Share permissions apply to users who connect to a shared folder over the network. Share permissions do not affect users who log on locally, or log on using Remote Desktop.
To set permissions for users who log on locally or using Remote Desktop, use the options on the Security tab instead of the Share Permissions tab. This sets permissions at the NTFS file system level. If both share permissions and file system permissions are set for a shared folder, the more restrictive permissions apply when connecting to the shared folder.
For example, to give Read access on a shared folder to users in your domain, on the Share Permissions tab, set permissions for the Everyone group to Full Control. On the Security tab, specify more restrictive access by setting the permissions for the Domain Users group to Read access. The result is that a user who is a member of the Domain Users group has read-only access to the shared folder whether the user is connected through a network share, through Remote Desktop, or is logged on locally.
You can set file system level permissions at the command line by using the operating system tool iCacls.exe or Cacls.exe. The tools run only on an NTFS volume.
Note | |
To enable access-based enumeration on a shared folder, you must use Share and Storage Management. Access-based enumeration allows users to see only the files and folders in a shared folder to which they have permission to access. For more information, see http://go.microsoft.com/fwlink/?LinkId=141539. |
Set permissions on shared folders
To set permissions on a shared folder by using the Windows interface |
-
Open Computer Management.
-
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
-
In the console tree, click System Tools, click Shared Folders, and then click Shares.
-
In the details pane, right-click the shared folder, and then click Properties.
-
On the Share Permissions tab, set the permissions you want:
- To assign permissions to a shared folder to a
user or group, click Add. In the Select Users, Computers,
or Groups dialog box, find or type the user or group name, and
then click OK.
- To revoke access to the shared folder, click
Remove.
- To set individual permissions for the user or
group, in Permissions for group or user, select Allow
or Deny.
- To assign permissions to a shared folder to a
user or group, click Add. In the Select Users, Computers,
or Groups dialog box, find or type the user or group name, and
then click OK.
-
To set file and folder permissions that apply to users who log on locally or using Remote Desktop Services, click the Security tab and set the appropriate permissions.
To specify file permissions for a user by using a command line |
-
To open an elevated Command Prompt window, click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
-
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
-
To set individual permissions for a user or group, type:
cacls /G <user:permission>
For example, to specify Write permissions for a user with the user name Monica on a file named 002.jpg, type:
cacls 002.jpg /G Monica:w
-
To revoke access to the shared folder, type:
cacls /R <user>
For example, to revoke access to the shared folder for a user with user name Monica, type:
Cacls /R Monica
Value | Description |
---|---|
|
Displays or modifies access control lists (ACL) of files. |
|
Revokes the specified user's access rights |
|
Grants access rights to the specified user |
|
The user or group whose access rights are being set. |
|
The permission being granted to the user. This can be one of the following:
|