Server 2012 Active Directory
Data Sharing, Security, and Auditing
Lecturer: Dr. Simon Tran
Course: IT 442
Windows 2012 File sharing
• Server Messaging Block (SMB) protocol is the
primary file-sharing protocol
• Windows 8 client and 2012 server support SMB
version 3.0
– Providing end-to-end encryption of SMB data
– SMB encryption can be enabled on per-share basis
– Support 2 file-sharing models: standard file sharing and
public folder sharing.
Windows 2012 File sharing
• STD file sharing allows remote users to access network
resources such as files, folders and drives
– Local users don’t have automatic access to any data.
– Access is controlled by the security settings on the local disk
• Public folder sharing: used by copying/moving files to the
computer’s public folder
– Allow access to public folder by moving the files to
%Systemdrive%/Users/Public Folder
– In domain environment, only domain users can access.
• If Allowing network access to public folder, there will be
no access restriction (open to everyone)
Viewing existing shares
• By command prompt:
– Type: “net share”
• By Powershell
– Type “get-smbshare”
• By computer management
– Open the GUI, expand System Tools, expand Shared Folders, and
select Shares
• By Server Manager:
– Select Files and Storage Services node, and then select related
shared subnodes.
• To view connections to shared resources
– Type: net session” at command prompt
Creating Shared Folders
• Shared Folder:
– Name must be unique for each system
– Set permission at two levels: share level and folder security level
– Setting availability: only files/folder, all file/folder, or no
file/folder are available offline
• Creating shared folders in computer management (slide
6)
– Use shared folder wizard
– Can view all other existing shared folders
• Creating shared folders using File Explorer
• Creating shared folders in Server manager
Shared Folder Screenshot
Shared Folder Screenshot
Shared Folder Screenshot
Managing share permissions
• Setting the maximum allowable actions available
within a shared folder
• Utilize file and folder permission and ownership to
limit access on NTFS and ReFS volumes
• Permission level:
–
–
–
–
No access
Read
Change
Full control
Viewing Folder security setting
Administrative shares
• Administrative shares end with the $ symbol
• The operating system creates special shares
automatically
• Administrative shares are hidden shares
• Permission on administrative shares are not
changeable.
• Administrative shares can be deleted temporarily (recreated automatically on the next system restart)
• Disabling the administrative shares permanently
requires registry value changes.
Reading Materials
• Lecture 11
– Stanek (2012), chapter 12