Shared Folders and UNC Paths

Sharing folders allows users to access resources on other machines on the network. Both machines must have file and print services for Microsoft Networks installed to allow shared folders to be accessed. Only folders, and not individual files, may be shared. Any files that need to be shared should be placed within a shared folder.

Use the buttons below to navigate through the lesson

The Universal Naming Convention (UNC) Path

A shared folder is accessed through its UNC Path. This has the general form of \\server\share.

\\server\public

This command would open a shared folder called “public” held on a computer called “server”.

\\10.0.0.1\share.

This address also adheres to the UNC path formula of \\server\share. where the computer name is substituted by the IP address of the server

Share Permissions

Shared folder access can be restricted by using Share Permissions. For example, John might be able to read the accounts folder whilst David might be denied access. Share permissions can also be applied to groups. If a user is a member of more than one group then he/she will get the cumulative permissions of all groups. However, the DENY permission will always take precedence.

A user or group can be either allowed or denied the following permissions to a folder.

READ: Allows a user to view the contents of a folder, and execute files within the folder

CHANGE: Allows a user the Read permission, as well as allowing him/her to modify the contents of the folder.

FULL CONTROL: Allows a user the Read and Change Permission as well as changing file permissions and ownership.

CAUTION: Shared Folder Permissions only apply to folders being accessed over the network and not for local logons. To restrict access for local logons use NTFS permissions.

Multiple Share Permissions

Share permissions can be assigned to multiple groups, therefore certain users may have different permissions.

Managers – Read Permission
Accounts – Change Permission

If Fred is a member of both Managers and Accounts, Fred would have both Read and Change Permission.

Caution has to be taken when using multiple groups and the DENY permission. The DENY permission will always take precedence. As noted before if a user is a member of more than one group then he will get permissions of both groups.

Managers –Full Control Permission
Accounts – Deny Read Permission

If Fred is a member of both Managers and Accounts, Fred would be denied access.

Administrative Shares

Windows 2000/XP and 2003 have a number of hidden shares which are created by default when the operating system is installed. These shares are known as administrative shares. Administrative shares are only accessible by the administrator and are hidden when browsing the network.

The following are the default administrative shares on a Windows 2000/XP and 2003 computer.

<driveletter>$ Each drive on the computer is shared as <driveletter>$ example to access drive C: on server01 you would use \\server01\C$

admin$ The windows folder is shared as admin$

ipc$ The IPC share is used by the Windows File Replication Service.

Sharing a Folder

Before sharing specific folders on a Windows XP Professional machine, simple file sharing needs to be disabled. Click on Tools.

Select Folder Options.

Select the View tab.

Scroll down to the bottom of the Advanced Settings list.

Uncheck the Use simple file sharing option.

Click on OK to close the Folder Options dialog box.

Right-click on the folder you wish to share.

Select Sharing and Security…

Click on Share this folder.

A share name is automatically given, however this can be changed here. A comment can also be added if needed.

A user limit for the share can also be specified. Remember that Windows XP can only support 10 simultaneous connections.

To configure share permissions click on Permissions.

Every folder has an Access Control List (ACL) which specifies which users and groups have access to it.

Currently the Everyone group has Read permission to the share. Click on Remove to remove the Everyone Group.

N.B. You should never deny the Everyone group access since every user on the system would be denied access no matter what other groups they were a member of. It is safer to simply remove the everyone group from the list.

Click on Add to add a new user.

Enter the name or names of the users and groups that you wish to add to the Access Control List.

“jacksonr;pauline potter” will add the two users jacksonr and Pauline Potter. Click on OK to accept.

The users have now been added to the Access Control List. Currently Pauline has Read access to the share. Click on Ross Jackson to configure permissions.

Select Allow Full Control to give Ross Jackson full control over the shared folder.

Full Control will automatically enable Change and Read. Click on OK to accept.

Click on OK to close the folder properties window.

The shared folder is displayed with a hand underneath it

..and can be accessed over the network by using the UNC path \\tonypc\UserData.

Shared Folders can also be created and managed through the Shared Folders management console in System Tools. Click on Start.

Right-click on My Computer.

Select Manage.

The Computer Management Console will appear. Expand Shared Folders.

From here you can create shares, view and disconnect any current sessions and view or disconnect any open files. Click on Shares to create a new share.

All the current shares are displayed. To create a new share right-click on the empty space in the share list.