
Server Message Block (SMB) is a popular protocol used for file and printer sharing across networks. Configuring SMB shares with proper access control is essential for ensuring secure collaboration while preventing unauthorized access. In this guide, we’ll walk you through setting up SMB shares and managing permissions effectively.
Step 1: Install the SMB Service
On Windows Server:
- Open Server Manager → Add Roles and Features.
- Select File and Storage Services → File and iSCSI Services.
- Check File Server role and complete the installation.
On Linux (Samba):
sudo apt update
sudo apt install samba -y
Step 2: Create a Shared Folder
- Windows:
- Right-click the folder you want to share → Properties.
- Go to the Sharing tab → Advanced Sharing → enable Share this folder.
- Assign a Share Name.
- Linux (Samba):
- Open the Samba configuration file:
sudo nano /etc/samba/smb.conf
- Add a share definition:
[SharedDocs] path = /srv/shared browseable = yes read only = no guest ok = no
- Restart Samba:
sudo systemctl restart smbd
- Open the Samba configuration file:
Step 3: Configure Access Control
- Windows:
- In Advanced Sharing → click Permissions.
- Assign Read, Change, or Full Control to users or groups.
- Use NTFS Permissions (Security tab) for more granular control.
- Linux (Samba):
- Create a Samba user:
- Create a Samba user:
sudo smbpasswd -a username
- Adjust folder permissions:
sudo chown username:group /srv/shared sudo chmod 770 /srv/shared
Step 4: Test the SMB Share
- From a client system, open File Explorer (Windows) or use the command:
- From a client system, open File Explorer (Windows) or use the command:
smbclient //server-ip/SharedDocs -U username
- Verify that access is restricted based on the configured permissions.
Best Practices for SMB Access Control
- Always use least privilege principle (give only the necessary rights).
- Avoid using the Guest account for sensitive shares.
- Enable encryption and signing for added security.
- Regularly audit share permissions and access logs.
How to Configure SMB Shares with Access Control (F.A.Q)
What is SMB used for?
SMB is primarily used for file and printer sharing between computers on a network.
Can I restrict SMB access to certain IPs?
Yes, you can use firewall rules or Samba configuration (hosts allow
) to restrict access.
Is SMB secure for internet use?
Not by default—SMB should be used within internal networks or protected via VPN.
What’s the difference between share permissions and NTFS permissions?
Share permissions apply to network access, while NTFS permissions apply to local file system security.