How To Share Files and Folders over the Network in a Windows Server 2003 Domain Environment

This step-by-step guide describes how to share folders on a computer that is running Windows Server 2003 and is part of a domain.

For example, assume that you are the administrator of a Windows Server 2003-based domain. You get a call from the manager of your Accounting department. The Accounting department is working on a major project and wants to have a central location to save their working files. The Sales department has to be able to read these files, but should not be able to edit them or add any new files. You have to create a shared folder on the Windows Server 2003-based file server to allow the Accounting and Sales departments to access the data.

Before You Share a Folder

Before you share a folder, you must configure the file and folder permissions to prevent users with restricted access from connecting to the folder over the network. For additional information about how to set file and folder security before you share the folders, click the article number below to view the article in the Microsoft Knowledge Base:

How to Share a Folder

1. Log on to the computer as Administrator or as a member of the Administrators group.
2. Click Start, point to All Programs, point to Accessories, and then click Windows Explorer.
3. Expand My Computer, and then click the drive or folder in which you want to create a new folder.
4. On the File menu, point to New, and then click Folder.
5. Type a name for the new folder, and then press ENTER.
6. Right-click the folder, and then click Sharing and Security.
7. Click Share this folder.
   
   Windows automatically uses name as the folder as the share name (if there is not already another share with that name on the computer). You can change the share name if you want to use a different name.

How to Configure Share Permissions

To configure share permissions:

1. On the Sharing tab, click Permissions.
2. Click Add.
3. In the Select Users or Groups dialog box, double-click the appropriate user accounts or groups (for example, the Accountants and Sales groups) that you want.
4. When you finish selecting the users and groups to which you want to grant permissions, click OK. The groups and users that you added, and the Everyone group, are displayed in the Group or user names list.
5. In the Group or user names list, click each user or group, and then grant the permissions that you want to the user or group.
   
   For example, to grant Change permission to the Accounting group, click Accounting in the Group or user names list, and then for the Change permission, click to select the Allow check box. To grant Read permission to the Sales group, click Sales in the Group or user names list, and then for the Read permission, click to select the Allow check box.
6. After you set the appropriate permissions for the user or groups that you want, click the Everyone group, and then click Remove.
7. Click OK.

Troubleshooting

Users Cannot Access Files and Folders That They Should Be Able to When Logged On Locally

Share access permissions are combined from any permissions that are granted directly to the user and those that are granted to any groups of which the user is a member. For example, assume that the user named Frank is a member of both the Accounting group and the Managers group. On one shared folder, Frank has Read permission, and the Accounting group has Change permission. Because Frank is also a member of the Accounting group, his effective permissions are Read and Change.

The exception to this rule is if there is an explicit Deny permission on the folder or file. This occurs because Deny permissions are enumerated first when Windows determines whether or not a particular user can perform a particular task. For example, if Frank is a member of a group that has Deny selected for the Read permission, he cannot read the file or folder, even if other permissions allow him to do so. Therefore, you should avoid using explicit Deny permissions (that is, do not click to select a check box in the Deny column) unless there is no other way to get the specific level of permissions that you need.

Share permissions and the file and folder permissions that can be applied to resources on a drive that uses the NTFS file system are both applied if a user connects to a shared resource over the network. If the share permissions appear as if they should allow for a particular level of access, but the user experiences problems actually achieving that level of access, check the file and folder permissions to make sure that they do not prevent access.