Skip to content

Simple Step : Implementing File Sharing Permissions in Windows Server 2012 R2

August 1, 2014

What Are File Permissions?

You assign file permissions to files or folders on a storage volume that you format with NTFS or ReFS.

The permissions that you assign to files and folders govern user access to them.

There are several key points to remember, with respect to file permissions, including that you can:

• Configure file permissions for an individual file or folder, or sets of files or folders.

• Assign file permissions individually, to objects that include users, groups, and computers.

• Control file permissions by granting or denying specific types of file and folder access, such as Read or Write.

• Configure inheritance of file permissions from parent folders. By default, the file permissions that you assign to a folder also are assigned to new folders or files within that parent folder.

In this post, lets go through a very simple step how to implement file sharing permissions in Windows Server 201 2 R2

1 – Structure your Folder, for example in my case, i have few folder in my E: drive the 1 i will use is OSI IT Tech DATA folder for this demo…


2 – Now lets configure file permissions on the our existing folder, what i’m going to do next is to restrict access to the Training folders…

Right-click the Training folder, and then click Properties, then in the Training Properties dialog box, click Security, and then click Advanced


3 – In the Advanced Security Settings for Training dialog box, click Disable Inheritance


4 – In the Block Inheritance dialog box, click Convert inherited permissions into explicit permissions on this object


5 – Remove the 2 permissions entries for Users (SVR01\Users)…


6 –  and then click OK



7 – On the Security tab, click Edit


8 – In the Permissions for Training dialog box, click Add


9 – In the Select Users, Computers, Service Accounts, or Group dialog box, type Training, then click OK…


10 – In the Permissions for Training dialog box, under Allow, select Modify permission…



** Repeat steps for the Laptop Rentals folder, assigning Modify permissions to the Laptop Rentals group for their folder…

11 – now lets create the shared folder for OSI IT Tech DATA folder…

right click  OSI IT Tech DATA folder, click properties…

In the OSI IT Tech DATA Properties dialog box, click the Sharing tab, and then click Advanced Sharing…


12 – In the Advanced Sharing dialog box, select Share this folder, and then click Permissions…


13 – In the Permissions for OSI IT Tech DATA dialog box, click Add…

then type Authenticated Users and then click OK…


14 – In the Permissions for OSI IT Tech DATA dialog box, click Authenticated Users, and then under Allow, select Change permission then click OK 2 times and close OSI IT Tech DATA properties box…



15 – now lets try access to the shared folder…

sign in to your client PC using any domain users…


16 – try access to Laptop Rentals folder, my user Ed can still see the Laptop Rentals folder, even though he does not have access to its contents…


17 – next, i wan to enable access-based enumeration for my Training folder…

log in to OSI-SVR01 server, open Server Manager then click File and Storage Services…


18 – In the File and Storage Services interface, in the navigation pane, click Shares then click  OSI IT Tech DATA…


19 – In the Shares pane, right-click OSI IT Tech DATA, and then click Properties…


20 – In the OSI IT Tech DATA Properties interface, click Settings, and then select Enable access-based enumeration then click OK…


21 – sign in to your client PC and try access to Laptop Rentals, you will get error stated Destination Folder Access Denied…


Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: