File Server: Setup & Permissions — Complete Guide | ITVedas

File Server: Setup & Permissions

File Servers are the central hub for document storage in enterprise environments. Instead of files scattered across individual computers, a file server provides centralized storage with professional backup, recovery, and security features. Proper setup ensures data protection, access control, and regulatory compliance.

File Server Setup

Hardware Considerations:

  • Storage: RAID arrays for redundancy (RAID 5 or 6 recommended)
  • Memory: 32GB+ for caching and SMB performance
  • Network: Gigabit Ethernet minimum, 10Gbps for large environments
  • Backup: Dedicated backup solution or secondary storage
  • UPS: Uninterruptible Power Supply for graceful shutdown

Installing File Server Role

  1. Open Server Manager
  2. Click Add Roles and Features
  3. Select Role-based installation
  4. Select target server
  5. Check File and Storage Services
  6. Select File Server role
  7. Add recommended features
  8. Configure file server options
  9. Click Install
  10. Restart server if required

NTFS Permissions

NTFS (New Technology File System) permissions control access at the file system level. They apply to all access methods (network, local, USB drives) and are more granular than share permissions.

NTFS Permission Levels:

  • Full Control: Read, write, delete, change permissions, take ownership
  • Modify: Read, write, delete (but cannot change permissions)
  • Read & Execute: View and run files (read-only with execute)
  • List Folder Contents: View folder contents (for folders only)
  • Read: View file/folder content (no write or execute)
  • Write: Create and modify files (but not delete existing)

Setting NTFS Permissions

  1. Right-click file or folder → Properties
  2. Click Security tab
  3. Click Edit to modify permissions
  4. Click Add to add user or group
  5. Type username and click Check Names
  6. Click OK
  7. Select user/group from list
  8. Check appropriate permission boxes
  9. Click Apply then OK
# PowerShell: Set NTFS Permissions # Grant Modify permission to user $acl = Get-Acl "C:\SharedFolder" $rule = New-Object System.Security.AccessControl.FileSystemAccessRule( "DOMAIN\username", "Modify", "ContainerInherit,ObjectInherit", "None", "Allow" ) $acl.AddAccessRule($rule) Set-Acl "C:\SharedFolder" $acl # Remove all permissions for a user $acl = Get-Acl "C:\SharedFolder" $acl.RemoveAccessRuleAll((New-Object System.Security.AccessControl.FileSystemAccessRule( "DOMAIN\username", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow" ))) Set-Acl "C:\SharedFolder" $acl

Share Permissions

Share permissions control access when accessing files over the network (SMB/CIFS protocol). They work alongside NTFS permissions—the most restrictive applies.

Share Permission Levels:

  • Full Control: Read, change, delete (share level)
  • Change: Read and modify (share level)
  • Read: View only (share level)

Creating Shared Folders

  1. Create folder on server (e.g., C:\Shares\Department)
  2. Right-click folder → Properties
  3. Click Sharing tab
  4. Click Advanced Sharing
  5. Check "Share this folder"
  6. Enter Share name (e.g., Department$)
  7. Click Permissions
  8. Add users/groups and assign Share permissions
  9. Click Apply, OK, Close
  10. Test access from client: \\ServerName\ShareName
💡 Permission Strategy: Set Share permissions to "Everyone - Full Control" and use NTFS permissions for granular control. This simplifies management while maintaining security.

Permission Inheritance and Conflicts

Inheritance: Permissions flow from parent to child objects unless explicitly blocked. This reduces administrative overhead but can cause security issues if not managed properly.

Permission Conflicts: When NTFS and Share permissions differ, the most restrictive applies.

Permission Conflict Examples

Example 1:
Share Permission: Full Control
NTFS Permission: Read
Result: Read (most restrictive)

Example 2:
Share Permission: Read
NTFS Permission: Modify
Result: Read (most restrictive)

Example 3:
Share Permission: Change
NTFS Permission: Write only
Result: Write (most restrictive)

Disk Quotas

Quotas limit the amount of disk space users can consume. This prevents users from filling the server and ensures fair resource allocation.

Implementing Disk Quotas

  1. Open File Server Resource Manager on server
  2. Right-click Quota Management
  3. Select Create Quota
  4. Select folder to apply quota
  5. Choose template or custom values
  6. Set Hard limit (cannot exceed) or Soft limit (warning only)
  7. Set notifications (email when limit approaching)
  8. Click Create

Quota Types:

  • Hard Quota: Prevents exceeding limit, user gets "disk full" error
  • Soft Quota: Allows exceeding limit but triggers notifications and reports

File Server Security

Best Practices:

  • Regular Backups: Daily incremental, weekly full backups
  • Encryption: Use EFS for sensitive files, SMB encryption for network traffic
  • Audit Logging: Track file access for compliance
  • Regular Patching: Apply security updates immediately
  • Antivirus: Real-time scanning of file server (with SMB exclusions to maintain performance)
  • Principle of Least Privilege: Users get minimum permissions necessary
  • Access Reviews: Quarterly audit of who has access to what

Shadow Copies and File Recovery

Shadow Copies (Volume Shadow Copy Service) automatically creates snapshots of files. Users can restore previous versions without administrator intervention.

Enabling Shadow Copies

  1. Right-click volume → Properties
  2. Click Shadow Copies tab
  3. Click Settings to configure
  4. Select storage location for shadow copies
  5. Set maximum storage space (10-20% of volume)
  6. Click Schedule to set snapshot frequency (default: daily at 7:00 AM and 12:00 PM)
  7. Click OK

File Server Backup Strategies

The 3-2-1 Backup Rule: Keep 3 copies of data, on 2 different media types, with 1 copy off-site.

Backup Types:

  • Full Backup: Entire file server, performed weekly or monthly
  • Incremental Backup: Only files changed since last backup, performed daily
  • Differential Backup: Files changed since last full backup, performed daily
Backup Strategy RPO (Recovery Point Objective) RTO (Recovery Time Objective) Storage
Full daily 1 day 2-4 hours Very high
Full weekly + daily incremental 1 day 1-2 hours Medium
Full weekly + daily differential 1 day 30 minutes Medium-high
Continuous replication 15 minutes 5-10 minutes High + secondary server

Common File Server Issues

Problem: "Access Denied" Despite Correct Permissions

Causes: Permission inheritance disabled, NTFS vs Share conflict, token refresh lag

Solutions:

  • Check NTFS permissions: Properties → Security tab
  • Verify Share permissions: Advanced Sharing → Permissions
  • Check inheritance: Advanced → Change Permissions → Inheritance
  • Force token refresh: User logs out/in or gpupdate /force
  • Clear cached credentials on client

Problem: File Server Running Slow or Disk Full

Diagnosis:

  • Check disk usage: Get-Volume
  • Identify large folders: Get-ChildItem -Recurse | Measure-Object -Sum Length
  • Review Shadow Copies storage: Take up significant space
  • Check for temporary files and cache

Solutions:

  • Add storage (new drives or expand arrays)
  • Archive old files to different location
  • Reduce Shadow Copies retention
  • Implement disk quotas to prevent abuse
  • Delete temporary files and cache

Key Takeaways

  • File servers provide centralized, secure file storage
  • NTFS permissions control access at file system level
  • Share permissions control network access
  • Most restrictive permission applies when NTFS and Share differ
  • Quotas prevent disk exhaustion
  • Regular backups ensure data recovery capability
  • Proper permission design is essential for security