The NET Share command is used to manage file/printer shares.
Syntax
NET SHARE sharename=drive:path [/GRANT:user,[READ | CHANGE | FULL]]
[/USERS:number | /UNLIMITED]]
[/REMARK:"text"]
[ /CACHE:Manual | Documents | Programs | BranchCache | None ]
for an existing share:
NET SHARE sharename [/USERS:number | /UNLIMITED]]
[/REMARK:"text"]
[ /CACHE:Manual | Documents | Programs | BranchCache | None ]
NET SHARE sharename /DELETE
NET SHARE devicename /DELETE
NET SHARE drive:path /DELETE
Permissions granted with /GRANT apply to the share itself and files and folders accessed via the share. If files are accessed by any alternative route e.g. using a direct UNC path, then these permissions will have no effect.
Because of this, there is generally no point in applying a lot of fine grained permissions to a file share: grant admins FULL and the 'everyone' group CHANGE and then apply all the detailed permissions directly to the files and folders using ICACLS.
If a user or group has Read permission to the share and Full permission to the files, their access rights will be lowered to Read unless they bypass the share by opening a UNC path.
If a user or group has Full permission to the share but only Read permission to the files, they will still only have Read access to the files but will be able to edit all properties on the file share.
By default new shares on Windows Server will have Access-based Enumeration (ABE) available, but OFF by default:
Server Manager ➞ File and Storage Services ➞ sharename ➞ Properties ➞ Settings ➞ Enable Access-based enumeration.
ABE doesn’t hide the list of the network SHARED folders on a file server, it hides only the contents of the share, displaying only those Files and Folders a user has NTFS permissions to access (at least read), and all inaccessible resources are not displayed (hidden).
Enabling ABE will add a small extra load to the server.ABE can also be enabled or disabled with PowerShell:
Get-SmbShare FolderName | Set-SmbShare -FolderEnumerationMode AccessBased
Get-SmbShare FolderName | Set-SmbShare -FolderEnumerationMode Unrestricted
When creating shares you should be aware that the mapped drive will always be shorter than the real path on the server. This can cause issues with the 260 character filename limit.
For example, if you have a folder on a server called E:\workgroups\ thats mapped for the users as X:\
A legal filename created on a client via the mapped drive:
X:\something\... 158 chars
then becomes on the server
E:\workgroups\something\...168 chars (which some server backup software may fail to read.)You can minimise this issue by keeping the server path as short as possible E:\wg\
For the same reason you should avoid providing users with more than one drive mapping to the same folder. If one share provides a shorter path than the other, then very long filenames that users save using the short path may not be readable via the longer path.
To create file shares, File and Printer sharing must be enabled on the (server) computer.
Display the details of the local share called workgroups:
NET SHARE workgroups
Display the details of all local shares, including the folder/pathname that is being shared:
NET SHARE
To retrieve share details from a remote machine, use WMIC share
Create a new local file share:
NET SHARE workgroups=C:\work /REMARK:"workgroups share" /CACHE:No
Limit the number of users who can connect to a share:
NET SHARE workgroups /USERS:15
Remove any limit on the number of users who can connect to a share:
NET SHARE workgroups /UNLIMITED
Delete a share:
NET SHARE workgroups /DELETE
Delete an Admin share n.b this is NOT recommended,
the share will reappear after a reboot unless you also set the AutoShareServer registry key:
NET SHARE C$ /DELETE
Delete all shares that apply to a given device, in this case the devicename can be a printer (Lpt1) or a pathname (C:\Docs\):
NET SHARE devicename /DELETE
“Don’t worry about people stealing an idea. If it’s original, you will have to ram it down their throats” ~ Howard Aiken
NET.exe - Manage network resources.
NET USE - Connect to a file share (Drive MAP).
NET VIEW - View existing file/printer shares (local or remote).
Enable Admin Shares
WMIC share - View remote file/print shares.
Q149427 - Change Password from the CMD prompt.
Equivalent PowerShell: New-SMBshare - Create an SMB share.