Creating and managing a shared folder is a little
bit more of a manual process than the public sharing model, but allows
you to share any folder on the Windows Vista computer, and it gives you
more fine-tuned control over sharing the folders.
Standard
file sharing enables you to use a standard set of permissions to allow
or deny initial access to files and folders over the network. Standard
file sharing settings are enabled or disabled on a per-computer basis.
To enable file sharing, follow these steps:
1. | Click Start, and then click Network.
|
2. | On the Explorer toolbar, click Network and Sharing Center.
|
3. | Expand the File Sharing Panel by clicking the related Expand button.
|
4. | To enable file sharing, select Turn On File Sharing. To disable file sharing, select Turn Off File Sharing.
|
5. | Click Apply.
|
When
a user accesses a file or folder in a share over the network, the two
levels of permissions are used: share permissions and NTFS permissions
(if it is on an NTFS volume). The three share permissions are as
follows:
Owner/co-owner.
Users allowed this permission have read and change permissions and the
additional capabilities to change file and folder permissions and take
ownership of files and folders. If you have owner/co-owner permissions
on a shared resource, you have full access to the shared resource.
Contributor.
Users allowed this permission have read permissions and the additional
capability to create files and subfolders, modify files, change
attributes on files and subfolders, and delete files and subfolders. If
you have contributor permissions on a shared resource, the most you can
do is perform read operations and change operations.
Reader.
Users with this permission can view file and subfolder names, access
the subfolders of the share, read file data and attributes, and run
program files. If you have reader permissions on a shared resource, the
most you can do is perform read operations.
Note
If
the user accesses the computer directly where the share folder is
located and accesses the folder directly without going through the
share, share permissions do not apply.
Because
a user can be member of several groups, it is possible for the user to
have several sets of permissions to a shared drive or folder. The
effective permissions are the combination of all user and group
permissions. For example, if a
user has the contributor permissions to the user and a reader
permission to the group, of which the user is a member, the effective
permissions would be the contributor permission. Like NTFS permissions,
deny permissions override the granted permission.
To create a shared folder using the shared folder model, you have to complete a multipart process:
1. | Share the folder so that it can be accessed.
|
2. | Set the share permissions.
|
3. | Check and modify the NTFS file system permissions.
|
There are two methods to set permissions on a shared resource, depending on the resource type:
Using the File Sharing Wizard to set permissions of a file or folder.
You can start the File Sharing Wizard by right-clicking the file or
folder, and then clicking Share. The wizard enables you to select the
user and group that can share the file or folder, and allows you to set
permissions on the file or folder for each user or group.
Using Windows Explorer to set permissions on a resource.
You can use Windows Explorer to set permissions through the Share
option or through the Properties page on a resource. When you
right-click the object, selecting the Share or Properties option
displays the Properties dialog box. Permissions can be set or modified
by using the Advanced Sharing button on the Sharing tab.
When a folder is shared, a symbol of two users is added at the bottom left of the folder icon (see Figure 1).
If you click Show Me All the Files and Folders I Am Sharing in Network
and Sharing Center, you can view all shared folders on the system (see Figure 2).
When
accessing a shared folder on an NTFS volume, the effective permissions
that a person can use in the share folder are calculated by combining
the shared folder permissions with the NTFS permissions. When combining
the two, first determine the cumulative NTFS permissions and the
cumulative shared permissions and apply the more restrictive
permissions, the one that gives the least permission.