Labs‎ > ‎Windows Labs‎ > ‎

Windows Lab 08 - Creating Groups and Shared Folders


In this lab we're going to create department based groups and place our users in them.  We'll use these groups to setup permissions on sub folders in a common folder we're creating.  The idea is to create folders for each department to share information.  Then we'll create a couple more shares and distribute them to our users with a logon script.  We'll start out by installing office on our clients so we can use Excel.  The high level steps are the following:
  • Install Microsoft Office 2013 on Client01
  • Create department based groups
  • Add users to groups
  • Create common share
  • Setup department folders in common share
  • Create public and apps share
  • Build logon script
  • Verify network drives are working

Install Microsoft Office 2013 on Client01

Put the "Microsoft Office Professional Plus 2013" DVD in the virtual DVD drive.  The image can be found in C:\CIS232.  You may need to rename the disk so it has an ISO extension before you can use it.  Nothing will happen, proceed to the next step

Once the DVD is in the drive, login to Client01 as Ben Dover (bdover) and install Office.
Client01 - Install Office Professional Plus 2013

We have a list of users and associated groups that we'll use later in the lab.  Log on to Server01 as Administrators and copy that list from the CIS232 folder to Ben Dover's home folder.  ("C:\Shared Data\Home\BDover")
Server01 - Copy Groups.csv to Ben Dover

Create Department Based Groups

Let's create the groups that represent the departments in our organization. Create the following groups in the "Security Groups" OU.  Each group will be a global group.
  • Accounting
  • HR
  • IT
  • Marketing
  • Purchasing
  • Quality
  • Sales
Server01 - Create Groups

Add Users to Groups

Open the Groups.csv file on Client01.  Use the data in the file to add the users to their groups on Server01.  There are many different ways you can add the users to the groups.  Try to find the most efficient method for you.

Create Common Share

We are ready to create a common share for our users.  The common share will contain folders for each department.  Only the members of each department will have access to their folders.  Create the common folder with the following settings.
  • Location -  C:\Shared Data\Common
  • Share name - Common
  • Share permissions - Domain Admins: Full Control; Staff: Change
  • NTFS Permissions - Domain Admins: Full Control; Staff:  Read & Execute, List Folder Contents, Read
Server01 - Create Common Share

By setting the NTFS permissions to Read Only at the NTFS level we are preventing non administrators from adding random folders and data to the root of the share.  Since we plan an allowing them to add data to subfolders we have to allow change access at the share level.  If we didn't, then our users wouldn't have permission to add/modify data in the department based folders.  NTFS permissions can be applied differently on sub folders, but share level permissions effect all data under the root. 

Setup Department Folders in Common Share

Now we will create our department shares inside "C:\Shared Data\Common\"  Create the following folders.
  • Accounting
  • HR
  • IT
  • Marketing
  • Purchasing
  • Quality
  • Sales
On each folder set the following NTFS permissions:  In the end each folder should only have the permissions specified below.
  • Domain Admins: Full Control
  • Department Group: Modify (This will select other permissions as well.)
Server01 - Setup Department Folders

Create Public and Apps Share

We're going to create two more shares.  One will be a public drive that anyone in our organization can use to share information, and the other will be used for pushing out applications.  Create two folders in "C:\Shared Data" with the following settings:
  • Name: Public
    • Share name: Public
    • Share permissions - Domain Admins: Full Control; Staff: Change
    • NTFS Permissions - Domain Admins: Full Control; Staff: Modify (This will select other permissions as well.)
Server01 - Create Public Share

  • Name: Apps
    • Share name: Apps
    • Share permissions - Domain Admins: Full Control; Staff: Read
    • NTFS Permissions - Domain Admins: Full Control; Staff: Read & Execute, List Folder Contents, Read
Server01 - Create Apps Share

Build Logon Script

Now we want to create a logon script and apply it to our user accounts.  Copy the logon.bat file to Server01's desktop and modify it to have the following lines.
  • Net Use j: \\Server01\Common > NUL: 2>&1
  • Net Use p: \\Server01\Public > NUL: 2>&1
  • Net Use y: \\Server01\Apps > NUL: 2>&1
Once you're done run the script on the server and verify it creates the mapped drives.  If not double check the script for errors.
Server01 - Create Logon Script

Once the script is working copy it into the netlogon folder. (\\Server01\netlogon)  Then apply the logon script to all your users.  You can modify the properties of all your users at once and set the Logon Script to "logon.bat" under the "Profile" tab.
Server01 - Apply Logon Script

Verify Network Drives are Working

Finally we can test out our work.  On Client01 log in as MSmith and make sure the network drives appear and that you have the correct access.
Server01 - Verify Network Drives


Answer the lab questions.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10