Security Essentials - Intro to Shares


The purpose of a share, which is also called a shared folder, is to expose a portion of a server’s file system to network users. The idea is to just keep portions of that file system available to users while allowing other portions of the server’s file system to remain private and unseen by network users.

(Instructional video below provides a walkthrough of the steps contained in this article.)
A share can expose a single folder and everything in it or an entire drive and everything on that drive.

Windows Explorer is where you’ll often administer shares, so let me show you how it’s done there.

Administrating Shares with Windows Explorer

Launch Windows Explorer and create a new folder. Just right-click on an empty space and select New > Folder.

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

Windows Explorer create a new folder screen

Give the folder a name, e.g. “UserFiles.”

Windows Explorer new folder

The intent here is that the contents of this folder will be the things we want our users to have access to from the network. For the purpose of an example, I’d like you to create a text document and give it a name, e.g. “Example.”

Windows Explorer create a new text document

Next, let’s assign permissions to that file. Right-click on it and then select Properties from the context menu.

Windows Explorer properties

Once you’re in the Properties window, navigate to the Security tab. By default, the file is inheriting the permissions of the folder which, in turn, is inheriting the permissions from the drive itself. If you click on each group or user name, you’ll see their respective permissions in the lower panel.

To proceed with our example, let’s add a new user to this list. To do that, just click the Edit button.

Windows Explorer edit permissions

And then in the next window, click Add.

Windows Explorer add window

Add an existing user into the text field labeled, “Enter the object names to select” and then click OK.

Windows Explorer enter object name to select

Give that person full control over the contents of the file by clicking the Allow check box for the item: Full control.

Windows Explorer full control window

Click all OK buttons until you’re back at the folder you created earlier.

Windows Explorer back in folder

Next, go back up a level, right-click the folder you created, and select Properties.

Windows Explorer folder properties

In the Properties window, navigate to the Sharing tab and then click the Share button.

Windows Explorer share button

Now you should decide who among your users will be allowed to access files through this share. From the screenshot below, you see that the Administrators group is already in there. In addition to it, you can add whatever groups you like.

Just type in the name of the group (e.g. Users) or the name of an individual into the text box and then click Add. Once you’re done adding, click the Share button.

Windows Explorer add share window

Then click Done.

Windows Explorer done file sharing

You should then see the network path already filled in.

Windows Explorer network path

Users can use that path to access the contents of that folder.

If you want to give it a test run, go to the Start menu and click Run.

Windows Explorer start run menu

Enter the path. This share is advertised, so if you do that on a local machine, you won’t have to enter the entire path because Windows will automatically populate the rest of the path’s name for you and then suggest that as a choice. Select it and then click OK.

Windows Explorer select path

Windows will then open that shared folder in a new window. When users access something through a share, the share will look like the top-level item to them. In other words, they won’t be able to go further up into the filesystem hierarchy.

That is, they won’t be able to reach the Windows folder or anything else contained in the server because the share represents their entry point into the server.

Up in Explorer’s title bar, you can click on the server, and you will then be able to see all the other shares in that computer. Some of those you may or may not have access to. Some of them, like the netlogon and sysvol shares, are there for special purposes. Specifically, those two are used by the Windows operating system itself.

netlogon sysvol shares

That’s how a shared folder looks. Now you can also share a drive. For example, you can share your C: drive.

To do that, navigate to MyComputer, right-click your C: drive, and then select Properties.

Windows Explorer properties menu

Next, go to the Sharing tab. Depending on the particular drive you’re working with, you may or may not be able to share it by clicking the visible Share button. In my case, my C: drive is my system drive, so I am not allowed to just click the Share button, which is why it’s grayed out.

One way to go around this is to click the Advanced Sharing button.

Windows Explorer advanced sharing button

When the Advanced Sharing window appears, click the Share this folder check box. Give the share a name (e.g. CDrive) and then click OK.

Windows Explorer advanced sharing window

If you go back to the root folder of your server,

Windows Explorer root folder of the server

you’ll notice that the shared drive already appears.

Windows Explorer shared drive

Because that share points to the drive itself, it enables you to access all folders on that drive.

Windows Explorer C drive


This is the broadest form of sharing that Windows offers. If your server has multiple drives attached to it, the only way to give someone access to everything is to share each drive individually.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

Office 365 Coexistence for Mergers & Acquisitions: Don’t Panic! Make it SimpleLive Webinar on Tuesday, November 16, 2021 @ 1 pm ET

In this session, Microsoft MVPs Steve Goodman and Mike Weaver, and tenant migration expert Rich Dean, will cover the four most common steps toward Office 365 coexistence and explain the simplest route to project success.

  • Directory Sync/GAL Sync – How to prepare for access and awareness
  • Calendar Sharing – How to retrieve a user’s shared calendar, or a room’s free time
  • Email Routing – How to guarantee email is routed to the active mailbox before and after migration
  • Domain Sharing – How to accommodate both original and new SMTP domains at every stage

Aimed at IT Admins, Infrastructure Engineers and Project Managers, this session outlines both technical and project management considerations – giving you a great head start when faced with a tenant migration.the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

Sponsored by: