You can enable standard file sharing on disks formatted with FAT, FAT32, exFAT, NTFS, or Resilient File System (ReFS). One set of permissions apply to disks formatted with exFAT, FAT, or FAT32. These permissions are called share permissions . Two sets of permissions apply to disks formatted with NTFS or ReFS: NTFS permissions (also referred to as access permissions) and share permissions . Having two sets of permissions allows you to determine precisely who has access to shared files and the level of access assigned. With either NTFS permissions or share permissions, you do not need to move the files you are sharing.

With public folder sharing, you share files by just copying or moving files to the computer’s Public folder. Public files are available to anyone who logs on to a computer locally regardless of whether that person has a standard user account or an administrator user account on the computer. You can also grant network access to the Public folder; however, if you do this, there are no access restrictions. The Public folder and its contents are open to everyone who can access the computer over the local network.

The sharing settings on a computer determine the way files can be shared. The two file sharing models that Windows Server 2012 R2 supports have the following differences:

■ Standard (in-place) file sharing Allows remote users to access files, folders, and drives over the network. When you share a folder or a drive, you make all its files and subfolders available to a specified set of users. Share permissions and access permissions together enable you to control who has access to shared files and the level of access assigned. You do not need to move the files you are sharing.

■ Public folder sharing Allows local users and (optionally) remote users to access any files placed in the computer’s %SystemDrive%\Users\Public folder. Access permissions on the Public folder determine which users and groups have access to publicly shared files in addition to the level of access those users and groups have. When you copy or move files to the Public folder, access permissions are changed to match those of the Public folder. Some additional permissions are added as well. When a computer is part of a workgroup, you can add password protection to the Public folder. Separate password protection isn’t needed in a domain because only domain users can access Public folder data.

With standard file sharing, local users don’t have automatic access to any data stored on a computer. You control local access to files and folders by using the security settings on the local disk. With public folder sharing, on the other hand, files copied or moved to the Public folder are available to anyone who logs on locally. You can grant network access to the Public folder as well; however, doing so makes the Public folder and its contents open to everyone who can access the computer over the network.

Windows Server 2012 R2 adds new layers of security through compound identities, claims-based access controls, and central access policies. With both Windows 8.1 and Windows Server 2012 R2, you can assign claims-based access controls to file and folder resources on NTFS and ReFS volumes. With Windows Server 2012 R2, users are granted access to file and folder resources, either directly with access permissions and share permissions or indirectly with claims-based access controls and central access policies.

SMB 3.0 makes it possible to encrypt data being transferred over the network. You can enable SMB encryption for shares configured on NTFS and ReFS volumes. SMB encryption works only when the computer requesting data from an SMB-based share (either a standard file share or a DFS share) and the server supplying the data support SMB 3.0. Both Windows 8.1 and Windows Server 2012 R2 support SMB 3.0. (They have an SMB 3.0 client.)

Public folder sharing is designed to enable users to share files and folders from a single location. With public folder sharing, you copy or move files you want to share to a computer’s %SystemDrive%\Users\Public folder. You can access public folders in File Explorer by double-tapping or double-clicking the system drive, and then accessing the Users\Public folder.

The Public folder has several subfolders you can use to help organize public files:

■ Public Desktop Used for shared desktop items. Any files and program shortcuts placed in the Public Desktop folder appear on the desktop of all users who log on to the computer (and to all network users if network access has been granted to the Public folder).

■ Public Documents, Public Music, Public Pictures, Public Videos Used for shared document and media files. All files placed in one of these subfolders are available to all users who log on to the computer (and to all network users if network access has been granted to the Public folder).

■ Public Downloads Used for shared downloads. Any downloads placed in the Public Downloads subfolder are available to all users who log on to the computer (and to all network users if network access has been granted to the Public folder).

NOTE By default, the Public Desktop folder is hidden from view. If hidden items aren’t being displayed in File explorer, tap or click View, and then select hidden Items.

By default, anyone with a user account and password on a computer can access that computer’s Public folder. When you copy or move files to the Public folder, access permissions are changed to match that of the Public folder, and some additional permissions are added as well.

You can change the default Public folder sharing configuration in two key ways:

■ Allow users logged on to the computer to view and manage public files but restrict network users from accessing public files. When you configure this option, the implicit groups Interactive, Batch, and Service are granted special permissions on public files and public folders.

■ Allow users with network access to view and manage public files. This allows network users to open, change, create, and delete public files. When you configure this option, the implicit group Everyone is granted Full Control permission to public files and public folders.

Windows Server 2012 R2 can use either or both sharing models at any time. However, standard file sharing offers more security and better protection than public folder sharing, and increasing security is essential to protecting your organization’s data. With standard file sharing, share permissions are used only when a user attempts to access a file or folder from a different computer on the network. Access permissions are always used, whether the user is logged on to the console or is using a remote system to access a file or folder over the network. When data is accessed remotely, first the share permissions are applied, and then the access permissions are applied.

As shown in Figure 3–1, you can configure the basic file sharing settings for a server by using Advanced Sharing Settings in Network And Sharing Center. Separate options are provided for network discovery, file and printer sharing, and public folder sharing.