Windows Vista - Sharing Files and Folders : Standard Sharing

Standard file sharing enables you to use a standard set of permissions to allow or deny initial access to files and folders over the network. Standard file sharing settings are enabled or disabled on a per-computer basis. To enable file sharing, follow these steps:

When a user accesses a file or folder in a share over the network, the two levels of permissions are used: share permissions and NTFS permissions (if it is on an NTFS volume). The three share permissions are as follows:

• Owner/co-owner. Users allowed this permission have read and change permissions and the additional capabilities to change file and folder permissions and take ownership of files and folders. If you have owner/co-owner permissions on a shared resource, you have full access to the shared resource.

• Contributor. Users allowed this permission have read permissions and the additional capability to create files and subfolders, modify files, change attributes on files and subfolders, and delete files and subfolders. If you have contributor permissions on a shared resource, the most you can do is perform read operations and change operations.

• Reader. Users with this permission can view file and subfolder names, access the subfolders of the share, read file data and attributes, and run program files. If you have reader permissions on a shared resource, the most you can do is perform read operations.

Because a user can be member of several groups, it is possible for the user to have several sets of permissions to a shared drive or folder. The effective permissions are the combination of all user and group permissions. For example, if a user has the contributor permissions to the user and a reader permission to the group, of which the user is a member, the effective permissions would be the contributor permission. Like NTFS permissions, deny permissions override the granted permission.

To create a shared folder using the shared folder model, you have to complete a multipart process:

There are two methods to set permissions on a shared resource, depending on the resource type:

• Using the File Sharing Wizard to set permissions of a file or folder. You can start the File Sharing Wizard by right-clicking the file or folder, and then clicking Share. The wizard enables you to select the user and group that can share the file or folder, and allows you to set permissions on the file or folder for each user or group.

• Using Windows Explorer to set permissions on a resource. You can use Windows Explorer to set permissions through the Share option or through the Properties page on a resource. When you right-click the object, selecting the Share or Properties option displays the Properties dialog box. Permissions can be set or modified by using the Advanced Sharing button on the Sharing tab.

When a folder is shared, a symbol of two users is added at the bottom left of the folder icon (see Figure 1). If you click Show Me All the Files and Folders I Am Sharing in Network and Sharing Center, you can view all shared folders on the system (see Figure 2).

Figure 2. Using the Show Me All the Files and Folders I Am Sharing option in the Network and Sharing Center.

When accessing a shared folder on an NTFS volume, the effective permissions that a person can use in the share folder are calculated by combining the shared folder permissions with the NTFS permissions. When combining the two, first determine the cumulative NTFS permissions and the cumulative shared permissions and apply the more restrictive permissions, the one that gives the least permission.