Файловый сервер необходим для предоставления ресурсов для хранения и обеспечения доступа к файлам в локальной сети. Клиенты с его помощью могут иметь прямой доступ к важным документам, а не перемещать их с одного компьютера на другой. Настройка файлового сервера 2003 проводится при необходимости получения доступа с разных клиентских компьютеров к одним и тем же файлам, необходимым для работы.
Прежде чем приступить к описанию особенностей предварительной подготовки компьютера и настройки файлового сервера при помощи консоли «управление данным сервером», следует отметить, что данную процедуру лучше доверить профессионалу. Поэтому мы рекомендуем обратиться в нашу компанию для решения данного вопроса. При самостоятельной настройке удобство обеспечивается благодаря наличию мастера установки, который автоматически выполняет большую часть действий, а от пользователя требует только ввода некоторой важной информации.
Предварительная подготовка компьютера необходима для того, чтобы убедиться в полной работоспособности компьютера. Важное условие – это корректно настроенная операционная система. Для настройки компьютера в качестве файлового сервера IT-специалисты рекомендуют использовать операционные системы серии Windows. Прежде чем начать установку, пользователь должен убедиться в том, что службы и программы системы работают оптимально. В ряде случаев достаточно использовать настройки по умолчанию. Если планируется обновление системы, важно проверить соответствие параметров и требований производительности и безопасности. Для этого можно использовать таблицу стандартной настройки служб.
Другое условие – это подключение компьютера к AD в качестве рядового сервера. Для этого важно осуществить проверку подлинности и публикации и подключить файловый сервер к домену. Далее необходимо проверить, все ли дисковое пространство выделено для будущей работы сервера. Если планируется создание нового раздела, то пользователь может воспользоваться консолью «управление дисками» или специальной программой DiskPart.exe.
При любой настройке сервера, в том числе и установки файлового сервера, важно, чтобы использовалась разметка NTFS. Системные администраторы предупреждают, что тома FAT32 не обладают должными качествами и не могут достаточно защитить систему, поскольку не имеют возможности шифрования, сжатия файлов и разрешения специального доступа к важным файлам. Также важно включить брандмауэр ОС и настроить безопасность системы. Это необходимо для обеспечения работоспособности сервера и обеспечения надежности.
Настройка файлового сервера windows 2003 проводится с помощью мастера настройки сервера. Для этого необходимо добавить роль через программу управления сервером. Открыть ее можно через панель управления в консоли администрирования компьютера. Мастер настройки также запускается через администрирование. Далее необходимо выбрать установленный файловый сервер и начать его настройку. Программа предлагает следующие возможности: дисковые квоты, служба индексирования, сводка параметров, применение мастера для создания ресурсов общего пользования, завершение мастера настроек, удаление роли. Все перечисленные функции относятся к настройке работоспособности данного файлового сервера. Стоит рассмотреть их чуть подробнее.
Раздел «Дисковые квоты» позволяет устанавливать отслеживающие и контролирующие применение пользователем дискового пространства квоты. Они применяются для всех новых пользователей системы NTFS и позволяют избежать использования клиентами слишком больших объемов дискового пространства. Таким образом, они устанавливают ограничение на объем памяти диска, а соответственно поддерживают быстродействие системы.
Служба индексирования является быстрым и наиболее безопасным способом поиска данных в локальной или общей сети. С ее помощью пользователи могут быстро и надежно искать необходимые файлы различного формата и на разном языке, используя всего один пункт «найти».
Когда мастер настройки выводит на монитор сводку выбранных параметров, пользователь должен проверить и подтвердить активацию тех или иных функций. Чаще всего к таким параметрам относится установка управления или мастер создания ресурсов общего пользования для добавления новых папок для общего доступа.
После подтверждения параметров программа запускает мастер создания общих ресурсов. Он необходим для корректной настройки папок для общего доступа в локальной сети. На данном этапе пользователь должен указать путь к общей папке, дать ей имя, описание и параметры, указать допустимые разрешения. После ввода необходимых данных мастер делает данный ресурс общим.
После проведения всех перечисленных выше процедур мастер оповещает, что windows server 2003 настройка dfs полностью завершена. Теперь сервер работает в качестве файлового сервера. Если пользователю необходимо просмотреть сделанные изменения, то можно воспользоваться ссылкой просмотра сведений. В качестве дополнения после проведения всей процедуры настройки IT-специалисты рекомендуют посетить веб-узел Windows Update и проверить доступные обновления. Это необходимо для обеспечения максимальной работоспособности и надежности работы сервера. Данную процедуру, как и всю настройку сервера, также можно доверить нашим профессионалам.
Наши клиенты
Required configuration :
— Active Directory
As this tutorial will discuss shared issues and rights, we will use a concrete example that could end up in business because the servers are often used in the professional world (and business schools) to manage the rights of each user or group user. Most often to prevent employees install anything or make improper handling without knowing it.
The example is as follows and is composed of 3 users :
— The secretary who do not know it, most of the time, not many computers (simply because it isn’t working).
— The owner of the company that wants to have access to all files and folders (including those of the employees).
— The computer will have a total control over the server since it is he who makes the maintenance, either periodically or when the server kidding or the boss asks him to perform a particular task.
In summary, the rights that we will assign to the tutorial will be :
— For the secretary : Read Only and only has access to his file.
— For the boss : Access Read & Change to 3 files (secretary, boss and computer).
— For the computer : Full Control knew the 3 folders.
- Creation of 3 users
- Creating folders and shares
- Add shared folders in Active Directory
- Connect a network drive for each shared folder for easy access from the client under «Windows XP»
1. Creation of 3 users
To begin, open the «Manage Your Server» and click «Manage users and computers in Active Directory».
Right click on your domain and click on «New -> Organizational Unit».
It isnt’ mandatory to create one but it allows to navigate when you have a big server. This is comparable to a folder where files would be created.
It is called «InformatiUser» because we will place our 3 users that will be created but you can give it any name.
We will now create our 3 users named above.
For this, we make a right click on the Organisation Unit «InformatiUser» that we just created and click on «New -> User».
For the tutorial we will put the same name (ie, secretary, boss, computer) for the first name and the user name.
Enter a password complying with safety rules :
— Minimum length of 8 characters.
— Complexity : Uppercase / Lowercase.
Special characters are not mandatory for the password is accepted, but it’s still recommended to use them.
— Numbers.
The wizard displays a summary of the configuration of the user. Click «Finish» and repeat the same thing for the other 2 users : boss and computer scientist (informaticien in French).
Once the 3 users created will be displayed in the right list.
2. Creating folders and shares
Create 3 folders where you want but avoid the desktop, «my documents» folder and user directories located in «C:\Documents and Settings» and the Windows folder because the permissions of these files may sometimes refuse the access as Windows XP when you set a password for your user session and click sue «go private». Because this action changes the NTFS directory permissions of the user concerned and blocks access to other users. It’s because of this that we must avoid to shared folders in the user directory for the shared folders will perhaps one day be denied access to because of that.
Regarding the «Windows» folder is for the simple reason that it’s a system folder and should be avoided to share files that are in Windows.
Once created folders you get this :
We’ll start by sharing the secretary file by right clicking the file and clicking on «Sharing and Security …».
To facilitate the tutorial, we will leave the default share name. Click «Allow» to set the share access rights.
Small difference compared to a conventional OS as «Windows XP», which corresponds to the server «Windows Server 2003» edition is that we will put the rights in the «Security» tab which is much more complete than the «Sharing» tab.
So we will configure the share access rights («Sharing» tab) Full Control for users who have at least one right (read, modify, …). Then, we configure the NTFS permissions («security» tab) with the rights mentioned at the beginning of this tutorial «Shared Folders and rights».
Note : It’s essential that the partition is formatted as NTFS for NTFS rights are available. Having said all new hard drives can be formatted in NTFS and FAT32. At least at the base because there may be utilities to do so.
First start by removing the group «Everyone» because it is a security flaw, and if you don’t remove it, the rights may be incorrect because the group «Everyone» includes all including those that have just been created.
Once removed, we will add 3 users, one by one, by clicking «Add.»
To add users write the beginning of the username or group and click «Check Names» for the full name automatically write.
Repeat the same operation for the other 2 users.
Once users are added, check the 3 boxes allow for 3 users.
Note : you must select a user to change the checkboxes is concerned.
Once done, click «OK» to exit the window and return to this window.
It’s important to click the «Apply» button before setting the «Security» tab because if you don’t do it, you will get a message «Error : This resource was not shared» and you will have to configure this shared folder and the «security» tab.
We will now configure the NTFS permissions («Security» tab) with the rights mentioned at the beginning of the tutorial.
To begin, we will first remove the existing rights that are actually inherited from parent directories. To do this, click the «Advanced Settings» button.
To remove these legacies NTFS permissions to a folder simply uncheck «Allow inheritable permissions from parent to propagate …».
When this legacy is removed, he asks us if we want to copy the rights from the parent folder so that they are independent of the NTFS permissions of the parent folder or delete them for the current folder.
Click «Remove».
If you still have a line like me, also delete the. These are the permissions for the «Administrators» group which also contains the «Administrator» account with which you are connected to the server.
Note that the group has an «s» at the end, what differentiates from the user «Administrator».
Once the last line deleted, the list is finally empty. Click «OK» to exit this window.
The waiter displays a message warning us that all rights are denied to all users, which makes sense because no rights = rights denied but don’t panic, we will configure them in the next window.
Click «Yes» to continue.
Start by adding 3 users who have at least a right to that share as follows : the Secretary, the boss and the computer scientist (informaticien in French) by pressing the «Add» button.
The computer scientist (informaticien in French) has all the rights to this share so check the «Full Control» box and other «Allow» checkbox will check automatically.
Then, for the rights of the boss is slightly more complicated.
Reminder : The boss has read and modify rights, but not delete so we will have to allow rights «Read» and «Change / Write» and deny the rights of «delete».
To do this, first check the boxes as shown in the image and then click to set the delete rights that are found only in the advanced settings.
Select the «Boss» line and click the «Edit …» button.
Seeing the number of spaces in the settings you will understand why I made you return to the simplified version to almost all rights.
In this window, select the «Deny» checkboxes for 2 delete rights namely : «Delete subfolders and files» and «Delete».
Then press «OK» to return to the previous window.
Note : Refuse removal also prevents the user to rename files and folders to these rights. This is a special case of NTFS permissions.
You see an additional line was created. These rights «Deny» type and the authorization is named «Special» because she was not ticked the boxes fit a basic right as «Read, Update, …».
He warns us that «Deny» rights take precedence over those «Allow». This applies to all rights NTFS whether on a Windows Server or Windows Classic.
Click «Yes».
And finally, for the Secretary check only human the «Read» box as in the picture. And finally click «OK».
Once the rights set for the «secretary» folder, repeat the same procedure in accordance with the following rights :
— Check «Full Control» for the computer scientist (informaticient in French) and the boss who have at least one right on the folder of the boss. The Secretary only has access to his folder it’s useless to add it to the list as «no rights» = «rights denied» as said above.
Then, click OK and apply on the remaining window and go to the «Security» tab.
Then, in the NTFS permissions, select «Full Control» for the computer scientist (informaticien in French).
And the rights of «reading» and «modification» to the boss. Don’t forget to refuse the two rights «suppression» in advanced for the boss as explained above parameters. Once the rights «delete» refused, you see the «Deny» box on line «Special Permission» with a «v» gray like the picture below.
Click «OK».
And finally we will configure the rights of the third and last shared namely «Computer scientist (informaticien in French)» folder.
— Check «Full Control» for the computer scientist (informaticien in French) and the boss who have at least one right on the folder of the computer scientist. The secretary only has access to his folder, it’s useless to add it to the list as «not rights» = «rights denied» as said above.
Click «OK» and «Apply» on the remaining window and go to «Security» tab.
In the «Security» tab, allow full control for the computer scientist (informaticien in French). As well as read and modifications rights for the boss. Don’t forget to refuse the two rights «suppression» in advanced parameters for the boss as explained above.
3.2. Setting Up File Sharing Services
To configure a machine as a file server, open the Manage Your Server Wizard from the Start menu. Adding a file server role to a machine involves the following tasks.
- Configuring the machine as a file server
-
This process involves turning on file sharing and creating the first shared folder. Windows also creates a few of its own shares by default, which I’ll discuss in more detail as the chapter progresses.
- Establishing disk space limits by enabling disk quotas, if necessary
-
Disk quotas are a simple way to limit and control the amount of disk space your users take up with their data. Quotas monitor and limit a user’s disk space on a per-partition or per-volume basis; quotas do not stretch across multiple disks. The wizard can configure Windows to apply default quota settings that you select to any new users of any NTFS filesystem. This is not required to set up file sharing services, but you might find the feature useful.
- Turning on the Indexing Service, if necessary
-
The Indexing Service reads the contents of most files on the server and makes a catalog of their contents for easy search and retrieval at later points in time. Because the user interface for the Manage Your Server Wizard presents this option, I mention it here, but I cover it in detail in Chapter 13.
- Installing the File Server Management MMC console
-
This console snap-in provides an easy way to create, modify, edit, and generally administer shared folders, and I’ll talk about it in this chapter.
- Creating shared folders and setting share permissions for each folder
-
Finally, you’ll want to create the shared folders and apply permissions to them. After all, that’s why you started the process, right?
Start up the Manage Your Server utility from the Start menu and click Add or remove a role. On the Server Role page, select File server and click Next. The Configure Your Server Wizard appears, as shown in Figure 3-1.
Figure 3-1. The Configure Your Server Wizard
The following procedure steps you through the rest of the process.
-
To assign disk space to a user on a particular disk, use disk quotas. The wizard will first ask you if you want to configure user disk quotas.
To let users know when they have exceeded their disk quota, and to prevent them from using additional space, set a warning, or soft quota. This writes an error to the event log when the user exceeds a certain amount of space to let him know he’s approaching his quota limit. Also, configure the final quota, or hard quota.
Check the Deny disk space to users exceeding disk space limit checkbox to enable disk quotas; otherwise, Windows will simply track disk usage by user but will not enforce the limits you configured.
You also can set Windows to write to the event log when a user exceeds his hard or soft quota, or even when he exceeds both. Figure 3-2 shows the quota configuration process.
Figure 3-2. Configuring disk quotas
-
Next, decide whether to enable the indexing service. If you turn on the service, users can search in files in different formats and languages, through either Search on the Start menu or the HTML pages they view in a browser. (More on that in Chapter 13.) Turn on the indexing service only if users will need to frequently and consistently search the contents of this particular server. The service requires a good bit of CPU horsepower and memory resources despite the enhancements made in Windows Server 2003, and it can slow network request performance if you leave it on. It’s best to use it only if you need it.
Figure 3-3 shows the indexing service configuration screen.
Figure 3-3. Configuring the indexing service
-
At this point, the wizard will summarize your selections thus far. Acknowledge this by clicking Next. Windows will install the File Server Management console, where you can access information on open shares, open files, and connections to the server, disk fragmentation analysis, and disk volume management tools. Then, the Share a Folder Wizard will be started to enable you to add your first shared folder to the new file server. I explain the procedure for using this wizard later in this section.
-
Once the Share a Folder Wizard finishes, you will see the This Server Is Now a File Server page. Click the Configure Your Server log link to view the changes the wizard made to the machine. (Alternatively, you can find this file at %systemroot%\Debug\Configure Your Server.log.) Click Finish to finalize all the changes.
3.2.1. Creating a Share Manually
Only members of the Administrators, Server Operators, or Power Users groups can share folders by default. However, you can configure network-based GP settings to restrict other users and groups from doing so as well. Shares created using Windows Server 2003 are, by default, configured to allow the Authenticated Users groupall users who logged into the machine or networkread-only access. This is a result of the new security consciousness at Microsoft; in previous releases, all users were allowed full control of a share by default, which made for some sticky situations on compromised machines.
Share permissions are different from file- and folder-level permissions, which are more granular. File- and folder-level permissions (also known as NTFS permissions) are covered later in this chapter. If you have a smaller business with fewer employees and less emphasis on security, you might find simple share-level permissions sufficient for protecting content that should be confidential. However, in larger organizations, share-level permissions often don’t provide enough manageability and flexibility. Also, their storage and shared folder hierarchies often are more complex than they are in smaller businesses, which makes administering share-level protection on lots of shares very tedious and unwieldy.
|
Some file-sharing options might be limited if simple file sharing is enabled. When this option is enabled on workstations running Windows XP Professional, creating, managing, and changing permissions on shares is impossible to do remotely because all remote connections authenticate to that computer using the Guest account. It is recommended that, in a business networking environment, you disable simple file sharing. Consult a good Windows XP book for more information on simple file sharing under Windows XP. |
You can create a share in three ways: using the Share a Folder Wizard, using the Explorer GUI, and using the command-line. To share a folder using the Share a Folder Wizard, follow these steps:
-
Launch the Share a Folder Wizard through the Manage Your Server utility.
-
On the Folder Path page, select the folder for sharing. Click Browse to access a directory tree. Then, click Next.
-
The Name, Description, and Settings page appears, as shown in Figure 3-4. Enter the following data for the new shared folder:
Figure 3-4. Creating a shared folder manually
In Share name (a required field), type the name you want to use for the shared resource. This should be short and descriptive, such as «ACCNTG» for accounting or «SCRATCHPAD,» so users can quickly see a share’s purpose.
In Description (an optional field), type a description of the shared resource. Descriptions can assist you, as an administrator, and your users with understanding the purpose of a share. Use something clear, such as «Accounting documents for Q3 1999» or «Inactive Proposals.»
In Offline setting, specify how you want to make the contents of the shared folder available to users when they are not connected to the network. Click the button to make further tuning adjustments. The three options are fairly self-explanatory: the first option gives the user control over which documents are available offline, the second makes all documents available, and the third prevents any documents from being used offline. Note that checking the Optimized for performance checkbox automatically caches documents so that users can run them locally, which is helpful for busy application servers because it lowers overall traffic to and from the server. After you finish, click Next.
-
On the Permissions page, configure the permissions for the shared folder. Share permissions apply only to users who access the share from the network; users at the console still will be able to look at the contents of the share unless file-level NTFS permissions restrict them from doing so.
The available permissions are as follows:
- All users have read-only access
-
Both administrators and normal users will only be able to read files from this share; no writing or modification is allowed.
- Administrators have full access; other users have read-only access
-
Members of the Administrators group retain full control over the share, including the ability to set new NTFS file permissions; everyone else has only read privileges. This is the best setting for a share that contains a program to be run over a network.
- Administrators have full access; other users have read and write access
-
All users can read and write. Only members of the Administrators group retain the ability to change NTFS file permissions, however.
- Use custom share and folder permissions
-
Using the custom permissions feature, you can assign specific permissions and deny permissions to users and groups. This is how a user would remove the default read-only access for all users, a wide-open door in effect that might not be desired for sensitive materials.
Figure 3-5 shows the shared folder permissions page.
Figure 3-5. The shared folder permissions page
-
Click Finish when you’re done.
-
The wizard completes by showing the Sharing was Successful page. You can share another folder immediately by checking the When I click Close, run the wizard again to share another folder checkbox. Click Close to exit.
To share a folder using Windows Explorer, follow these steps:
-
Find the folder you want to share, and right-click it.
-
Select Sharing and Security from the context menu.
-
Fill in the form:
In Share name (a required field), type the name you want to use for the shared resource. This should be short and descriptive.
In Description (an optional field), type a description of the shared resource. Descriptions can assist you, as an administrator, and your users with understanding the purpose of a share.
In User Limit, enter the maximum number of users that can simultaneously connect to this share, or check the Maximum allowed checkbox to permit as many connections as your OS license allows. The best choice really depends on the purpose of the share, its contents, the hardware of your server, and the bandwidth on your network.
The completed form is shown in Figure 3-6.
Figure 3-6. Sharing a folder through Windows Explorer
-
Click the Permissions button to tune the restrictions users have on this share. On that screen, click Add to select the users to whom the permissions you assign will apply, and then click their names in the top pane and select the appropriate permissions using the checkboxes in the bottom pane. Click OK when you’re done.
-
Click the Offline Settings button. Adjust the settings for how offline files are used for this share (see the descriptions later in this chapter), and then click OK.
-
Click OK to finish sharing the folder.
To share a folder using the command-line, follow these steps:
-
Open a command-line window by selecting StartRun, typing CMD, and pressing Enter.
-
Type net share sharename=drive:path, where sharename is the name of the share and drive:path is the location of the folder to be shared.
-
Add any switches you need to further customize the share. Here is a list of available switches.
- /GRANT:user,perm
-
This creates the share with a security descriptor that gives the requested permissions to the specified user. In place of perm, use READ for read-only access, CHANGE for read and write access, and FULL for full control of a share. You can use this option more than once to give share permissions to multiple users.
- /USERS:number
-
This sets the maximum number of users who can simultaneously access the shared resource.
- /UNLIMITED
-
This specifies that an unlimited number of users can simultaneously access the shared resource.
- /REMARK:»text»
-
This adds a descriptive comment about the resource. Be sure to enclose the text in quotes.
- /DELETE
-
This stops sharing the resource.
- /CACHE:Manual
-
This enables manual client caching of programs and documents from this share. /CACHE:Documents enables automatic caching of documents from this share. /CACHE:Programs enables automatic caching of documents and programs from this share. /CACHE:None disables caching from this share. (I provide a thorough description of each offline setting later in this chapter.)
Creating a Hidden Share
You might need to share a resource but not make it publicly known. For example, the Payroll department might need its own file share, but the rest of the company doesn’t require access to it, and in the interest of confidentiality, you might want to hide it from public display. You can do this by typing $ as the last character of the shared resource name. Users can map a drive to this shared resource by naming it explicitly (including the $ appended to the end), but the share is hidden in Explorer, in My Computer on the remote computer, and in the net view command on the remote computer.
3.2.2. Default Shares
Upon installation, Windows Server 2003 creates several default shares that serve various purposes. You can examine these using the Computer Management tool inside the Administrative Tools applet in the Control Panel. Open that applet, and then navigate through System Tools and Shared Folders in the left pane. Click Shares, and in the right pane, you will see all the shares that currently exist on that machine. Figure 3-7 shows this screen.
Figure 3-7. The Shared Folders portion of the Computer Management applet
Let’s step through the default shares and list their function and purpose.
- C$ and other similar drive letters
-
These shares are known as administrative shares, and they provide a quick way for you to, over the network, map a drive to a certain computer and inspect the contents of the drive. Windows Server 2003 creates one of these administrative shares for each local drive in a system. You can’t get rid of these shares permanently because they are re-created upon reboot if they are not present. You can’t adjust the share permissions on them either. Still, they’re a handy tool in your toolbox for remote management and troubleshooting.
- ADMIN$
-
This also is an administrative share that maps directly to the location of the Windows Server 2003 system files; this is the same as the %systemroot% environment variable. This is useful for spreading out operating system updates, especially across different operating systems. Recall that Windows 2000 used \WINNT, whereas Windows Server 2003 uses good old \WINDOWS. If you write a script to pass a file to all of these servers, you don’t have to account for this difference if you use ADMIN$ on each machine as the location.
- IPC$
-
This share is part of Windows Server 2003’s method of sharing resources, not files, with other machines. Any type of remote management function other than sharing files uses this share.
- NETLOGON
-
Mandatory on domain controllers, this share is a place to put logon and logoff scripts, programs, and profile information for users to read and access before they are logged on to the network. It’s located at %SystemRoot%\sysvol\domainname\SCRIPTS on the filesystem of the server.
- PRINT$
-
Print drivers that are shared to the network, usually for previous versions of operating systems, are stored in this share and requested by clients at the time of printer installation on the clients. It’s located at %SystemRoot%\System32\spool\drivers on the filesystem of the server.
- SYSVOL
-
This is used for internal domain controller operations and shouldn’t be modified or deleted. It’s located at %SystemRoot%\Sysvol\Sysvol on the local filesystem of the server.
3.2.3. Publishing Shares to Active Directory
By publishing shares to Active Directory, your users can use the Find feature on the Start menu on their Windows desktops to find remote shares based on their identifier or description. This is handy for using a new piece of simple software that’s being run directly from the network. It is equally handy for retrieving an electronic PowerPoint presentation that might have been given earlier in the day. Note that you must use an account with domain administrator or enterprise administrator privileges to publish a share to Active Directory.
To publish a share, follow these steps:
-
From the Administrative Tools applet in the Control Panel, open Active Directory Users and Computers.
-
Right-click the appropriate organizational unit (OU).
-
Select Shared Folder from the New menu.
-
Enter a name and description of the share.
-
Enter the path (network location) to the folder you want to share, and then click Finish.
The share has now been added to the directory.
3.2.4. Using Shares from the Command-Line
Sometimes it’s inconvenient to use the Windows GUI to map a drivethis is a problem particularly in logon scripts. How do you use a batch file to tell the mouse pointer to move over to My Network Places? Instead, there’s a better way. The net use command enables you to map any drive to any server on your network, and in some cases, outside networks, too. The syntax is:
net use drive \\server\share
Here are some common examples that you should find useful.
To map drive H to Lisa Johnson’s home directory on server MERCURY:
net use H: \\mercury\users\lmjohnson
To map the first available drive letter to the same directory:
net use * \\mercury\users\lmjohnson
Sometimes you might need to connect to a share on a domain that isn’t trusted by your home domain. If you have an account on that domain, you can use it to connect, like so:
net use H: \\foreignmachine\sharename /user:foreigndomain\username
(If you need to use a password, you’ll be prompted for it.)
If you need to terminate a connection or map to a server, use the /d switch:
net use \\mercury\users\lmjohnson /d
To disconnect all maps:
net use * /d
To connect to a foreign machine (152.1.171.133 in this example) over the Internet or an intranet without relying on name resolution:
net use H: \\152.1.171.133\c$
You also can use a different account with the IP address:
net use H: \\152.1.171.133\c$ /user:hasselltech\hassell
And you can specify that this mapping be for the current session only and not be restored upon logon. This is a feature called map persistencykeeping the same mappings across login sessions, a big timesaver for your users. To do so:
net use H: \\152.1.171.133\c$ /persistent:no
Administrators always have full access to all the logical drives of a Windows server. \\testserver\c$, for example, is drive C. However, we naturally want to also provide share accounts with different permissions.
A right-click on any directory opens the shortcut menu in which we select [Sharing and security]. First, a share name is chosen here for the directory. If you don’t set any permissions, then all users have read access. However, we also want to be able to write.
We added the user Patrick and gave him write as well as read permission. The rights assigned here, however, only refer to network shares. If a user who is locally logged in should also be able to change files, then the permissions in the index card [Security] must be accurately specified.
Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.
Publishing a shared folder means that a folder which is already shared somewhere in your network will be published in active directory. This will help users to locate the shared folder searching it directly through active directory database. This feature eliminates the requirement of remembering the network path of the shared folder which can be present on anywhere in the network. Also with the help of this feature users need not to type the entire network path every time they want to access the shared folder. Moreover this published shared folder can be searched with the help of keywords which are defined while publishing it. This broadens the scope of the search process initiated by the users. You can publish a shared folder by following the steps given below:
- Log on to the domain controller with administrator privileges.
- Click on Start button.
- From the start menu go to Administrative Tools and from the submenu click on Active Directory Users and Computers.
- From Active Directory Users and Computers snap-in right click on the domain name which in this case is TESTDOMAIN.COM.
- From the context menu go to New and from the submenu click on Shared Folder.
- On New Object-Shared Folder page in the Name text box type the name of the folder by which you want the folder to be published in the active directory.
- On the same page in Network path (\servershare) text box type the Universal Naming Convention (UNC) path of the shared folder which you want to publish in the active directory and click on Ok button.
- Back on Active Directory Users and Computers snap-in click on the domain name to select it.
- From the right pane right click on the shared folder you have just published and click on Properties.
- On the Properties page make sure that you are on General tab and click on Keywords button.
- On the Keywords box type the keywords which are related to the shared folder in New Value text box and click on Add button to add the value. You can add as many keywords as you want and once done click on Ok button.
- Back on Properties box click on Ok button to accept and confirm your selection.
You can now educate users to search for the specified keywords in Active Directory whenever they want to access the published shared folder. Alternatively they can map this published shared folder to their local computers to eliminate the need of searching this shared folder every time they want to access it.