How To Share Files and Folders Over a Network (Domain) in Windows 2000

This step-by-step guide describes how to share folders on a Windows 2000-based computer that is part of a domain.


For example, assume that you are the administrator of a Windows 2000-based domain. You get a call from Fran, the manager of your Accounting department. The Accounting department is working on a major project and wants to have a central location to save their working files. The Sales department needs to be able to read these files, but should not be able to edit them or add any new files. You need to create a shared folder on the Windows 2000-based file server to allow the Accounting and Sales departments to access the data.

Sharing a Folder

Before you share a folder, you should configure the file and folder permissions to prevent users who should have restricted access from connecting to the folder over the network. For additional information about how to set file and folder security before you share the folders, click the article number below to view the article in the Microsoft Knowledge Base:

To Share a Folder

1. Log on to the Windows 2000-based server as an administrator for the computer.
2. Click Start, point to Programs, point to Accessories, and then click Windows Explorer.
3. Expand My Computer, and then click the drive or folder in which you want to create a new folder.
4. On the File menu, point to New, and then click Folder.
5. Type a name for the new folder, and then press ENTER.
6. Right-click the folder, and then click Sharing.
7. In the folder properties, click Share this folder.
   
   Note that Windows 2000 automatically gives the share the same name as the folder (if there is not already another share with that name on the computer). You can change the share name to something more descriptive if you want.

Configuring Share Permissions

To configure share permissions:

1. On the Sharing tab, click Permissions.
2. In the Share Permissions dialog box, click Add.
3. In the Select Users, Computers, or Groups dialog box, double-click the appropriate user accounts or groups (for example, the Accountants and Sales groups).
4. When you have selected all of the users and groups to which you want to assign permissions, click OK. The groups and users you added, along with the Everyone group, are displayed in the top half of the Security tab.
5. In the Name list, click each user or group one at a time, and then apply the correct permissions in the Permissions list. For example, for the Accounting group, for the Change permission, click Allow. For the Sales group, for the Read permission, click Allow.
6. After you have set the appropriate permissions, click the Everyone group, and then click Remove.

Troubleshooting

Users Cannot Access Files and Folders That They Should Be Able to When Logged On Locally

Share access permissions are combined from any permissions that are assigned directly to the user and those that are assigned to any groups of which the user is a member. For example, assume that the user named Frank is a member of both the Accounting group and the Managers group. On one shared folder, Frank has Read permission, and the Accounting group has been granted the Change permission. Because Frank is also a member of the Accounting group, his effective permissions would be Read and Change.

The exception to this rule is if there is an explicit Deny permission on the folder or file. This occurs because Deny permissions are enumerated first when Windows 2000 is determining whether or not a particular user can perform a particular task. For example, if Frank is a member of a group that has Deny selected for the Read permission, he is unable to read the file or folder, even if other permissions should allow him to do so. Therefore, you should avoid using explicit Deny permissions (that is, avoid clicking to select a check box in the Deny column) unless there is no other way to achieve the permissions mix that you need.

Share permissions and the file and folder permissions that can be applied to resources on a drive that uses the NTFS file system are both applied if a user connects to a shared resource over the network. If the share permissions look as if they should allow for a particular level of access, but the user is having problems actually achieving that level of access, check the file and folder permissions to make sure they are not preventing access.