by MS
Type a description of the share's contents in the Share Description field.
Tip
By default, only files and programs that users specify are available for offline use. Click Change if you want to modify the default offline files settings. You can then either make all files and programs available for offline use by selecting All Files And Programs or make no files and programs available for offline use by selecting Files Or Programs For The Share Will Not Be Available Offline. Click OK.
When you are ready to continue, click Next to display the Shared Folder Permissions page. The available options are as follows:
q All Users Have Read-Only Access Default option. Gives users the right to view files and read data but restricts them from creating, modifying, or deleting files and folders.
q Administrators Have Full Access; Other Users Have Read-Only Access Gives administrators full access to the share and gives other users read-only access. Administrators can create, modify, and delete files and folders. On NTFS, it also gives administrators the right to change permissions and to take ownership of files and folders. Other users can only view files and read data. They can't create, modify, or delete files and folders.
q Administrators Have Full Access; Other Users Have No Access Gives only administrators full access to the share.
q Customize Permissions Enables you to configure access for specific users and groups, which is usually the best technique to use. To use this option, select Customize Permissions, click Custom, and then follow set permissions as appropriate for the share.
After you set up permissions on the share, click Next and then click Finish to share the folder. Click Finish again to exit the wizard.
If you later want to stop sharing the folder, you can do this in Computer Management by right-clicking the shared folder and selecting Stop Sharing. When prompted to confirm the action, click Yes.
Using and Accessing Shared Resources
Once you share a file or folder, users can connect to it as a network resource or map to it by using a driver letter on their machines. Once a network drive is mapped, users can access it just as they would a local drive on their computer.
You can map a network drive to a shared file or folder by completing the following steps:
Click Start and then click Computer. In Windows Explorer, click the Map Network Drive button on the toolbar. This displays the Map Network Drive dialog box, shown in Figure 10-12.
Figure 10-12: Map the share you want to use to a network drive.
Tip
The Tools menu is only available when classic menus are displayed in Windows Explorer. If the classic menus are not shown, click Organize, click Layout, and then click Classic Menus.
Use the Drive field to select a free drive letter to use and then click the Browse button to the right of the Folder field. In the Browse For Folder dialog box, expand the Network folders until you can select the name of the workgroup or the domain with which you want to work.
When you expand the name of a computer in a workgroup or a domain, you'll see a list of shared folders. Select the shared folder you want to work with and then click OK.
Select Reconnect At Logon if you want Windows Vista to connect to the shared folder automatically at the start of each session.
If your current logon doesn't have appropriate access permissions for the share, click the Different User Name link. You can then enter the user name and password of the account with which you want to connect to the shared folder. Typically, this feature is used by administrators who log on to their computers with a limited account and also have an administrator account for managing the network.
Click Finish.
If you later decide you don't want to map the network drive, click Start and then click Computer. In Windows Explorer, under Network Location, right-click the network drive icon and choose Disconnect.
Using and Accessing Shared Folders for Administration
In Windows Vista, you'll find several special shares are created automatically and are intended for use by administrators or the operating system. Most of the special shares are hidden from users because of a dollar sign ($) that has been added to the end of the share name. As an administrator, you occasionally might need to create your own hidden shares or work with the already available special shares.
Creating a hidden share is fairly easy. All you need to do is add a dollar sign ($) to the end of the share name. For example, if you want to share the C:Reports folder but don't want it to be displayed in the normal file share lists, naming it Reports$ rather than Reports is all it would take to hide the share. Hiding a share doesn't control access to the share, however. Access to shares is controlled using permissions, regardless of whether a share is normal or hidden.
Which special shares are available on a system depends on the system's configuration. This means some computers might have more special shares than others. The most commonly found special and administrative shares are listed in Table 10-4.
Table 10-4: Special and Administrative Shares
Share Name
Description
C$, D$, E$, and Other Local Disk Shares
A special share to the root of a drive. All local disks, including CD/DVD-ROM drives and their shares, are known as C$, D$, E$, and so on. These shares allow members of the Administrators and Backup Operators groups to connect to the root folder of a local disk and perform administrative tasks. For example, if you map to C$, you are connecting to C: and have full access to this local disk.
ADMIN$
An administrative share for accessing the %SystemRoot% folder in which the operating system files reside. This share is meant to be used for remote administration. For administrators working remotely with systems, ADMIN$ provides a convenient shortcut for directly accessing the operating system folder.
IPC$
An administrative share used to support named pipes that programs use for interprocess (or process-to-process) communications. Because named pipes can be redirected over the network to connect local and remote systems, they also enable remote administration.
PRINT$
Supports printer sharing by providing access to printer drivers.
Whenever you share a printer, the system puts the printer drivers in this share so that other computers can access them as needed.
The best tools to use when you want to work with any special or otherwise hidden shares are the NET SHARE command and Computer Management. To see a list of all shares on the local computer, including special shares for administrators, simply type net share at a command prompt. To see a list of all shares available on any computer on the network, complete the following steps:
To start Computer Management, click Start, right-click Computer, and choose Manage. By default, Computer Management connects to the local computer, and the root node of the console tree has the Computer Management (Local) label.
Right-click Computer Management in the console tree and then select Connect To Another Computer. In the Select Computer dialog box, the Another Computer option is selected by default. Type the fully qualified domain name of the computer you want to work with, such as http://www.engpc08.microsoft.com, where engpc08 is the computer name and http://www.microsoft.com is the domain name. If you don't know the computer name, click Browse to search for the computer you want to work with.
Expand System Tools and Shared Folders and then select Shares to display a list of the shares on the system you are working with.
Sometimes when you are managing folders or files, you might not want users to be connected to a shared folder. For example, if you need to move files to a new location, before you move the files, you might want to ensure no one is using them. One way to see who is working with shared folders and their related files is to examine user sessions and open files.
Every user who connects to a shared folder creates a user session. To determine who is currently connected, click Sessions under Shared Folders in the console tree. The current us
ers are listed in the right pane. To disconnect a user and end his or her session, right-click the session entry in the right pane, select Close Session, and then click OK to confirm the action. To disconnect all user sessions, right-click Sessions in the console tree, select Disconnect All Sessions, and then click OK to confirm the action.
Every shared file that is being accessed is listed as an open file. To determine which files are open, click Open Files under Shared Folders in the console tree. The currently open files are listed in the right pane. To close an open file, right-click the related entry in the right pane, select Close Open File, and then click OK to confirm the action. To close all open files, right-click Open Files in the console tree, select Disconnect All Open Files, and then click OK to confirm the action.
Using and Configuring Public Folder Sharing
Public folder sharing is designed to enable users to share files and folders from a single location. It enables users to quickly determine everything they've publicly shared with others and organize publicly shared files by type. In this section, I'll examine how public folder sharing works and how public folder sharing can be configured.
Using Public Folder Sharing
You can access public folders in Windows Explorer by clicking Start and then clicking Computer. In Windows Explorer, click the leftmost option button in the address list and then click Public. With public folder sharing, you copy or move files that you want to share to a computer's %SystemDrive%UsersPublic folder.
The Public folder has several subfolders that can be used to help organize public files, including:
Public Desktop Used for shared desktop items. Any files and program shortcuts placed in the Public Desktop folder appear on the desktop of all users who log on to the computer (and to all network users if network access has been granted to the Public folder).
Public Documents, Public Music, Public Pictures, Public Videos Used for shared document and media files. Any files placed in one of these subfolders are available to all users who log on to the computer (and to all network users if network access has been granted to the Public folder).
Public Downloads Used for shared downloads. Any downloads placed in the Public Downloads subfolder are available to all users who log on to the computer (and to all network users if network access has been granted to the Public folder).
By default, everyone with a user account and password on a computer can access that computer's Public folder. When you copy or move files to the Public folder, access permissions are changed to match that of the Public folder, and some additional permissions are added as well.
Table 10-5 lists the typical default permissions for files and folders placed in the Public folder. As you can see, the default permissions allow local computer users to read, write, change, and delete any public files. In the Public Music, Public Pictures, and Public Videos folders, %ComputerName%Users are granted Read & Execute and Read permissions.
Table 10-5: Default Permissions for Publicly Shared Folders and Files
Group or User
Default Permissions for Files
Default Permissions for Folders
%ComputerName%Administrators
Full Control
Full Control
Batch
Modify, Read & Execute, Read, and Write
Read & Execute, List Folder Contents, and Read
Creator Owner
Special
Special
Interactive
Modify, Read & Execute, Read, and Write
Read & Execute, List Folder Contents, and Read
Service
Modify, Read & Execute, Read, and Write
Read & Execute, List Folder Contents, and Read
System
Full Control
Full Control
The default Public folder sharing configuration can be changed in two key ways:
Allow users with network access to view and open public files but restrict them from changing, creating, or deleting public files. When you configure this option, the implicit group Everyone is granted Read & Execute and Read permissions to public files, and Read & Execute, List Folder Contents, and Read permissions on public folders.
Allow users with network access to view and manage public files. This allows network users to open, change, create, and delete public files. When you configure this option, the implicit group Everyone is granted Full Control permissions to public files and public folder.
Configuring Public Folder Sharing
Public folder sharing settings are set on a per-computer basis. The same public folder setting is used for the Public folder and all its subfolders. You can configure public folder sharing by following these steps:
Click Start and then click Computer. In Windows Explorer, click the leftmost option button in the address list and then click Public.
On the Windows Explorer toolbar, click Sharing Settings. This opens the Network And Sharing Center. Expand the Public Folder Sharing Panel by clicking the Expand button, as shown in Figure 10-13.
Figure 10-13: Use the Network File And Printer Sharing page to configure public folder sharing.
Under Public Folder Sharing, select the public folder sharing option you want to use. The options available are:
q Turn On Sharing So Anyone With Network Access Can Open Files Select this option to grant Reader permission to the Public folder and all public data to anyone who can access the computer over the network. Windows Firewall settings might prevent external access.
q Turn On Sharing So Anyone With Network Access Can Open, Change, And Create Files Select this option to grant Co-owner access to the Public folder and all public data to anyone who can access the computer over the network. Windows Firewall settings might prevent external access.
q Turn Off Sharing Select this option to turn off network access to the Public folder and only allow locally (console) logged on users access to public data.
Click Apply to save the changes.
Chapter 11: Configuring Advanced Windows Explorer Options, Offline Files, and Disk Quotas
Folder management is a key part of user and system administration. Beyond standard file and folder management, the key tasks you'll perform frequently include configuring Microsoft Windows Explorer options, managing offline file settings, and working with disk quotas. Windows Explorer options control the available file and folder management features as well as the available file types. Offline file settings control the availability of files and folders when users are working offline. Quotas help limit the amount of disk space available to users.
Configuring Advanced Windows Explorer Options
Both users and administrators spend a lot of time working with Windows Explorer or one of the related views, such as Computer. As an administrator, you'll often want to be able to do more with Windows Explorer. You might want to perform one of the following tasks:
Deploy computers that have certain Windows Explorer features blocked out. For example, you might want to block users' access to the Hardware tab, preventing them from viewing or changing hardware on a computer.
Hide or restrict access to local disks. For example, you might not want users to be able to access the floppy disk drives on the computers that you deploy.
Configure file type associations so that a specific program is started when a file is opened. For example, Windows Photo Gallery Viewer might be the default program for .jpg files, and you might want files of this type to open in Adobe Photoshop instead.
These and other advanced configuration options for computers are discussed in this section.
Setting Group Policy for Windows Explorer and Folder Views
As with many other Windows Vista features, Group Policy can be used to control the options available in Windows Explorer. Because many of these options extend to folder views and settings, they are useful to examine. Table 11-1 provides an overview of policies that you might want to implement and how these policies are used when they are enabled. These po
licies are located in User ConfigurationAdministrative TemplatesWindows ComponentsWindows Explorer.
Table 11-1: Policies for Windows Explorer
Policy Name
Policy Description
Allow Only Per User Or Approved Shell Extensions
Shell extensions extend the feature set available in Windows Explorer. This setting permits a computer to run only shell extensions that have been approved by an administrator or that don't affect other users on that computer. Approved shell extensions must have a registry entry in HKLMSOFTWAREMicrosoftWindows CurrentVersionShell ExtensionsApproved.
Turn Off The Display Of Thumbnails And Only Display Icons On Network Folders
Disables the display of thumbnails so only icons are displayed when accessing network folders.
Turn Off The Display Of Thumbnails And Only Display Icons
Disables the display of thumbnails so only icons are displayed when accessing local folders.
Display Confirmation Dialog When Deleting Files
Displays a confirmation dialog box whenever you delete files or move files to the Recycle Bin.
Display The Menu Bar In Windows Explorer
Overrides the default configuration and displays the classic menu bar in Windows Explorer.
Hide These Specified Drives In My Computer
In Windows Explorer views, hides icons representing selected hard drives. Users can still gain access to drives through other methods.
Hide The Manage Item On The Windows Explorer Context Menu
Removes the Manage item on the shortcut menu in Windows Explorer views and the Start menu. This shortcut-menu option is used to open Computer Management.
Maximum Number Of Recent Documents
Specifies the maximum number of document shortcuts that My Recent Documents displays. The default is 15. Note that for this list to be available, you must select List My Recently Opened Documents on the Advanced tab of the Customize Start Menu dialog box.
