In this post I’ll explain how to create a share on a fileserver, set permissions and other options for the share.
Prepare the server
To create a share on a fileserver, first make sure the the File Server role is installed on the server. This feature is installed by default.
|
Get-WindowsFeature fs-fileserver |
Get the current shares
|
C:\Windows\system32> Get-SmbShare |
Create a new share
Fist make sure you have a folder on the server. Next create the share.
|
New-SMBShare -Path c:\marketing -Name Marketing -Readaccess Everyone -FullAccess Administrator |
to remotely create the share add the -cimsession option to the command.
|
New-SMBShare -CimSession Fileserver1 -Path c:\marketing -Name Marketing -Readaccess Everyone -FullAccess Administrat |
Change permissions on a share
You want to keep the share permissions as simple as possible. To grant more detailed permissions you can use NTFS permissions on the folder or files. Bare in mind that Deny rights overrule the Allow rights.
To view the current permissions on a share:
|
Get-SMBShareAccess -Name Marketing |
To add permissions to a share
|
Grant-SmbShareAccess -Name test -AccessRight Change -AccountName company\marketing |
To remove permissions from a share
|
Revoke-SmbShareAccess -Name Marketing -AccountName company\sales |
Configure Access-based Enumeration
You can hide folders from users that have no access to them. This is called Access-based enumeration. To enable this on a share disables users to view the folders where they do not have at least read access:
|
Set-SmbShare -Name Marketing -FolderEnumerationMode AccessBased |