In the first post of this series I highlighted that with Windows Server 2016 there are some feature differences between the Standard and the Enterprise Editions that might get lost in some of the messaging, so in this series of posts I’m going to be highlighting the feature set of Windows Server 2016 Standard,. To activate a user account. Open the Windows Server Essentials Dashboard. On the navigation bar, click Users. In the list view, select the user account that you want to activate. In the User Account Tasks pane, click Activate the user account. In the confirmation window, click Yes to confirm your action.
The term 'file share' in Windows Server is a bit of a misnomer. After all, you can't share individual files, but only folders or disk volumes. Windows Server uses the Server Message Block (SMB) file-sharing protocol and the File and Printer Sharing for Microsoft Networks component (also known as the Server service) to perform file sharing.
Let's review some ways to get the job done in Windows Server 2016. Recall that Windows has two types of permissions available for file system resources:
For simplicity, we'll focus only on shared folder permissions in today's tutorial.
In my examples, I'm running a Windows Server 2016 Technical Preview 5 domain controller, and I'll share out a folder in the path D:scripts that contains a number of Windows PowerShell .ps1 script files.
File Explorer
The method that's familiar to most Windows systems administrators is to right-click the target folder, select Properties from the shortcut menu, and navigate to the Sharing tab. You then click Advanced Sharing, enable Share this folder, and click Permissions to adjust the folder's access control list (ACL).
The 'tried and true' File Explorer method for sharing a folder in Windows Server.
You'll note that the default shared folder permission is to grant the Everyone special identity Read access. The current best practice is actually to grant Everyone (or at least Authenticated Users) Full Control.
The reason for this guidance lies in how NTFS permissions combine with shared folder permissions. By setting the shared folder permissions wide open, we are free to set more restrictive permissions granularly using NTFS security. That’s because the effective permission is the most restrictive permission between the two access lists.
Windows PowerShell
If you haven’t begun mastering Windows PowerShell, then you're already late to the party. Open an elevated Windows PowerShell console session by right-clicking the PowerShell icon in the Start menu or taskbar and selecting Run as Administrator from the shortcut menu.
The New-SmbShare cmdlet is available in Windows Powershell v4 or later; of course, Windows Server 2016 includes Windows PowerShell v5.1. Try the following:
New-SmbShare -Name scripts -Path 'E:scripts' -FullAccess Everyone
You can actually do a lot with SMB file shares by using PowerShell; let's run Get-Command to see what's available:
![]()
Get-Command -Noun SmbShare | Select-Object -Property Name
Name ---- Get-SmbShare New-SmbShare Remove-SmbShare Set-SmbShare Server Manager
As long as your Windows Server 2016 server has the File Server role installed, you can use Server Manager to create and manage file shares. Run the following PowerShell 'one-liner' to determine whether the role's installed:
Get-WindowsFeature -Name FS-FileServer
If not, then you can install the role quickly and easily with the following command:
Install-WindowsFeature -Name FS-FileServer -IncludeAllSubFeature -IncludeManagementTools
You can start Server Manager from PowerShell simply by typing servermanager and pressing Enter.
In Server Manager, select the File and Storage Services node, and then Shares in the submenu. As shown in the following screenshot, creating a new file share is as easy as choosing New Share from the Tasks menu and then completing the New Share Wizard.
You'll note that the Server Manager New Share Wizard gives you more flexibility in creating shares than the two previously described methods. For instance, you can create Network File System (NFS) shares that are compatible with Linux computers
There are several reasons to create and use a local domain even in relatively small home networks. To list a few:
To create a local domain, you need a Windows Server operating system (yes, of course you can set up a Linux server, too, but this is Windows 10 Forums! ). It can be installed on physical hardware with quite modest specifications, or on a virtual machine. Naturally, to guarantee that your domain and Active Directory which controls and manages the users and computers on your domain function, the server should be always on, up and running. Setting up an Active Directory Domain Controller can be divided to five phases:
This tutorial will show you how to do this. When done, your users and computers can join your own local domain. The new Windows Server 2016 is now (end of May 2016) in version Technical Preview 5 and can be downloaded for free from Microsoft TechNet Evaluation Center: Technet Evaluation Center More information about Windows Server 2016: https://www.microsoft.com/en-us/serv...s-server-2016/ More about Active Directory: Let's start! The tutorial might look long and complicated but please believe me, it's a piece of cake, doing everything told in this tutorial will take 30 to 40 minutes of your time, including the time needed to install Windows Server 2016 :) To join a Windows PC or virtual machine to a domain, it must be PRO or better edition:
If your home computers have a Home edition of any Windows version, they cannot join a domain.
Click or tap screenshots in this tutorial to pop out them, click / tap again to enlarge.
1.1) Download Windows Server 2016: Technet Evaluation Center. Notice that you need to register to be able to download 1.2) If installing on a virtual machine select the ISO file as install media. On a physical machine you need first to create a DVD or flash install media. See this tutorial for help: USB Flash Drive - Create to Install Windows 10 - Windows 10 Forums 1.3) Boot from Windows Server 2016 install media 1.4) When prompted, enter the generic product key shown in Preinstall Information: 1.5) Select the Desktop Experience version:1.6) Install Windows normally, as any other Windows version. When installation is done, you need to set the password for the built-in administrator 1.7) Press CTRL+ALT+DEL to enter the sign-in dialog, enter the password, hit Enter to sign in: 2.1) Server Dashboard opens automatically by default (when closed it can be opened from Start). First thing is to change the resolution, after the installation Windows defaults to 1024*768, aspect ratio 4:3. To work comfortably you need better resolution. Minimize the Dashboard, select Display Settings from desktop context menu. This warning will be shown: 2.2) Maximize / open the Dashboard. Select Local Server on left paneIt is extremely important that Windows Server is fully updated before going any further. Click Never after Last checked for updates, run Windows Update, restart if prompted: 2.3)Change the computer name to something easier to remember and recognize. In this example I changed the name to TenForumsServer. Remember to restart after computer name change! 2.4) Set astatic IP addressfor server. Select an IP outside the DHCP IP pool your router uses to assign dynamic IP addresses. In this example I checked my router settings, learned that the IP pool it uses is from 192.168.2.100 to 192.168.2.200, router itself using 192.168.2.1: I chose 192.168.2.50 for the server, set it as static IP, setting both Default Gateway and Preferred DNS server to use the router IP 192.168.2.1: 3.1) Select Add Roles and Features from the Manage menu top right: 3.4) See that your server is listed, select it and choose Select a server from the server pool. Click Next:3.5) Click on the selection box Active Directory Domain Services. A dialog opens, click Add Features: 3.6) Click Next:3.7) Click Next: 4.1) You should now see a yellow warning sign next to Notifications flag in menu bar top right. Click the flag to open the menu. When it tells you Installation succeeded on ServerName, select Promote this server to a domain controller:
Local domain name guidelines A domain name as we have been used to see on Internet consists of subdomain (optional), domain and TLD (top level domain). They are separated with a dot. For example in domain name www.myownwebsite.com, the www is the subdomain, myownwebsite domain and com the TLD. My favourite news site from my native Finland is http://www.yle.fi, again the subdomain being www, the domain itself yle and the TLD the country code for Finland fi. Their on-demand TV I can find from http://areena.yle.fi where areena is subdomain, yle the domain and again fi as TLD. In naming local domains the subdomain can be used but is mostly left out as unnecessary. The local domain suffix can be almost anything you'd like to, important to remember is not to use any reserved top level domain suffixes like .com, .org, .net or the country TLDs like .co.uk, .fi, .fr and so on. TLD suffixes commonly used in local domains are for instance .loc and .local. My home domain is called agm.home, I'm used to name my home network domains with suffix .home but as it might happen that it will be registered as an available TLD for Internet, I need to rethink that and rename my domain. A local domain prefix (domain name) should be max 15 characters; if any longer, Windows Server uses the first 15 characters of it as so called NetBIOS name. The prefix may only contain letters A-Z, a-z, numbers 0-9 and one or more hyphens. It must contain at least one letter, a domain prefix containing numbers only is not allowed. 4.3) This is important: on the next page of the wizard you need to set up a password you wish you will never need: A recovery password in case something goes awfully wrong and you need to run Directory Services Restore. Select a good password, it may but don't have to be the same as your server admin password. Click Next when done:4.4) The DNS options page shows you a warning which you can completely ignore. Click Next: 4.6) Accept default paths, click Next: 4.13) Instead open Internet Explorer (WIN+R, type iexplore, hit Enter). You will be notified that Enhanced Security is enabled. You need to manually add websites you want to visit to list of allowed sites: 4.14) Everything OK, Internet works. You can close the browser: 5.1) A domain without users allowed to sign in is useless. To create users, open Tools menu, select Active Directory Users and Computers: 5.7) Add user to Administrators: 5.8) In the future you can sign in to server with your own domain user credentials
That's it!
Your domain is set up and running. Now you can join your devices to the domain. Managing users and computers, group policies and much more in future tutorials and videos. Kari Comments are closed.
|
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |