Microsoft Cloud Authors: Jim Kaskade, Lori MacVittie, Andreas Grabner, Janakiram MSV, Pat Romanski

Related Topics: Microsoft Cloud, Containers Expo Blog, Silverlight, Agile Computing, @CloudExpo

Microsoft Cloud: Blog Post

12 Steps to NTFS Shared Folders in Windows Server 2012

Server Manager provides improved local and remote management of Shared Folders

In the past, managing and sharing NTFS folders could be a real ordeal – there were different tools for managing NTFS permissions vs shared folders and most IT Pros generally used these tools on a server-by-server basis from each server’s console.

Server Manager to the rescue!
In Windows Server 2012, Server Manager provides a management facelift on top of the disconnected process that we’ve used in the past for sharing folders and setting NTFS permissions.  In addition, Server Manager can easily manage these folders on a local server or any remote servers that you’ve previously added to the Server Manager dashboard.

NOTE: For details on using and customizing Server Manager for your servers and network environment, check out this post on that topic.

Along with the new SMB 3.0 performance and availability features for shared folders, Server Manager provides a powerful management tool for taking advantages of these features in your network environment.

How can I share new folders with Server Manager?
You can start the process of sharing NTFS folders in Server Manager by launching the New Share Wizard from the File and Storage Services details page.  This new wizard integrates the steps involved with creating a new folder, sharing the folder and setting NTFS permissions into a single continuous workstream for local and remote servers.

  1. On the File and Storage Services page, select Shares and then click Tasks –> New Share … to begin the New Share Wizard.

  2. On the Select the profile for this share page, select SMB Share – Quick and click the Next button.  Note that in addition to creating new SMB shares for NTFS folders that are sharing documents, we also have options for creating shared folders for applications, such as SQL databases or Hyper-V virtual machines, as well as creating new NFS shares for non-Windows client devices.

  3. On the Select the server and path for this share page, select the server on which to create the new share ( local or remote server ) and the volume on which to create the new shared folder.  Click the Next button to continue.

  4. On the Specify share name page, type the name of your new Share name and click the Next button to continue.

  5. On the Configure share settings page, you will find advanced options for configuring Access-Based Enumeration (ABE), Offline folder caching, and Encryption of end-to-end SMB network traffic.  Let’s select all three options and then click the Next button.

    NOTE: If BranchCache is enabled on your server to optimize shared folder access over a WAN, you can also enable BranchCache for this new folder on this page.  To learn more about the new simplified BranchCache features in Windows Server 2012 … check out Brian Lewis’ My Thoughts on IT blog.

  6. On the Specify permissions to control access page, review the default permissions for the new NTFS folder and click the Customize permissions… button to further customize these permissions as necessary.  When finished, click the Next button to continue.

  7. On the Confirm selections page, review the currently selected settings for sharing the new folder and click the Create button to begin the process of creating the new folder, applying NTFS permissions, and sharing the folder with the selected share settings.


How can I automate the process of sharing new folders?
You can automate the process of sharing new folders using PowerShell 3.0 and the new SMB Share Cmdlets.  For example, to create and share the same folder as demonstrated above, we could use the following commands in PowerShell:

MD D:\Shares\Documents

New-SMBShare -Name Documents -Path D:\Shares\Documents -FolderEnumerationMode AccessBased  
-CachingMode Documents -EncryptData $True -FullAccess Everyone

In addition to the new SMB Share Cmdlets, you can also use the Set-Acl and Get-Acl PowerShell cmdlets for automating NTFS folder permissions.

Has anything changed with NTFS permissions in Windows Server 2012?
NTFS access list permissions work the same in Windows Server 2012, but there is an improved user interface for setting and viewing NTFS permissions that can make implementing advanced security scenarios much easier.

What is an NTFS “advanced security scenario”?
For example, a common NTFS folder requirement in many organizations is to set permissions such that users can create, update, delete and rename files, but not delete or rename folders or sub-folders.  Many organizations implement this approach to provide a consistent network folder structure for users to store their files, without being concerned about users inadvertently moving or renaming (ie., pruning and grafting) whole sections of that folder structure.  In the past, this custom combination of file and folder permissions was confusing and difficult to implement.

To implement this scenario in Windows Server 2012, we can click on the Customize permissions… button referenced above in Step 6 and walk through the following process:

  1. In the Advanced Security Settings dialog box, click the Disable Inheritance button to disable inherited permissions from the parent folder in preparation of setting an explicit set of folder permissions.

  2. When prompted, click the option to Convert inherited permissions into explicit permissions on this object. This will create a copy of each inherited permission access list entry into an explicit entry for this folder that we’ll be able to edit or remove.

  3. In this case, we want to modify the default permissions granted to the Users group for this folder.  Use the Remove button to remove each of the existing access list entries granted to the Users group.

  4. Then use the Add button to grant a new set of file permissions to the Users group.  In this scenario, we want users to have read, write and delete permissions to files ( and only files ) inside this folder, so we’ll select the following permission options for files:

  5. Once we’re done adding file permissions, we’ll use the Add button again to grant a new set of folder permissions to the Users group.  In this scenario, we want users to have the ability to see folders and create new files, so we’ll select the following permission options for folders:


That’s it! Now we’ve got our shared folder all set for this advanced security scenario in just a few clicks!  Of course, if we wanted to automate this process, we could’ve used the Set-Acl and Get-Acl PowerShell Cmdlets to set NTFS permissions via a script as well.

Are there any other changes related to NTFS permissions?
As we were working through the last set of steps, you may have noticed a few new tabs in the new NTFS Advanced Security Settings dialog.


The tabs that are new or improved for the NTFS Security Dialog in Windows Server 2012 include:

  • Share – integrates Share permissions into a separate tab on the NTFS security dialog, so that NTFS and Share permissions can be compared side-by-side
  • Effective Access – improved to provide an easier user interface to work with for evaluating the effective permissions for a user, group, device or claim.
  • Central Policy – used with the new Dynamic Access Control (DAC) feature of Windows Server 2012 to centralize folder permissions into security policies that can be dynamically applied to files and folders based on Active Directory claims.

Dynamic Access Control (DAC), in particular, is a powerful feature in Windows Server 2012 to reduce the administrative load of managing standard permission access lists across lots of file servers. I’ll be writing a separate article in the near future that steps through the process of using DAC.

Do It: Implementing Shared Folders and NTFS Permissions
Your turn! Build your own Windows Server 2012 server lab and use the steps outlined above to create and share your own shared folder with the following properties:

  • Shared folder path: C:\Shares\Documents
  • Shared folder name: Documents
  • Shared folder settings: Access-based Enumeration
  • NTFS Permissions: Use the permissions shown in the example above.

What's Next?

In this article, we've walked through the benefits of the improvements offered by Windows Server 2012 for sharing and configuring NTFS folders using  Server Manager and PowerShell 3.0

Learn more! To gain more experience with Windows Server 2012 in your lab, feel free to join our FREE Windows Server 2012 "Early Experts" Challenge online study group and become one of the 1,000+ IT Pros that are now studying as "Early Experts" on Windows Server 2012.

What do you think of Server Manager in Windows Server 2012?
Are you excited about using Server Manager in your environment for shared folder scenarios?  Feel free to share your feedback and stories in the comments below!

Hope this helps,


Build Your Lab! Build Your Lab! Download Windows Server 2012
Build Your Lab in the Cloud! Don’t Have a Lab? Build Your Lab in the Cloud with Windows Azure Virtual Machines
Join our "Early Experts" study group! Want to Get Certified? Join our Windows Server 2012 "Early Experts" Study Group

More Stories By Keith Mayer

Keith Mayer is a Technical Evangelist at Microsoft focused on Windows Infrastructure, Data Center Virtualization, Systems Management and Private Cloud. Keith has over 17 years of experience as a technical leader of complex IT projects, in diverse roles, such as Network Engineer, IT Manager, Technical Instructor and Consultant. He has consulted and trained thousands of IT professionals worldwide on the design and implementation of enterprise technology solutions.

Keith is currently certified on several Microsoft technologies, including System Center, Hyper-V, Windows, Windows Server, SharePoint and Exchange. He also holds other industry certifications from IBM, Cisco, Citrix, HP, CheckPoint, CompTIA and Interwoven.

Keith is the author of the IT Pros ROCK! Blog on Microsoft TechNet, voted as one of the Top 50 "Must Read" IT Blogs.

Keith also manages the Windows Server 2012 "Early Experts" Challenge - a FREE online study group for IT Pros interested in studying and preparing for certification on Windows Server 2012. Join us and become the next "Early Expert"!

@ThingsExpo Stories
Just over a week ago I received a long and loud sustained applause for a presentation I delivered at this year’s Cloud Expo in Santa Clara. I was extremely pleased with the turnout and had some very good conversations with many of the attendees. Over the next few days I had many more meaningful conversations and was not only happy with the results but also learned a few new things. Here is everything I learned in those three days distilled into three short points.
SYS-CON Events announced today that Embotics, the cloud automation company, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Embotics is the cloud automation company for IT organizations and service providers that need to improve provisioning or enable self-service capabilities. With a relentless focus on delivering a premier user experience and unmatched customer support, Embotics is the fas...
SYS-CON Events announced today that Coalfire will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Coalfire is the trusted leader in cybersecurity risk management and compliance services. Coalfire integrates advisory and technical assessments and recommendations to the corporate directors, executives, boards, and IT organizations for global brands and organizations in the technology, cloud, health...
The IoT industry is now at a crossroads, between the fast-paced innovation of technologies and the pending mass adoption by global enterprises. The complexity of combining rapidly evolving technologies and the need to establish practices for market acceleration pose a strong challenge to global enterprises as well as IoT vendors. In his session at @ThingsExpo, Clark Smith, senior product manager for Numerex, will discuss how Numerex, as an experienced, established IoT provider, has embraced a ...
Cloud based infrastructure deployment is becoming more and more appealing to customers, from Fortune 500 companies to SMEs due to its pay-as-you-go model. Enterprise storage vendors are able to reach out to these customers by integrating in cloud based deployments; this needs adaptability and interoperability of the products confirming to cloud standards such as OpenStack, CloudStack, or Azure. As compared to off the shelf commodity storage, enterprise storages by its reliability, high-availabil...
SYS-CON Events announced today that MathFreeOn will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. MathFreeOn is Software as a Service (SaaS) used in Engineering and Math education. Write scripts and solve math problems online. MathFreeOn provides online courses for beginners or amateurs who have difficulties in writing scripts. In accordance with various mathematical topics, there are more tha...
@ThingsExpo has been named the Top 5 Most Influential Internet of Things Brand by Onalytica in the ‘The Internet of Things Landscape 2015: Top 100 Individuals and Brands.' Onalytica analyzed Twitter conversations around the #IoT debate to uncover the most influential brands and individuals driving the conversation. Onalytica captured data from 56,224 users. The PageRank based methodology they use to extract influencers on a particular topic (tweets mentioning #InternetofThings or #IoT in this ...
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
Complete Internet of Things (IoT) embedded device security is not just about the device but involves the entire product’s identity, data and control integrity, and services traversing the cloud. A device can no longer be looked at as an island; it is a part of a system. In fact, given the cross-domain interactions enabled by IoT it could be a part of many systems. Also, depending on where the device is deployed, for example, in the office building versus a factory floor or oil field, security ha...
SYS-CON Events announced today that Transparent Cloud Computing (T-Cloud) Consortium will exhibit at the 19th International Cloud Expo®, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. The Transparent Cloud Computing Consortium (T-Cloud Consortium) will conduct research activities into changes in the computing model as a result of collaboration between "device" and "cloud" and the creation of new value and markets through organic data proces...
Donna Yasay, President of HomeGrid Forum, today discussed with a panel of technology peers how certification programs are at the forefront of interoperability, and the answer for vendors looking to keep up with today's growing industry for smart home innovation. "To ensure multi-vendor interoperability, accredited industry certification programs should be used for every product to provide credibility and quality assurance for retail and carrier based customers looking to add ever increasing num...
@ThingsExpo has been named the Top 5 Most Influential M2M Brand by Onalytica in the ‘Machine to Machine: Top 100 Influencers and Brands.' Onalytica analyzed the online debate on M2M by looking at over 85,000 tweets to provide the most influential individuals and brands that drive the discussion. According to Onalytica the "analysis showed a very engaged community with a lot of interactive tweets. The M2M discussion seems to be more fragmented and driven by some of the major brands present in the...
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and ...
Machine Learning helps make complex systems more efficient. By applying advanced Machine Learning techniques such as Cognitive Fingerprinting, wind project operators can utilize these tools to learn from collected data, detect regular patterns, and optimize their own operations. In his session at 18th Cloud Expo, Stuart Gillen, Director of Business Development at SparkCognition, discussed how research has demonstrated the value of Machine Learning in delivering next generation analytics to impr...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, will discuss the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
What happens when the different parts of a vehicle become smarter than the vehicle itself? As we move toward the era of smart everything, hundreds of entities in a vehicle that communicate with each other, the vehicle and external systems create a need for identity orchestration so that all entities work as a conglomerate. Much like an orchestra without a conductor, without the ability to secure, control, and connect the link between a vehicle’s head unit, devices, and systems and to manage the ...
Virgil consists of an open-source encryption library, which implements Cryptographic Message Syntax (CMS) and Elliptic Curve Integrated Encryption Scheme (ECIES) (including RSA schema), a Key Management API, and a cloud-based Key Management Service (Virgil Keys). The Virgil Keys Service consists of a public key service and a private key escrow service. 

Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
Amazon has gradually rolled out parts of its IoT offerings, but these are just the tip of the iceberg. In addition to optimizing their backend AWS offerings, Amazon is laying the ground work to be a major force in IoT - especially in the connected home and office. In his session at @ThingsExpo, Chris Kocher, founder and managing director of Grey Heron, explained how Amazon is extending its reach to become a major force in IoT by building on its dominant cloud IoT platform, its Dash Button strat...
Two weeks ago (November 3-5), I attended the Cloud Expo Silicon Valley as a speaker, where I presented on the security and privacy due diligence requirements for cloud solutions. Cloud security is a topical issue for every CIO, CISO, and technology buyer. Decision-makers are always looking for insights on how to mitigate the security risks of implementing and using cloud solutions. Based on the presentation topics covered at the conference, as well as the general discussions heard between sessi...