissions can be applied only to folders and not to files.

• If a folder is shared over the network and a user is accessing it locally, then share permissions will not apply to the local user; only NTFS permissions will apply.

• If a shared folder is copied, the original folder will still be shared but not the copy.

• If a shared folder is moved, the folder will no longer be shared.

• If the shared folder will be accessed by a mixed environment of clients, including some that do not support long filenames, you should use the 8.3 naming format for files.

• Folders can be shared through the Net Share command-line utility.

Now let's take a look at configuring share permissions for your users.

2. Configuring Share Permissions

You can control users' access to shared folders by assigning share permissions. Share permissions are less complex than NTFS permissions and can be applied only to folders (unlike NTFS permissions, which can be applied to files and folders).

To assign share permissions, click the Permissions button in the Advanced Sharing dialog box. This brings up the Permissions dialog box, shown in Figure 2.

Figure 2. The Permissions dialog box

You can assign three types of share permissions:

Full Control Allows full access to the shared folder.

Change Allows users to change data within a file or to delete files.

Read Allows a user to view and execute files in the shared folder. Read is the default permission on shared folders for the Everyone group.

Shared folders do not use the same concept of inheritance as NTFS folders. If you share a folder, there is no way to block access to lower-level resources through share permissions.

When applying conflicting share and NTFS permissions, the most restrictive permissions apply. Remember that share and NTFS permissions are both applied only when a user is accessing a shared resource over a network. Only NTFS permissions apply to a user accessing a resource locally.

So, for example, if a user's NTFS security settings on a resource were Read and the share permission on the same resource was Full Control, the user would have Read permission only when they connect to that resource. The most restrictive set of permissions wins.