How To Share Files and Folders over a Network for Workgroups in Windows Server 2003 (323420)


The information in this article applies to:

  • Microsoft Windows Server 2003, Datacenter Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Server 2003, 64-Bit Datacenter Edition
  • Microsoft Windows Server 2003, 64-Bit Enterprise Edition
  • Microsoft Windows Small Business Server 2003, Standard Edition
  • Microsoft Windows Small Business Server 2003, Premium Edition
This article was previously published under Q323420
For a Microsoft Windows 2000 version of this article, see 301281.

IN THIS TASK

SUMMARY

This step-by-step guide describes how to share folders on a computer that is part of a workgroup, how to configure security for the shared folders and the subfolders and files that they contain, and how to connect over the network to shared folders on other computers that are members of the workgroup.

For example, assume that you are asked to set up file sharing on a Windows-based computer that is part of a workgroup. You have to create a share that contains Accounts Receivable files that are to be used by the Accounting and Sales staff at the company that you work for, and you have to configure security to make sure that only appropriate users can access the data that is stored in the share. The accounting staff must be able to read, edit, delete, and create files in the share, but the sales staff must be able to only read files in the share. The manager of the accounting department (Amy Alberts) is the only user who can change permissions on the contents of the share.

The computer that you are working with has a drives C and D, and you have decided to create the folder that will contain the data on drive D.

back to the top

Set Security on a Folder Before You Share It

  1. Log on to your computer as a user who is a member of the Power Users group or the Administrators group.
  2. Start Windows Explorer.
  3. Click the drive or folder in which you want to create a new folder.
  4. On the File menu, point to New, and then click Folder. Type a name for the new folder (for example, Accounts Receivable), and then press ENTER.
  5. Right-click the new folder, and then click Properties.
  6. Click the Security tab, and then click Advanced.
  7. Click to clear the Allow inheritable permissions from parent to propagate to this object and all child objects. Include these with entries explicitly defined here check box.
  8. In the Security dialog box that appears, click Copy.

    NOTE: The inherited permissions are copied directly to the folder.
  9. Click OK.
  10. To set permissions for a user or group that is not listed in the Group or user names box, click Add.
  11. In the Select Users or Groups dialog box that appears, type the names of the users or groups that you want to set permissions for (for example, Accounting, Sales, and Amy Alberts).
  12. Click OK.

    The users and groups that you added are displayed in the Group or user names box.
  13. To allow or deny a permission in the Permissions for User or Group box, click the user or group in the Group or user names box, and then click to select the Allow or Deny check box next to the permission that you want to allow or deny.

    For example, to allow Modify permissions for the Accountants group, click Accountants, and then click to select the Allow check box that is displayed next to Modify. To allow Read & Execute permission for the Sales group, click Sales, and then click to select the Allow check box that is displayed next to Read & Execute. To allow Full Control permission to Amy Alberts, click Amy Alberts, and then click to select the Allow check box that is displayed next to Full Control.
  14. Click OK.
back to the top

Share a Folder

  1. Start Windows Explorer.
  2. Right-click the folder that you want to share, (for example, Accounts Receivable), and then click Sharing and Security.
  3. Click Share this folder.

    Windows automatically uses the name of the folder as the share name (if there is not already another share that uses the name on the computer). You can change the share name if you want to use a different name.
  4. Click Permissions.
  5. In the Permissions for FolderName dialog box, click Add.
  6. In the Select Users or Groups dialog box, type the names of the users or groups that you want to add to the shared folder, and then click OK.
  7. To grant or remove a user or group permission for the shared folder, click the user or group in the Group or user names box, and then click to select the Allow or Deny check box next to the permission that you want to grant or deny.
  8. Click the Everyone group in the Group or user names box, and then click Remove.
  9. Click OK.
back to the top

How to Connect to a Shared Folder

When you share a folder, users on other computers can connect to the folder over the network. When users connect to a shared folder, they can open save, and delete files, modify and delete folders, and perform other tasks, depending on the level of permission you grant them. You can connect to shares on another computer by using any of the following methods:
  • Use My Network Places
  • Use a Universal Naming Convention (UNC) path
  • Map a network drive
back to the top

Connect to a Shared Folder by Using My Network Places

  1. Open My Network Places. To do so, start Windows Explorer, and then click My Network Places.
  2. Double-click ComputerName, where ComputerName is the name of the computer that contains the files that you want to access.

    If you are prompted to do so, type the user name and password to gain access to the computer to which you are connecting.

    A list of shared folders and printers on that computer is displayed.
  3. Double-click the shared folder to which you want to gain access.

    A list of subfolders and files in that shared folder are displayed. What you can do with those subfolders and files depends on the level of permission that you have been granted.
back to the top

Connect to a Shared Folder by Using UNC Format

To connect to a shared folder by using UNC format, follow these steps:
  1. Click Start, and then click Run.
  2. In the Open box, type the share name by using the following UNC format, where ComputerName is the name of the computer to which you are trying to connect and ShareName is the name of the shared folder on that computer:

    \\ComputerName\ShareName

    For example, to connect to the Data share on a computer that is named Server1, type \\Server1\Data.

  3. Click OK.

    If you are prompted to do so, type the user name and password to gain access to the computer.

    The contents of the shared folder are displayed.
back to the top

Connect to a Shared Folder by Using a Mapped Drive

  1. Start Windows Explorer.
  2. On the Tools menu, click Map Network Drive.
  3. In the Drive box, click the drive letter that you want to use for this mapped drive. You cannot use any of the drive letters that are currently used by your computer.
  4. In the Folder box, type the name of the share to which you want to connect by using Universal Naming Convention (UNC) format, where ComputerName is the name of the computer to which you are trying to connect, and ShareName is the name of the shared folder on that computer:

    \\ComputerName\ShareName

    You can also map drives to subfolders of the shared folder. For example:

    \\ComputerName\ShareName\SubfolderName

    Or, you can click Browse and then locate the computer to which you want to connect, the share on that computer, and the subfolder in that share.

  5. Click Finish.
NOTES:
  • By default, Windows tries to reconnect mapped drives the next time that you log on. If you do not want to reconnect to the mapped drive the next time that you log on (for example, if you want this mapped drive to be effective only for your current logon session), click to clear the Reconnect at Logon check box.
  • By default, you are connected to the remote computer using the logon credentials that you are currently using. If you want to use other credentials, click Connect using a different user name, and then type the appropriate user name and password to connect to the network resource.
  • The mapped drive that you create is visible in the Folders pane in Windows Explorer, and so are all the other drives on your computer. You can access the files in the shared folder through any program on your computer by using the mapped drive letter.
back to the top

Troubleshooting

Users Cannot Access Files and Folders When They Are Logged On Locally

Access permissions are combined with any permissions that are assigned directly to the user and those that are assigned to any groups of which the user is a member.

The exception to this rule is if there is an explicit Deny permission on the folder or file. This occurs because Deny permissions are enumerated first when Windows determines whether or not a particular user can perform a particular task. Therefore, avoid using explicit Deny permissions (that is, do not click to select a check box in the Deny column) unless there is no other way to grant the specific level of permissions that you need.

back to the top

Inappropriate Permission Levels When Users Access Files and Folders When They Are Logged On Locally

Users can write instead of just read when they are logged on locally. By default, permissions are inherited from the folder that contains the object. If you experience inappropriate permission levels, look for both inherited permissions that are incorrect for the shared resource and for group memberships that may grant different levels of permissions.

back to the top

Users Cannot Access Files and Folders over the Network

When you access data over the network, both share permissions and file and folder permissions apply. Share access permissions are combined with any permissions that are assigned directly to the user and those assigned to any groups of which the user is a member.

The exception to this is if there is an explicit Deny permission on the folder or file. This occurs because Deny permissions are enumerated first when Windows determines whether or not a particular user can perform a particular task. For example, if Fernando is a member of a group that has Deny selected for the Read permission, he cannot read the file or folder, even if other permissions permit him to do so.

Do not use explicit Deny permissions (that is, do not click to select a check box in the Deny column) unless there is no other way to grant the specific level of permissions that you need.

Check both the share permissions and the file and folder permissions for the user and any groups of which the user is a member.

back to the top

There Is No Security Tab in the Folder Properties Dialog Box

If you do not see the Security tab in the FolderName Properties dialog box, you may be using the FAT file system or the FAT32 file system. You can set file and folder permissions only on volumes that are formatted with the NTFS file system. You can use the convert command to convert FAT or FAT32 volumes to use the NTFS file system. back to the top

REFERENCES

For additional information about how to share and connect to files and folders over a network (domain) in Windows Server 2003, click the following article number to view the article in the Microsoft Knowledge Base:

324267 How To Share Files and Folders Over a Network (Domain) in Windows Server 2003

323386 How To Connect to Shared Folders Over the Network (on a Domain) in Windows Server 2003

back to the top
Modification Type:MinorLast Reviewed:7/15/2004
Keywords:kbfile kbHOWTOmaster kbNetwork KB323420 kbAudITPro
©2004 Microsoft Corporation. All rights reserved.