So, how exactly do you setup a file server only using a command line? Granted, some of these functions can be performed remotely using a GUI, but hey, where’s the fun in that? By default Core can function as a File Server with no roles to setup.
You can view what roles are installed by running: oclist or what’s not installed with oclist | find /i “not”
There are a few tools you’ll need to become familiar with if you’re not already: diskpart, net , netsh and icacls.
Remote Desktop:
The following commands should enable remote desktop for you
Run these commands from the %systemroot%system32 directory.
To set the key: cscript scregedit.wsf /ar 0
To view the key: cscript scregedit.wsf /ar /v (should return a “0”)
To open the firewall up: netsh firewall set service type=remotedesktop mode=enable
Setting up a partition:
I’ll demonstrate a simple file server configuration setup here. It consists of two separate disks, one with the OS installed and one for data.
C:\diskpart
DISKPART> list disk
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 8 GB 0 B
Disk 1 Online 64 GB 64 GB
DISKPART> select disk 1
Disk 1 is now the selected disk.
DISKPART> create partition primary
DiskPart succeeded in creating the specified primary partition.
DISKPART> assign letter=E:
DiskPart successfully assigned the drive letter or mount point.
DISKPART> format fs=ntfs quick
DiskPart successfully formatted the volume.
It’s as simple as that. Now you’ll have a formatted partition ready to work with.
Sharing Folders:
Now we create a folder and share it out to the network.
c:\e:
e:\md Shared
e:\net share Shared=e:Shared /grant:everyone,full
Shared was shared successfully.
We’ll grant everyone full permissions at the share level, but limit them later.
Now, you should be able to browse to “\yourservernameShared” from another computer, but unless you are a local admin of the server, you may not be able to do anything yet.
Folder Permissions:
Here is where we will use icacls, this is very handy for setting permissions in the CLI. But you may find this even better than using the GUI. The older commands for this were cacls and xcacls and have a similar syntax.
What we’ll do here, is set it so only Administrators and System have access to the root share.
First, lets take a look at the current permissions:
icacls e:\shared
Now, let’s remove inheritance, but preserve the existing permissions:
icacls e:\Shared /inheritance:d
Now, let’s remove “Users” from the ACL.
icacls e:\shared /remove:g Users /t
Now create some folders that would normally have different levels of access:
md e:\SharedPublic
md e:\SharedAdministration
Let’s give Users “Modify” access to the public share.
icacls e:\SharedPublic /grant Users:M /t
If you leave “Administration” alone, it will inherit is permissions from “Shared” and only administrators will have access to it. Whatever share you create, simply replace “Users” with a group or specific user name that you want to grant access Most of the time you’ll be working with a domain, so you’ll be specifying domain groups and users.
You’re file structure may be as simple as that, but it can be far more elaborate. Understanding icacls can help you immensely. It is often a good idea to create a CMD script with all the icacls commands you use in case the permissions are ever lost or accidentally changed. You’ll simply be able to re-run it and restore all your settings.
TechnoGreg 