To simplify the process of backing up important documents, I want to set up a shared drive that all employees will use. This will provide a centralized storage location that can be easily backed up regularly. In a real-world scenario, I would typically set up a separate file server with redundant storage. However, due to using virtual machines for everything and having limited resources on my host machine, I will set up the file share on my current Windows Server, which also hosts the Domain Controller.
To begin the setup, open Server Manager and select File and Storage Devices > Shares:
Under the Shares section, click Tasks and then New Share:
Select SMB Share – Quick:
Select the server:
Next, give the Share a name. I’m going to make a different shared folder for each department:
Make sure to check Enable access-based enumeration. This way only the files and folders the user has access to can be seen by the user. It’s difficult to hack something you can’t see:
Now I need to set up the permissions:
Far too many entities have access to this folder. Click Customize permissions:
Select Convert inherited permissions into explicit permissions on this object. This will allow me to edit the users:
Remove all the Users except System, Administrator, and CREATOR OWNER (Select the user and click remove):
Click the Add button and click on Select a Principal:
Choose Sales_Users and click OK:
Now, change Applies To to This Folder only and click on Show Advanced Permissions. Make sure to uncheck Traverse folder/ execute file and to check Create folders/append data. I am following the concept of least privilege:
Apply the changes:
Click OK and then click Next:
Click Create:
Wait for it to finish:
Close the Wizard and you will see the share has been created. As mentioned, I created shares for each department:
All my shares are now ready to be used by each department, with access restricted to the respective department’s users. However, this is just the beginning. While I could mount these shares as extra drives on each department’s computers, it would require training each user to save important documents to the drive. Employees might forget or make mistakes, risking the loss of important documents. In the next section, I will demonstrate a way to mitigate this issue.
