Previous Page | Next Page

  1. Introduction
  2. Windows 2000 Professional
  3. Windows 2000 Server
  4. Windows 2000 Advanced Server
  5. Windows 2000 Datacenter Server
  6. Application Support
  7. System Operation
  8. Disks and Volumes
  9. Filesystems
  10. Configuration Files
  11. Security
  12. Network Support
  13. Access Management
  14. Processes
  15. AD Structure
  16. AD Objects
  17. AD Object Naming
  18. AD Schema
  19. AD Sites
  20. Domains
  21. AD Functions
  22. AD Replication
  23. DNS
  24. AD Security
  25. AD Installation
  26. AD Configuration
  27. AD Performance
  28. Installation
  29. Installation Options
  30. Unattended Installation
  31. Software Distribution
  32. Remote Installation Service
  33. Language
  34. Accessibility
  35. File Attributes
  37. Distributed File System
  38. Control Panel
  39. Active Directory Tools
  40. Computer Management Console Tools
  41. MMC Tools
  42. Network Tools
  43. Network Monitor
  44. System Performance Monitoring
  45. Tools
  46. Managing Services
  47. Connections
  48. TCP/IP
  49. DHCP
  50. Printing
  51. Routing
  52. IPSec
  53. ICS
  54. Fault Tolerance
  55. Backup
  56. System Failure
  57. Services
  58. Remote Access
  59. WINS
  60. IIS
  61. Certificate Server
  62. Terminal Services
  63. Web Services
  64. Authentication
  65. Accounts
  66. Permissions
  67. Groups
  68. User Rights and Auditing
  69. Auditing
  70. User Profiles
  71. Policies
  72. Group Policies
  73. Miscellaneous
  74. Terms
  75. Credits

Windows 2000 Shares

Shares are directories that are shared over the network. All subdirectories and files in the shared folder are shared with users who have the correct permissions. Users that can share directories are:

  • On Windows 2000 domain controllers:
    • Local Administrators
    • Local server operators
    • Global Domain Admins group since they are automatically a member of the Administrators local group on all computers in the domain.
  • On Windows 2000 computers that are not domain controllers:
    • Local Administrators
    • Local power users
    • Global Domain Admins group since they are automatically a member of the Administrators local group on all computers in the domain.

Computer Management can be used to share directories on local and remote computers. Windows Explorer can be used to share folders on local computers. Share name length supported by operating systems:

  • MS-DOS - 8 characters plus 3 leter extension.
  • Windows 95 and Windows 98 - 12 characters
  • Windows NT and Windows 2000 - 80 characters

Directory Property dialog box tabs:

  • General
  • Web Sharing
  • Sharing - Share name, user limit, permissions, and caching (manual or automatic caching for documents and automatic caching for programs for offline access).
  • Security

Share permissions:

  • Read - Users can see contents of files and directories.
  • Change - Users can create, change and delete files and directories.
  • Full Control - Allows Change benefits and ability to change permissions and take ownership of directories and files.

These permissions are set as allowed or denied to users or groups. If permission is denied for a particular permission to a particular user or group, then that user or group is denied that permission, even if another group they are in has permission for that permission.

Share Modofications:

  • Changing share names - Remove the share, then re-create the share.
  • Assign multiple names to a share - Create a new share for the same directory as a previous share, and set up share permissions.

UNC or FQDN may be used to access shared resources.

Universal Naming convention (UNC)

A UNC includes:

  • Server name
  • Shared resource name



Fully Qualified Domain Names (FQDN)

A FQDN includes:

  • Server name
  • Domain name
  • Root domain name




An example share access using FQDN:


Administrative shares

Administrators may view administrative shares from the Control panel server applet by selecting the "Shares" button. The Server Manager may be used on NT server. Adding a $ to the end of a share will make them hidden and you must know the share name thereafter to use the share. The registry may be modified to prevent the creation of hidden shares in "/HKEY_LOCAL_MACHINE/CurrentControlSet/Services/lanmanserver". Set or create the double word value "AutoShareServer" or "AutoShareWks" on Windows 2000 server or professional respectively. Set the value to 0.

  • Admin$ - This is where the system files were installed, usually C:\WINNT40. Users that can use these shares remotely are administrators, backup operators, and server operators.
  • drive$ - Every partition's root directory followed by a $. Users that can use these shares remotely are administrators, backup operators, and server operators.
  • IPC$ - Named pipes to be used to communicate between systems and programs. It is used to access resources on other computers.
  • NETLOGON/SYSVOL - The Netlogon share is used on Windows NT domain controllers to authenticate users. In Windows 2000, the SYSVOL share carries out these functions. The SYSVOL share includes group policy information which is replicated to all local domain controllers.
  • Print$ - Provides shared printer support.
  • REPL$ - Used on an NT server for directory replication.

Accessing a shared folder

The following ways may be used to access shared folders.

  • Network Neighborhood
  • The find command
  • Drive mapping with Windows Explorer
  • Drive mapping with My Computer