HOWTO: Set Share Permissions on Windows Operating Systems

All users who are set up with a network home or portable home directory must have proper permissions to the shared directory in which the home directories are created. Initially, you can provide access to the shared directory through the Windows built-in security group, Authenticated Users. Later on, you can fine tune permissions for this group based on your company’s file sharing needs. For example, if an administrator pre-creates home directories for each user before they log in, users only need Read access to the shared directory in order to access their home directories. This Howto helps you to set share permissions

Firstly, Select the Directory to Share

On the network share computer, select the directory to share (for example, MacUsers). Right-click, click Properties and click the Sharing tab; then click Advanced Sharing

Step to set share permissions is to Click Advanced Sharing

Click Permissions to Add Required Options

Make certain that Share this folder is selected. Click Permissions, then click Add

Step to set share permissions is to Click Permissions then click Add

Set Permissions for Authenticated Users

Type auth and click OK to return the Authenticated Users group. Select Authenticated Users, then click Allow for Full Control. Click OK to set permissions for authenticated users, then OK again to close the properties page.

Click OK to set permissions for authenticated users

Verify That Users Are Authenticated

Verify that Authenticated Users have proper permissions on the Security tab as well as on Share Permissions.

Ordinarily, this is automatic because the Active Directory Users group, which includes authenticated users, inherits Full Control to the shared folder, but if permissions were altered on the Security tab, and are not sufficient, users may not be able to log in.

Click the Security tab and select Authenticated Users (or click Add to add it if it is not already in the Group or user names box).

Step to set share permissions is to Click the Security tab and select Authenticated Users

Select Full Control and Click Ok

Select Full control and click OK to save and close the Properties page. Assigning permissions to Authenticated Users on the network home share directory means that each home folder will inherit the proper permissions to allow logged-in users to access their home directories. It also means that every user will have access to every other user’s home directory. To change this, you can set permissions on the individual home directories.

Select Full Control and Click Ok

Limiting Users Access to Other Users’ Home Folders

The previous section showed how to assign permissions to a network-home shared folder, which are consequently inherited by the home folders created in the shared folder. Because permissions are inherited, each user has equal access to every other user’s home folder. This section shows how to fine-tune permissions to limit user’s access to their own home folder.

Enable inheritance

Select the Network Share

Select the network share you assigned permissions to in the previous section.

Select One of the User Home Directories

Select one of the user home directories in the network share.

Deselect Include Inheritable Permissions

Click the Security tab. Then click Advanced and Change Permissions. Deselect Include inheritable permissions from the object’s parent and click Remove when prompted.

Deselect Include inheritable permissions

Select the Following Permissions

Click Add and type users and click Return. Select the following permissions for Users:

  • ●Traverse folder / execute file
  • ●Read Attributes
  • ●Read Extended Attributes
  • ●Create files / Write Data
  • ●Create Folder / Append Data

Select the following permissions

Finally, Click OK Button

Click OK, and OK again until you have saved all the open dialogs and closed the Properties page.

Also consider using Action1 to set share permissions if:

  • - You need to perform this action on multiple (hundreds or even thousands) computers simultaneously.
  • - Some of your endpoints are laptops not connected to corporate network at all times.

Action1 is a cloud-based platform for software deployment, software/hardware inventory, patch management, endpoint configuration and more. It is free with basic functionality.


Other Relevant HOWTOs: