Microsoft has written a step-by-step:
This step-by-step guide describes the process of sharing folders on a computer that is part of a workgroup, configuring security for the shared folders and the subfolders and files they contain, and connecting over the network to shared folders on other computers that are members of the workgroup.
For example, assume that you have been asked to set up file sharing on a Windows 2000-based computer that is part of a workgroup. You need to create a share contains Accounts Receivable files that are to be used by the Accounting and Sales staff at the company you work for, and to configure security to ensure that only appropriate users get access to the data stored in the share. You need the Accounting staff to be able to read, edit, delete, and create files in the share, while the Sales staff should only be able to read files in the share. The manager of the accounting department (Jane Smith) should be the only user who can change permissions on the contents of the share.
The computer you are working with has a drives C and D, and you have decided to create the folder that will contain the data on drive D.
1. Setting Security on a Folder Before You Share It
- Log on to your computer as a user who is a member of the Power Users group or the Administrators group. Click Start, point to Programs, point to Accessories, and then click Windows Explorer.
- Click the drive or folder in which you want to create a new folder.
- On the File menu, point to New, and then click Folder. Type a name for the new folder (for example, Accounts Receivable), and then press ENTER.
- Right-click the new folder, and then click Properties. Click the Security tab.
Click to clear the Allow inheritable permissions from parent to propagate to this object check box. In the Security dialog box, click Copy.
NOTE: The inherited permissions are copied directly to this folder.
- To add a set of permissions, in the Properties dialog box, on the Security tab, click Add. In the Select Users, Computers, or Groups dialog box, double-click the appropriate user accounts or groups (for example, Accounting, Sales, and Jane Smith). When you have selected all the users and groups you want to assign permissions to, click OK.
The groups and users you added, along with the Everyone group, are displayed in the top half of the Security tab. Follow the next steps to complete the process:
- In the Name list, click each user or group one at a time, and then apply the correct permissions in the Permissions list. For example, for the Accountants group, for the Modify permission, click Allow. For the Sales group, for the Read & Execute permission, click Allow. For the user Jane Smith, for the Full Control permission, click Allow.
- After you have set the appropriate permissions, click the Everyone group, and then click Remove.
2. Sharing a Folder
- Click Start, point to Programs, point to Accessories, and then click Windows Explorer.
- Right-click the appropriate folder (for example, Accounts Receivable), and then click Sharing.
- In the folder's properties, click Share this folder. Use the default name for the share. Click Permissions.
- In the Permissions for dialog box, click Add.
- In the Select Users, Computers, or Groups dialog box, double-click the Authenticated Users group, and then click OK.
- In the Permissions for dialog box, click the Authenticated Users group.
- In the Permissions list, for the Full Control permission, click Allow. After you have set the appropriate permissions, click the Everyone group, and then click Remove.
3. Connecting to a Shared Folder
When you share a folder, users from other computers can connect to the folder over the network. When users connect to a shared folder, they can open files; save files; delete files; create, modify, and delete folders; and perform other tasks, depending on the level of permission you grant them. There are several ways of opening shares on another computer:
- My Network Places
- Universal Naming Convention (UNC)
- Mapped network drive
To Connect to a Shared Folder by Using My Network Places
- On the desktop, double-click My Network Places.
- Double-click Computers Near Me.
- Double-click the appropriate computer in your workgroup. If you are prompted to do so, type the user name and password that is required to gain access to the computer to which you are connecting. After you type the appropriate credentials, a window opens that displays all of the shared folders and printers on the computer to which you are connecting.
- Double-click the shared folder to which you want to gain access. You then see all of the subfolders and files in that shared folder. What you can do with those subfolders and files depends on the level of permission you have been granted.
To Connect to a Shared Folder by Using Universal Naming Convention (UNC) Format
- Click Start, click Run, and then type the name using UNC format where computername is the name of the computer to which you are attempting to connect and sharename is the name of the shared folder on that computer.
- If you are to do so, type the user name and password that is required to gain access to the computer. After you type the appropriate credentials, a window opens that displays the contents of the share.
For example, if you want to connect to a share that is named Data on a computer that is named Fileserver, type \\Fileserver\Data.
To Connect to a Shared Folder by Using a Mapped Drive
- Click Start, point to Programs, point to Accessories, and then click Windows Explorer.
- On the Tools menu, click Map Network Drive.
- In the Drive box, click the drive letter that you want to use for this mapped drive. You cannot use any of the drive letters that are currently used by your computer.
- In the Folder box, type the name of the share to which you want to connect by using Universal Naming Convention (UNC) format: You can also map drives to subfolders of the shared folder. Therefore, you can map the drive to a subfolder by including that information. For example: Or, you can click Browse and then locate the computer to which you want to connect, the share on that computer, and optionally the subfolder in that share.
- By default, Windows 2000 attempts to reconnect any mapped drives the next time you log on. If you do not want this to happen, click to clear the Reconnect at Logon check box.
- By default, you are connected to the other computer with the logon credentials that you are currently using. If you want to use other credentials, click Connect using a different user name, and then type the appropriate user name and password to connect to this network resource.
- The mapped drive that you create is visible in the Folders pane in Windows Explorer, along with all the other drives on your computer. You can gain access to the files in the shared folder with any program on your computer by using the mapped drive letter.
Users Cannot Access Files and Folders That They Should Be Able to When Logged On Locally
Access permissions are combined from any permissions that are assigned directly to the user and those that are assigned to any groups of which the user is a member.
The exception to this rule is if there is an explicit Deny permission on the folder or file. This occurs because Deny permissions are enumerated first when Windows 2000 is determining whether or not a particular user can perform a particular task. Therefore, you should avoid using explicit Deny permissions (that is, avoid clicking to select a check box in the Deny column) unless there is no other way to achieve the permissions mix that you need.
Users Can Access Files and Folders with Incorrect Permissions When Logged on Locally
For example, users can write instead of just read when they are logged on locally. Permissions, by default, are inherited from the folder that contains the object. If you are experiencing inappropriate permission levels, check for both inherited permissions that are incorrect for this object and for group memberships that may grant different levels of permissions than you want to have.
Users Cannot Access Files and Folders That They Should Be Able to Access Over the Network
When you access data over the network, both share permissions and file and folder permissions apply. Share access permissions are combined from any permissions that are assigned directly to the user and those assigned to any groups of which the user is a member. The exception to this is if there is an explicit Deny permission on the folder or file. This occurs because Deny permissions are enumerated first when Windows 2000 is determining whether or not a particular user can perform a particular task. Therefore, if Frank, for example, is a member of a group that has the Deny check box selected for Read in the Deny column, he is unable to read the file or folder, even if other permissions should allow him to do so.
You should avoid using explicit Deny permissions (that is, avoid clicking to select a check box in the Deny column) unless there is no other way to achieve the permissions mix that you need. Check both the share permissions and the file and folder permissions for the user and any groups of which he or she is a member.
There Is No Security Tab in the Folder Properties Dialog Box
If you do not see the Security tab in the folder properties, it is likely that you are using the FAT or FAT32 file system. Windows 2000 includes a utility that can safely convert your drive to from the FAT or FAT32 file system to the NTFS file system.
WARNING: Do not convert your drive if you are running both Windows 2000 and another operating system on the computer (that is, if it is a dual-boot computer) and the other operating system cannot read NTFS drives.
To convert a partition to NTFS:
convert D: /FS:NTFS
- Click Start, point to Programs, point to Accessories, and then click Command Prompt.
Type convert drive: /FS:NTFS, where drive is the drive that you want to convert.
For example, to convert drive D to NTFS, type the following line:
- If you attempt to convert a drive while it is being accessed by Windows 2000, Windows 2000 displays a message prompting you to convert the drive when the computer is restarted. Click Yes, quit any running programs, and then restart your computer.