|By Keith Mayer||
|October 26, 2012 08:30 AM EDT||
In the past, managing and sharing NTFS folders could be a real ordeal – there were different tools for managing NTFS permissions vs shared folders and most IT Pros generally used these tools on a server-by-server basis from each server’s console.
Server Manager to the rescue!
In Windows Server 2012, Server Manager provides a management facelift on top of the disconnected process that we’ve used in the past for sharing folders and setting NTFS permissions. In addition, Server Manager can easily manage these folders on a local server or any remote servers that you’ve previously added to the Server Manager dashboard.
NOTE: For details on using and customizing Server Manager for your servers and network environment, check out this post on that topic.
Along with the new SMB 3.0 performance and availability features for shared folders, Server Manager provides a powerful management tool for taking advantages of these features in your network environment.
How can I share new folders with Server Manager?
You can start the process of sharing NTFS folders in Server Manager by launching the New Share Wizard from the File and Storage Services details page. This new wizard integrates the steps involved with creating a new folder, sharing the folder and setting NTFS permissions into a single continuous workstream for local and remote servers.
- On the File and Storage Services page, select Shares and then click Tasks –> New Share … to begin the New Share Wizard.
- On the Select the profile for this share page, select SMB Share – Quick and click the Next button. Note that in addition to creating new SMB shares for NTFS folders that are sharing documents, we also have options for creating shared folders for applications, such as SQL databases or Hyper-V virtual machines, as well as creating new NFS shares for non-Windows client devices.
- On the Select the server and path for this share page, select the server on which to create the new share ( local or remote server ) and the volume on which to create the new shared folder. Click the Next button to continue.
- On the Specify share name page, type the name of your new Share name and click the Next button to continue.
- On the Configure share settings page, you will find advanced options for configuring Access-Based Enumeration (ABE), Offline folder caching, and Encryption of end-to-end SMB network traffic. Let’s select all three options and then click the Next button.
NOTE: If BranchCache is enabled on your server to optimize shared folder access over a WAN, you can also enable BranchCache for this new folder on this page. To learn more about the new simplified BranchCache features in Windows Server 2012 … check out Brian Lewis’ My Thoughts on IT blog.
- On the Specify permissions to control access page, review the default permissions for the new NTFS folder and click the Customize permissions… button to further customize these permissions as necessary. When finished, click the Next button to continue.
- On the Confirm selections page, review the currently selected settings for sharing the new folder and click the Create button to begin the process of creating the new folder, applying NTFS permissions, and sharing the folder with the selected share settings.
How can I automate the process of sharing new folders?
You can automate the process of sharing new folders using PowerShell 3.0 and the new SMB Share Cmdlets. For example, to create and share the same folder as demonstrated above, we could use the following commands in PowerShell:
New-SMBShare -Name Documents -Path D:\Shares\Documents -FolderEnumerationMode AccessBased
-CachingMode Documents -EncryptData $True -FullAccess Everyone
Has anything changed with NTFS permissions in Windows Server 2012?
NTFS access list permissions work the same in Windows Server 2012, but there is an improved user interface for setting and viewing NTFS permissions that can make implementing advanced security scenarios much easier.
What is an NTFS “advanced security scenario”?
For example, a common NTFS folder requirement in many organizations is to set permissions such that users can create, update, delete and rename files, but not delete or rename folders or sub-folders. Many organizations implement this approach to provide a consistent network folder structure for users to store their files, without being concerned about users inadvertently moving or renaming (ie., pruning and grafting) whole sections of that folder structure. In the past, this custom combination of file and folder permissions was confusing and difficult to implement.
To implement this scenario in Windows Server 2012, we can click on the Customize permissions… button referenced above in Step 6 and walk through the following process:
- In the Advanced Security Settings dialog box, click the Disable Inheritance button to disable inherited permissions from the parent folder in preparation of setting an explicit set of folder permissions.
- When prompted, click the option to Convert inherited permissions into explicit permissions on this object. This will create a copy of each inherited permission access list entry into an explicit entry for this folder that we’ll be able to edit or remove.
- In this case, we want to modify the default permissions granted to the Users group for this folder. Use the Remove button to remove each of the existing access list entries granted to the Users group.
- Then use the Add button to grant a new set of file permissions to the Users group. In this scenario, we want users to have read, write and delete permissions to files ( and only files ) inside this folder, so we’ll select the following permission options for files:
- Once we’re done adding file permissions, we’ll use the Add button again to grant a new set of folder permissions to the Users group. In this scenario, we want users to have the ability to see folders and create new files, so we’ll select the following permission options for folders:
That’s it! Now we’ve got our shared folder all set for this advanced security scenario in just a few clicks! Of course, if we wanted to automate this process, we could’ve used the Set-Acl and Get-Acl PowerShell Cmdlets to set NTFS permissions via a script as well.
Are there any other changes related to NTFS permissions?
As we were working through the last set of steps, you may have noticed a few new tabs in the new NTFS Advanced Security Settings dialog.
The tabs that are new or improved for the NTFS Security Dialog in Windows Server 2012 include:
- Share – integrates Share permissions into a separate tab on the NTFS security dialog, so that NTFS and Share permissions can be compared side-by-side
- Effective Access – improved to provide an easier user interface to work with for evaluating the effective permissions for a user, group, device or claim.
- Central Policy – used with the new Dynamic Access Control (DAC) feature of Windows Server 2012 to centralize folder permissions into security policies that can be dynamically applied to files and folders based on Active Directory claims.
Dynamic Access Control (DAC), in particular, is a powerful feature in Windows Server 2012 to reduce the administrative load of managing standard permission access lists across lots of file servers. I’ll be writing a separate article in the near future that steps through the process of using DAC.
Do It: Implementing Shared Folders and NTFS Permissions
Your turn! Build your own Windows Server 2012 server lab and use the steps outlined above to create and share your own shared folder with the following properties:
- Shared folder path: C:\Shares\Documents
- Shared folder name: Documents
- Shared folder settings: Access-based Enumeration
- NTFS Permissions: Use the permissions shown in the example above.
In this article, we've walked through the benefits of the improvements offered by Windows Server 2012 for sharing and configuring NTFS folders using Server Manager and PowerShell 3.0
Learn more! To gain more experience with Windows Server 2012 in your lab, feel free to join our FREE Windows Server 2012 "Early Experts" Challenge online study group and become one of the 1,000+ IT Pros that are now studying as "Early Experts" on Windows Server 2012.
What do you think of Server Manager in Windows Server 2012?
Are you excited about using Server Manager in your environment for shared folder scenarios? Feel free to share your feedback and stories in the comments below!
Hope this helps,
|Build Your Lab! Download Windows Server 2012|
|Don’t Have a Lab? Build Your Lab in the Cloud with Windows Azure Virtual Machines|
|Want to Get Certified? Join our Windows Server 2012 "Early Experts" Study Group|
Cloud computing delivers on-demand resources that provide businesses with flexibility and cost-savings. The challenge in moving workloads to the cloud has been the cost and complexity of ensuring the initial and ongoing security and regulatory (PCI, HIPAA, FFIEC) compliance across private and public clouds. Manual security compliance is slow, prone to human error, and represents over 50% of the cost of managing cloud applications. Determining how to automate cloud security compliance is critical to maintaining positive ROI. Raxak Protect is an automated security compliance SaaS platform and ma...
Nov. 27, 2015 06:00 PM EST Reads: 408
We all know that data growth is exploding and storage budgets are shrinking. Instead of showing you charts on about how much data there is, in his General Session at 17th Cloud Expo, Scott Cleland, Senior Director of Product Marketing at HGST, showed how to capture all of your data in one place. After you have your data under control, you can then analyze it in one place, saving time and resources.
Nov. 27, 2015 04:00 PM EST Reads: 172
Today air travel is a minefield of delays, hassles and customer disappointment. Airlines struggle to revitalize the experience. GE and M2Mi will demonstrate practical examples of how IoT solutions are helping airlines bring back personalization, reduce trip time and improve reliability. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Dr. Sarah Cooper, M2Mi’s VP Business Development and Engineering, explored the IoT cloud-based platform technologies driving this change including privacy controls, data transparency and integration of real time context with p...
Nov. 27, 2015 02:00 PM EST Reads: 409
Internet of @ThingsExpo, taking place June 7-9, 2016 at Javits Center, New York City and Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 18th International @CloudExpo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo New York Call for Papers is now open.
Nov. 27, 2015 12:00 PM EST Reads: 541
The Internet of Things (IoT) is growing rapidly by extending current technologies, products and networks. By 2020, Cisco estimates there will be 50 billion connected devices. Gartner has forecast revenues of over $300 billion, just to IoT suppliers. Now is the time to figure out how you’ll make money – not just create innovative products. With hundreds of new products and companies jumping into the IoT fray every month, there’s no shortage of innovation. Despite this, McKinsey/VisionMobile data shows "less than 10 percent of IoT developers are making enough to support a reasonably sized team....
Nov. 27, 2015 12:00 PM EST Reads: 464
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York and Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound cha...
Nov. 27, 2015 11:45 AM EST Reads: 536
Just over a week ago I received a long and loud sustained applause for a presentation I delivered at this year’s Cloud Expo in Santa Clara. I was extremely pleased with the turnout and had some very good conversations with many of the attendees. Over the next few days I had many more meaningful conversations and was not only happy with the results but also learned a few new things. Here is everything I learned in those three days distilled into three short points.
Nov. 27, 2015 11:00 AM EST Reads: 312
DevOps is about increasing efficiency, but nothing is more inefficient than building the same application twice. However, this is a routine occurrence with enterprise applications that need both a rich desktop web interface and strong mobile support. With recent technological advances from Isomorphic Software and others, rich desktop and tuned mobile experiences can now be created with a single codebase – without compromising functionality, performance or usability. In his session at DevOps Summit, Charles Kendrick, CTO and Chief Architect at Isomorphic Software, demonstrated examples of com...
Nov. 27, 2015 10:45 AM EST Reads: 383
As organizations realize the scope of the Internet of Things, gaining key insights from Big Data, through the use of advanced analytics, becomes crucial. However, IoT also creates the need for petabyte scale storage of data from millions of devices. A new type of Storage is required which seamlessly integrates robust data analytics with massive scale. These storage systems will act as “smart systems” provide in-place analytics that speed discovery and enable businesses to quickly derive meaningful and actionable insights. In his session at @ThingsExpo, Paul Turner, Chief Marketing Officer at...
Nov. 27, 2015 10:45 AM EST Reads: 397
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
Nov. 27, 2015 10:00 AM EST Reads: 491
In his General Session at 17th Cloud Expo, Bruce Swann, Senior Product Marketing Manager for Adobe Campaign, explored the key ingredients of cross-channel marketing in a digital world. Learn how the Adobe Marketing Cloud can help marketers embrace opportunities for personalized, relevant and real-time customer engagement across offline (direct mail, point of sale, call center) and digital (email, website, SMS, mobile apps, social networks, connected objects).
Nov. 27, 2015 09:15 AM EST Reads: 290
The Internet of Everything is re-shaping technology trends–moving away from “request/response” architecture to an “always-on” Streaming Web where data is in constant motion and secure, reliable communication is an absolute necessity. As more and more THINGS go online, the challenges that developers will need to address will only increase exponentially. In his session at @ThingsExpo, Todd Greene, Founder & CEO of PubNub, exploreed the current state of IoT connectivity and review key trends and technology requirements that will drive the Internet of Things from hype to reality.
Nov. 27, 2015 07:45 AM EST Reads: 424
Two weeks ago (November 3-5), I attended the Cloud Expo Silicon Valley as a speaker, where I presented on the security and privacy due diligence requirements for cloud solutions. Cloud security is a topical issue for every CIO, CISO, and technology buyer. Decision-makers are always looking for insights on how to mitigate the security risks of implementing and using cloud solutions. Based on the presentation topics covered at the conference, as well as the general discussions heard between sessions, I wanted to share some of my observations on emerging trends. As cyber security serves as a fou...
Nov. 27, 2015 07:30 AM EST Reads: 322
Continuous processes around the development and deployment of applications are both impacted by -- and a benefit to -- the Internet of Things trend. To help better understand the relationship between DevOps and a plethora of new end-devices and data please welcome Gary Gruver, consultant, author and a former IT executive who has led many large-scale IT transformation projects, and John Jeremiah, Technology Evangelist at Hewlett Packard Enterprise (HPE), on Twitter at @j_jeremiah. The discussion is moderated by me, Dana Gardner, Principal Analyst at Interarbor Solutions.
Nov. 27, 2015 04:15 AM EST Reads: 712
With all the incredible momentum behind the Internet of Things (IoT) industry, it is easy to forget that not a single CEO wakes up and wonders if “my IoT is broken.” What they wonder is if they are making the right decisions to do all they can to increase revenue, decrease costs, and improve customer experience – effectively the same challenges they have always had in growing their business. The exciting thing about the IoT industry is now these decisions can be better, faster, and smarter. Now all corporate assets – people, objects, and spaces – can share information about themselves and thei...
Nov. 27, 2015 04:00 AM EST Reads: 228
Too often with compelling new technologies market participants become overly enamored with that attractiveness of the technology and neglect underlying business drivers. This tendency, what some call the “newest shiny object syndrome” is understandable given that virtually all of us are heavily engaged in technology. But it is also mistaken. Without concrete business cases driving its deployment, IoT, like many other technologies before it, will fade into obscurity.
Nov. 27, 2015 04:00 AM EST Reads: 336
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound effect on the world, and what should we expect to see over the next couple of years.
Nov. 27, 2015 02:30 AM EST Reads: 462
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true change and transformation possible.
Nov. 27, 2015 02:00 AM EST Reads: 520
Microservices are a very exciting architectural approach that many organizations are looking to as a way to accelerate innovation. Microservices promise to allow teams to move away from monolithic "ball of mud" systems, but the reality is that, in the vast majority of organizations, different projects and technologies will continue to be developed at different speeds. How to handle the dependencies between these disparate systems with different iteration cycles? Consider the "canoncial problem" in this scenario: microservice A (releases daily) depends on a couple of additions to backend B (re...
Nov. 27, 2015 01:00 AM EST Reads: 430
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it! In her Day 2 Keynote at 17th Cloud Expo, Sandy Carter, IBM General Manager Cloud Ecosystem and Developers, and a Social Business Evangelist, wil...
Nov. 27, 2015 01:00 AM EST Reads: 566