Welcome!

Silverlight Authors: Steven Mandel, Gerardo A Dada, Srinivasan Sundara Rajan, Yeshim Deniz, Greg O'Connor

Related Topics: Microsoft Cloud, Containers Expo Blog, Silverlight, Agile Computing, @CloudExpo

Microsoft Cloud: Blog Post

12 Steps to NTFS Shared Folders in Windows Server 2012

Server Manager provides improved local and remote management of Shared Folders

In the past, managing and sharing NTFS folders could be a real ordeal – there were different tools for managing NTFS permissions vs shared folders and most IT Pros generally used these tools on a server-by-server basis from each server’s console.

Server Manager to the rescue!
In Windows Server 2012, Server Manager provides a management facelift on top of the disconnected process that we’ve used in the past for sharing folders and setting NTFS permissions.  In addition, Server Manager can easily manage these folders on a local server or any remote servers that you’ve previously added to the Server Manager dashboard.

NOTE: For details on using and customizing Server Manager for your servers and network environment, check out this post on that topic.

Along with the new SMB 3.0 performance and availability features for shared folders, Server Manager provides a powerful management tool for taking advantages of these features in your network environment.

How can I share new folders with Server Manager?
You can start the process of sharing NTFS folders in Server Manager by launching the New Share Wizard from the File and Storage Services details page.  This new wizard integrates the steps involved with creating a new folder, sharing the folder and setting NTFS permissions into a single continuous workstream for local and remote servers.

  1. On the File and Storage Services page, select Shares and then click Tasks –> New Share … to begin the New Share Wizard.

    NTFSShare01
  2. On the Select the profile for this share page, select SMB Share – Quick and click the Next button.  Note that in addition to creating new SMB shares for NTFS folders that are sharing documents, we also have options for creating shared folders for applications, such as SQL databases or Hyper-V virtual machines, as well as creating new NFS shares for non-Windows client devices.

    NTFSShare02
  3. On the Select the server and path for this share page, select the server on which to create the new share ( local or remote server ) and the volume on which to create the new shared folder.  Click the Next button to continue.

    NTFSShare03
  4. On the Specify share name page, type the name of your new Share name and click the Next button to continue.

    NTFSShare04
  5. On the Configure share settings page, you will find advanced options for configuring Access-Based Enumeration (ABE), Offline folder caching, and Encryption of end-to-end SMB network traffic.  Let’s select all three options and then click the Next button.

    NOTE: If BranchCache is enabled on your server to optimize shared folder access over a WAN, you can also enable BranchCache for this new folder on this page.  To learn more about the new simplified BranchCache features in Windows Server 2012 … check out Brian Lewis’ My Thoughts on IT blog.

    NTFSShare05
  6. On the Specify permissions to control access page, review the default permissions for the new NTFS folder and click the Customize permissions… button to further customize these permissions as necessary.  When finished, click the Next button to continue.

    NTFSShare06
  7. On the Confirm selections page, review the currently selected settings for sharing the new folder and click the Create button to begin the process of creating the new folder, applying NTFS permissions, and sharing the folder with the selected share settings.

    NTFSShare10

How can I automate the process of sharing new folders?
You can automate the process of sharing new folders using PowerShell 3.0 and the new SMB Share Cmdlets.  For example, to create and share the same folder as demonstrated above, we could use the following commands in PowerShell:

MD D:\Shares\Documents

New-SMBShare -Name Documents -Path D:\Shares\Documents -FolderEnumerationMode AccessBased  
-CachingMode Documents -EncryptData $True -FullAccess Everyone

In addition to the new SMB Share Cmdlets, you can also use the Set-Acl and Get-Acl PowerShell cmdlets for automating NTFS folder permissions.

Has anything changed with NTFS permissions in Windows Server 2012?
NTFS access list permissions work the same in Windows Server 2012, but there is an improved user interface for setting and viewing NTFS permissions that can make implementing advanced security scenarios much easier.

What is an NTFS “advanced security scenario”?
For example, a common NTFS folder requirement in many organizations is to set permissions such that users can create, update, delete and rename files, but not delete or rename folders or sub-folders.  Many organizations implement this approach to provide a consistent network folder structure for users to store their files, without being concerned about users inadvertently moving or renaming (ie., pruning and grafting) whole sections of that folder structure.  In the past, this custom combination of file and folder permissions was confusing and difficult to implement.

To implement this scenario in Windows Server 2012, we can click on the Customize permissions… button referenced above in Step 6 and walk through the following process:

  1. In the Advanced Security Settings dialog box, click the Disable Inheritance button to disable inherited permissions from the parent folder in preparation of setting an explicit set of folder permissions.

    NTFSShare09
  2. When prompted, click the option to Convert inherited permissions into explicit permissions on this object. This will create a copy of each inherited permission access list entry into an explicit entry for this folder that we’ll be able to edit or remove.

    NTFS08
  3. In this case, we want to modify the default permissions granted to the Users group for this folder.  Use the Remove button to remove each of the existing access list entries granted to the Users group.

    NTFS09
  4. Then use the Add button to grant a new set of file permissions to the Users group.  In this scenario, we want users to have read, write and delete permissions to files ( and only files ) inside this folder, so we’ll select the following permission options for files:

    NTFS13
  5. Once we’re done adding file permissions, we’ll use the Add button again to grant a new set of folder permissions to the Users group.  In this scenario, we want users to have the ability to see folders and create new files, so we’ll select the following permission options for folders:

    NTFS12

That’s it! Now we’ve got our shared folder all set for this advanced security scenario in just a few clicks!  Of course, if we wanted to automate this process, we could’ve used the Set-Acl and Get-Acl PowerShell Cmdlets to set NTFS permissions via a script as well.

Are there any other changes related to NTFS permissions?
As we were working through the last set of steps, you may have noticed a few new tabs in the new NTFS Advanced Security Settings dialog.

NTFSShare08

The tabs that are new or improved for the NTFS Security Dialog in Windows Server 2012 include:

  • Share – integrates Share permissions into a separate tab on the NTFS security dialog, so that NTFS and Share permissions can be compared side-by-side
  • Effective Access – improved to provide an easier user interface to work with for evaluating the effective permissions for a user, group, device or claim.
  • Central Policy – used with the new Dynamic Access Control (DAC) feature of Windows Server 2012 to centralize folder permissions into security policies that can be dynamically applied to files and folders based on Active Directory claims.

Dynamic Access Control (DAC), in particular, is a powerful feature in Windows Server 2012 to reduce the administrative load of managing standard permission access lists across lots of file servers. I’ll be writing a separate article in the near future that steps through the process of using DAC.

Do It: Implementing Shared Folders and NTFS Permissions
Your turn! Build your own Windows Server 2012 server lab and use the steps outlined above to create and share your own shared folder with the following properties:

  • Shared folder path: C:\Shares\Documents
  • Shared folder name: Documents
  • Shared folder settings: Access-based Enumeration
  • NTFS Permissions: Use the permissions shown in the example above.

What's Next?

In this article, we've walked through the benefits of the improvements offered by Windows Server 2012 for sharing and configuring NTFS folders using  Server Manager and PowerShell 3.0

Learn more! To gain more experience with Windows Server 2012 in your lab, feel free to join our FREE Windows Server 2012 "Early Experts" Challenge online study group and become one of the 1,000+ IT Pros that are now studying as "Early Experts" on Windows Server 2012.

What do you think of Server Manager in Windows Server 2012?
Are you excited about using Server Manager in your environment for shared folder scenarios?  Feel free to share your feedback and stories in the comments below!

Hope this helps,

Keith

Build Your Lab! Build Your Lab! Download Windows Server 2012
Build Your Lab in the Cloud! Don’t Have a Lab? Build Your Lab in the Cloud with Windows Azure Virtual Machines
Join our "Early Experts" study group! Want to Get Certified? Join our Windows Server 2012 "Early Experts" Study Group

More Stories By Keith Mayer

Keith Mayer is a Technical Evangelist at Microsoft focused on Windows Infrastructure, Data Center Virtualization, Systems Management and Private Cloud. Keith has over 17 years of experience as a technical leader of complex IT projects, in diverse roles, such as Network Engineer, IT Manager, Technical Instructor and Consultant. He has consulted and trained thousands of IT professionals worldwide on the design and implementation of enterprise technology solutions.

Keith is currently certified on several Microsoft technologies, including System Center, Hyper-V, Windows, Windows Server, SharePoint and Exchange. He also holds other industry certifications from IBM, Cisco, Citrix, HP, CheckPoint, CompTIA and Interwoven.

Keith is the author of the IT Pros ROCK! Blog on Microsoft TechNet, voted as one of the Top 50 "Must Read" IT Blogs.

Keith also manages the Windows Server 2012 "Early Experts" Challenge - a FREE online study group for IT Pros interested in studying and preparing for certification on Windows Server 2012. Join us and become the next "Early Expert"!

@ThingsExpo Stories
IoT is rapidly changing the way enterprises are using data to improve business decision-making. In order to derive business value, organizations must unlock insights from the data gathered and then act on these. In their session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, and Peter Shashkin, Head of Development Department at EastBanc Technologies, discussed how one organization leveraged IoT, cloud technology and data analysis to improve customer experiences and effi...
Basho Technologies has announced the latest release of Basho Riak TS, version 1.3. Riak TS is an enterprise-grade NoSQL database optimized for Internet of Things (IoT). The open source version enables developers to download the software for free and use it in production as well as make contributions to the code and develop applications around Riak TS. Enhancements to Riak TS make it quick, easy and cost-effective to spin up an instance to test new ideas and build IoT applications. In addition to...
The idea of comparing data in motion (at the sensor level) to data at rest (in a Big Data server warehouse) with predictive analytics in the cloud is very appealing to the industrial IoT sector. The problem Big Data vendors have, however, is access to that data in motion at the sensor location. In his session at @ThingsExpo, Scott Allen, CMO of FreeWave, discussed how as IoT is increasingly adopted by industrial markets, there is going to be an increased demand for sensor data from the outermos...
CenturyLink has announced that application server solutions from GENBAND are now available as part of CenturyLink’s Networx contracts. The General Services Administration (GSA)’s Networx program includes the largest telecommunications contract vehicles ever awarded by the federal government. CenturyLink recently secured an extension through spring 2020 of its offerings available to federal government agencies via GSA’s Networx Universal and Enterprise contracts. GENBAND’s EXPERiUS™ Application...
The cloud market growth today is largely in public clouds. While there is a lot of spend in IT departments in virtualization, these aren’t yet translating into a true “cloud” experience within the enterprise. What is stopping the growth of the “private cloud” market? In his general session at 18th Cloud Expo, Nara Rajagopalan, CEO of Accelerite, explored the challenges in deploying, managing, and getting adoption for a private cloud within an enterprise. What are the key differences between wh...
Presidio has received the 2015 EMC Partner Services Quality Award from EMC Corporation for achieving outstanding service excellence and customer satisfaction as measured by the EMC Partner Services Quality (PSQ) program. Presidio was also honored as the 2015 EMC Americas Marketing Excellence Partner of the Year and 2015 Mid-Market East Partner of the Year. The EMC PSQ program is a project-specific survey program designed for partners with Service Partner designations to solicit customer feedbac...
The IoT is changing the way enterprises conduct business. In his session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, discussed how businesses can gain an edge over competitors by empowering consumers to take control through IoT. He cited examples such as a Washington, D.C.-based sports club that leveraged IoT and the cloud to develop a comprehensive booking system. He also highlighted how IoT can revitalize and restore outdated business models, making them profitable ...
There are several IoTs: the Industrial Internet, Consumer Wearables, Wearables and Healthcare, Supply Chains, and the movement toward Smart Grids, Cities, Regions, and Nations. There are competing communications standards every step of the way, a bewildering array of sensors and devices, and an entire world of competing data analytics platforms. To some this appears to be chaos. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, Bradley Holt, Developer Advocate a...
SYS-CON Events has announced today that Roger Strukhoff has been named conference chair of Cloud Expo and @ThingsExpo 2016 Silicon Valley. The 19th Cloud Expo and 6th @ThingsExpo will take place on November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. "The Internet of Things brings trillions of dollars of opportunity to developers and enterprise IT, no matter how you measure it," stated Roger Strukhoff. "More importantly, it leverages the power of devices and the Interne...
The cloud promises new levels of agility and cost-savings for Big Data, data warehousing and analytics. But it’s challenging to understand all the options – from IaaS and PaaS to newer services like HaaS (Hadoop as a Service) and BDaaS (Big Data as a Service). In her session at @BigDataExpo at @ThingsExpo, Hannah Smalltree, a director at Cazena, provided an educational overview of emerging “as-a-service” options for Big Data in the cloud. This is critical background for IT and data profession...
Whether your IoT service is connecting cars, homes, appliances, wearable, cameras or other devices, one question hangs in the balance – how do you actually make money from this service? The ability to turn your IoT service into profit requires the ability to create a monetization strategy that is flexible, scalable and working for you in real-time. It must be a transparent, smoothly implemented strategy that all stakeholders – from customers to the board – will be able to understand and comprehe...
In addition to all the benefits, IoT is also bringing new kind of customer experience challenges - cars that unlock themselves, thermostats turning houses into saunas and baby video monitors broadcasting over the internet. This list can only increase because while IoT services should be intuitive and simple to use, the delivery ecosystem is a myriad of potential problems as IoT explodes complexity. So finding a performance issue is like finding the proverbial needle in the haystack.
Cloud Expo, Inc. has announced today that Andi Mann returns to 'DevOps at Cloud Expo 2016' as Conference Chair The @DevOpsSummit at Cloud Expo will take place on November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. "DevOps is set to be one of the most profound disruptions to hit IT in decades," said Andi Mann. "It is a natural extension of cloud computing, and I have seen both firsthand and in independent research the fantastic results DevOps delivers. So I am excited t...
Apixio Inc. has raised $19.3 million in Series D venture capital funding led by SSM Partners with participation from First Analysis, Bain Capital Ventures and Apixio’s largest angel investor. Apixio will dedicate the proceeds toward advancing and scaling products powered by its cognitive computing platform, further enabling insights for optimal patient care. The Series D funding comes as Apixio experiences strong momentum and increasing demand for its HCC Profiler solution, which mines unstruc...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, will demonstrate how to move beyond today's coding paradigm ...
Internet of @ThingsExpo has announced today that Chris Matthieu has been named tech chair of Internet of @ThingsExpo 2016 Silicon Valley. The 6thInternet of @ThingsExpo will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
"We work in the area of Big Data analytics and Big Data analytics is a very crowded space - you have Hadoop, ETL, warehousing, visualization and there's a lot of effort trying to get these tools to talk to each other," explained Mukund Deshpande, head of the Analytics practice at Accelerite, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
UAS, drones or unmanned aircraft, no matter what you call them — this was their week. Our news stream was flooded with updates on the newly announced rules and regulations for commercial UAS from the FAA. So, naturally we have dedicated this week’s top news round up to highlight some of our favorite UAS stories.
When people aren’t talking about VMs and containers, they’re talking about serverless architecture. Serverless is about no maintenance. It means you are not worried about low-level infrastructural and operational details. An event-driven serverless platform is a great use case for IoT. In his session at @ThingsExpo, Animesh Singh, an STSM and Lead for IBM Cloud Platform and Infrastructure, will detail how to build a distributed serverless, polyglot, microservices framework using open source tec...
IoT offers a value of almost $4 trillion to the manufacturing industry through platforms that can improve margins, optimize operations & drive high performance work teams. By using IoT technologies as a foundation, manufacturing customers are integrating worker safety with manufacturing systems, driving deep collaboration and utilizing analytics to exponentially increased per-unit margins. However, as Benoit Lheureux, the VP for Research at Gartner points out, “IoT project implementers often ...