Intro
Shared network folders are an excellent tool to allow your users to easily collaborate on files and folders without having to transfer them between each other using manual methods. While cloud-based file storage and sharing is becoming increasingly popular (and with good reason), the traditional network share won't be going anywhere anytime soon, and is still the go-to for many organizations running on Active Directory.
Shared Folder vs. Cloud Storage
As mentioned, cloud storage solutions are growing increasingly popular (we offer our own!), but there's still many reasons why an organization would opt for a traditional shared folder. Let's look at some of the pros and cons of each:
Shared Folder
Pros:
1. You know exactly where your data lives
2. Familiar management and easy access control if you're already running Active Directory
3. Less latency (AKA better performance), assuming your users are relatively physically close to your file server.
4. Quick access and no need for additional logins
Cons:
1. Requires more manual setup & maintenance compared to most cloud solutions
2. Backup and replication must be setup manually
3. Lack of live collaboration as most programs (i.e. Microsoft 365) prevent a file from being opened in more than place at the same time
Cloud Storage
Pros:
1. Usually doesn't require setting up any additional infrastructure
2. Browser-based access, meaning files can be reached from anywhere (depending on security settings)
3. Generally more cost-effective than setting up traditional hardware for larger file shares
Cons:
1. May require users to have an additional set of credentials, depending on what SSO options are available
2. Latency/performance can be a concern
3. You don't always have control over where your data lives, which may cause compliance concerns for certain regulations like GDPR
Prerequisites and Assumptions
Before we dive into this tutorial, there's a few things you'll need to have setup to be able to follow along:
1. An existing Active Directory (AD) environment
2. A server running Windows Server 2022 (though most steps will be nearly identical for previous versions) and joined to your AD domain
3. Sufficient storage space. Allow for plenty of expansion room and consider data protection and recovery methods (RAID, frequent backups, etc.) against physical damage
4. For testing purposes, it may be helpful to have a test account with the same access privileges as your intended end user(s)
Note: It is possible to setup a share using the Server Manager > File and Storage Services wizards instead, though the steps are practically identical and will only differ in the visual appearance of the interface
Steps
1. Identify the users that will need access to the shared folder
2. Create a new security group and add those users to it. While you could add users individually to the folder, you'll see in the next few steps why a security group is much more convenient. We're calling ours "HR_USERS"
3. Navigate to the drive you want your folder to live on, and create a new folder. In our case, we'll call it "HR Files"
4. Right-click on the folder and open Properties
5. Navigate to the "Sharing" tab
6. Under "Network File and Folder Sharing", click "Share..."
7. In the "Network access" dialog that opens, type the name of your security group and click "Add"
8. By default, the group will be added with "Read" permissions only. Most likely, you'll want to change this to "Read/Write", but you could leave this as is if you want your users to have read-only permissions
9. Click "Share". Make note of the share path. For our example, its "\\WIN-DC1\HR Files". Click "Done"
10. Right-click on your folder again and navigate to the "Security" tab.
11. Review the permissions applied for your group. In general, if you want your group users to have Read/Write access, the default permissions applied will be perfectly fine. Note that in this context, "Full control" does not allow users to take ownership of the shared folder itself or give other users access. If you would like to set more restrictive permissions, feel free to do so.
12. The most restrictive permissions will take effect between the NTFS security permissions ("Security") tab and the share permissions ("Sharing" tab). If you navigate to Sharing > Advanced Sharing > Permissions, you'll will likely see the group "Everyone" listed with "Full Control" permissions. While this will not be the true effective permissions (assuming you've set the NTFS security permissions), it may be useful to remove this group for a clearer understanding of who has access to this folder and to avoid confusion if future administrators need to make changes.
13. (Optional) Log in as a your test user to ensure they have access to the folder! It may also be useful to log in with a user account that shouldn't have access and attempt to open the folder to ensure that your permissions have been set up as intended.
Take it one step further: If you'd like to make it easier for your users to access this folder, you can add a GPO to create a desktop shortcut to it or map it as a drive.
Conclusion
If all goes well, you should now have a shared folder your users can access from any domain workstation they log on to! We hope this tutorial was helpful and as always, please reach out to Cosmistack for all of your infrastructure management and consulting needs! Thanks for reading!
