A file server is one of the most common roles for a Windows server. With this role, you can securely make files available on your network and manage access permissions (read, write, execute, etc.). In addition, providing this type of role in a network centralizes your file storage point, making saving and restoring easier and allowing several people to work together on the same file.
Review the File Sharing Basics
The Server Message Block (SMB) protocol is heavily integrated into Windows.
This protocol has a native client integrated with Microsoft Windows and a server that you will install and configure. It relies on NTFS to manage access permissions, and shares are accessible via a universal path (UNC – Universal Naming Convention) that looks like this: \\server\share .
It’s normal if SMB makes you think of SAMBA (often found on Linux), as it’s an open-source implementation of the Microsoft proprietary protocol SMB. Therefore, you can share your files via SMB and have access to them for your Linux clients.
Now that we’ve introduced the protocol, let’s dive right in!
Install the File Server Role
In Server Manager, you’ll probably have seen that there’s a role we haven’t talked about yet, even though it came installed on the server: the File and Storage Services role.
So, you’ll need to manage your storage in order to store your files. It’s best to set up a disk (or several disks) for this. Let’s create two 10 GB disks on your virtual machine.
First, turn off your virtual machine, go to the VirtualBox menu, select Machine, and then Settings. When you do that, you’ll see that Windows asks why you want to shut down your server:
This is to identify the reason for shutting it down. If you stop your server, its roles, features, and services become unavailable. Therefore, make sure this is happening due to scheduled maintenance or an unplanned event. It identifies this shutdown as scheduled and legitimate and allows the downtime to be counted as maintenance.
I suggest selecting the Operating System: Reconfiguration (Planned) option.
Next, go to the Storage section and add two new disks:
Restart your server and go back to File and Storage Services. You should see two newly-installed disks:
Your managers at Gift Ltd. have asked you to set up a network share so that several people can work on the new prototype for a revolutionary object. Therefore, it’s best to secure this data. So let’s implement software RAID.
The steps to configure RAID on Windows Server:
First, initialize your physical disks by right-clicking on the disks in the current window.
Next, create a storage pool in the corresponding section. This pool allows you to group disks. It also allows you to create virtual disks that might have mirroring or parity capacity in order to increase security.
Then create a virtual disk.
If you understand how RAID works on Linux, you will notice that the logic is basically the same.
Apart from stage one, all steps take place in the Storage Pools section:
Next, select your storage pool and create a virtual disk. For our Gift Ltd. example, start with a simple mirror that uses both disks to store data (files are simultaneously written on both, so you won’t notice if one is lost!).
Then, choose your space provisioning mode. You have two options for this: thin or fixed. In fixed provisioning, your total storage space is allocated to you; you set the space in thin provisioning.
Complete your disk creation, and create the volume that will store your data and be shown with a drive letter and a file system (NTFS by default).
Below is a mirrored virtual disk with thin provisioning of 1 TB (yes, from two 10 GB disks).
Thin space provisioning is practical for anticipating your needs, and it gives you a certain amount of flexibility.
So let’s keep things reasonable for now, with 10 GB of mirrored virtual disk:
We’ll stop there with storage management, as it works in pretty much the same way as on Linux.
Create Your First Share
Now that you have your data media, you need a folder to store your different files. Head to the Shares section and then the Shared Resources sidebar:
You can create a new share by clicking on the option on this screen.
Use the New Share Wizard to choose from five different options:
SMB Quick: the most basic, providing SMB sharing on your network.
SMB Advanced: lets you do more than Quick, managing quotas and advanced permissions.
SMB Applications: used for Hyper-V and databases or other servers.
NFS Quick: identical to basic SMB but uses NFS (more compatible with Linux).
NFS Advanced: the same as SMB Advanced.
Let’s stick with SMB Quick. The next thing you’ll be asked for is the folder path and the share name (which will come after server\ in the following UNC path: \\server\share). We’ll call it Sensitive.
You’ll notice that Windows creates a directory within a Shares directory, which will host all shares on this volume. Likewise, access via a UNC path is \\SRVDHCPNY01\Sensitive .
Finally, you’ll configure your share settings with one option that is already ticked: Allow caching of share.
Enabling access-based enumeration means that only the shares that a user has access to will display in the Windows Explorer. It hides sensitive shares from users with no data permissions, so it’s a good practice to enable this option.
And finally, but perhaps most importantly, the option to encrypt data access.
Configure Shared Folder Permissions
It’s possible to configure access permissions on shared folders. In addition, you can set different levels of folder access depending on your set of requirements using local user accounts and groups.
For example, you may want to allow Access to the Sensitive Folder only to members of the HR group.
Under Local Users and Groups, you can see that the HR Group contains three accounts.
When you configure the folder permissions to allow only the HR group to have full control, nonmembers will not have access to the folder or its contents:
Once you’ve finished granting permissions (which is much easier with Active Directory), you can confirm. You’ll get a reminder of the settings you’ve selected:
Ta-da! Your share is accessible via \\SRVDHCPNY01\Sensitive (swap with your own server name).
Access Your Share
This couldn’t be any easier on Windows with an SMB client integrated with Explorer. All you need to do is enter the share’s UNC path in the address bar, and Windows will bring up the content:
Now all you need to do is authorize the streams on your firewall to provide access to your file server. You’re using SMB protocol, so you need to open the 445/TCP port to your server on your network.
Additional Resources
Take a close look at your options for clustering, which allows you to have several servers for hosting your share, thereby increasing data availability.
You’ll also find useful information in the course Set Up Your PC Using Windows 10 about storage spaces, which work in pretty much the same way as Windows 10.
Let’s Recap!
The file server is a default role that is not fully installed – you need to complete a set of steps to set up your first share.
There are two broad types of protocol available, SMB and NFS. Microsoft heavily uses one, and the other is geared more towards Unix, implemented on Linux and macOS.
It is possible to encrypt data access via SMB.
Windows Server uses disk virtualization to facilitate mirrored or parity securing to ensure share reliability.
In the next and final chapter of this part, you’ll learn how to set up the network access service on your server and find out what it’s used for.
