First of all congratulations on choosing a modern server, now is this real life server which has to stay working while you fiddle with it or is it just (
as I'm assuming for now) a training exercise:
1. 8 shares are fine but how many people use this system?
There are two basic scenarios; one is 'by user' and works fine on laptops/ workstations where only a few people have to have access and the other is 'by computer/ group' and is better when there are more than 10 users or those users can change permissions eg
Fred just joined the company and spends his first 3 years as a joiner, then he gets promoted to Forman for 2 years but also steps in for the boss for two weeks last month while the boss had time off to visit her mum in Canada… so
Fred has files going back years and has been in several different jobs during that time (
some of which he no longer is allowed to access even tho he may have made them) thus' a user share setup would be a disaster to manage in this scenario.
Note that the default system assumes a server domain i.e. people using the share are in fact members of the server and have usernames stored within the server… if the server is a workgroup but not a domain or the computers themselves have permissions but the people using them might not be employees (
a visitor information system for example) then you may need to adjust for the security issue this option creates.
2. If you give Modify permission for a small group, then they automatically get Read+Write permissions on any subfolder for that groups share because all permissions assume any lower permissions and this opens a new option when using server12r2 but we'll come back to that later if needed.
2a. Does this subfolder need to be permanent i.e the group user can use it but can't delete the folder itself or remove files from it that other people in the same group have made?
2b. Does this subfolder need to be hidden from people/ groups that have permission to use the main folder but not the subfolder? (
called access-based sharing)
3. You can always use the wizard if doing it manually is getting you muddled up…
… as a simplistic guide Share permissions = the folder being shared and NTFS permissions is whom can do what to whatever files are in that shared folder so in the screenshot below Share permissions allow people to see/ open the folder (called fish) and NTFS permissions set whom can access the files (
called chip1-3) but the subfolder (
because it is a folder) can have special conditions like the access-based scenario I mentioned in 2b or just be treated like any of the other files within the share (
called fish). Note that if you make the shares and subfolder manually but don't set any special conditions then this is the default action.
The main pitfall that catches people out while learning is that Microsoft servers differentiate between a local or network share and a domain share so if you make a share whilst logged in as the local admin THEN upgrade the server to a domain it can confuse the issue… this is more of a problem with older Windows (
3 & 8) servers but I still recommend making any shares AFTER deciding the type of server you want and installing at least your active directly domain rolls first.
Server12r2 also opens up the enhanced session connection option and that is a more advanced type of access-based sharing designed for remote/ virtual access scenarios but I've already made a wall of text so will stop here… sorry for the extended rant guys!