1. Create a directory on the server
2. Set the ACLs on the directory
3. Right Click on the folder and Choose “Properties”
4. Select the Security Tab
5. Click on the “Add” button and add the Active Directory groups that will have access to the share.
6. Configure the groups to have the proper access (read, write, etc.)
7. Uncheck the “Allow inheritable permissions from parent to propagate to this object” check box (when the security warning message is displayed, click on the “Copy” button).
8. Remove the “Everyone” group from the ACLs
9. Right click on “My Computer” and choose “Manage”
10. Expand “System Tools” and “Shared Folders”
11. Right click on “Shares” and choose “New File Share”
12. Select the folder that was created above for the “Folder to share” entry
13. Check “Apple Macintosh” check box in the “Accessible from the following clients” section. You can also make the share available to Windows clients by checking the “Microsoft Windows” check box.
14. Enter a share name and description for the share
15. Click on the Next button
16. Select “Custom” from the permissions options
17. Click on the “Finish button
On the Windows 2000 server that is hosting the AppleShare service:
The ServerOptions value in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MacFile\Parameters
registry key should be changed to prevent clear text passwords. The following table explains all of the
possible values for this registry entry.
Note that the settings that are highlighted are not recommended.
|
Binary |
Hex |
Decimal |
Meaning |
|
110000 |
30 |
48 |
No Guest Logons allowed No Clear Text Passwords allowed Users can not save passwords on their computers |
|
110001 |
31 |
49 |
Guest Logons allowed No Clear Text Passwords allowed Users can not save passwords on their computers |
|
110010 |
32 |
50 |
No Guest Logons allowed Clear Text Passwords allowed Users can not save passwords on their computers |
|
110011 |
33 |
51 |
Guest
Logons allowed Clear Text Passwords allowed Users can not save passwords on their computers |
|
110100 |
34 |
52 |
No Guest Logons allowed No Clear Text Passwords allowed Users can save passwords on their computers |
|
110101 |
35 |
53 |
Guest Logons allowed No Clear Text Passwords allowed Users can save passwords on their computers |
|
110110 |
36 |
54 |
No Guest Logons allowed Clear
Text Passwords allowed Users can save passwords on their computers |
|
110111 |
37 |
55 |
Guest
Logons allowed Clear
Text Passwords allowed Users can save passwords on their computers |
The value in the registry should be changed to 30 hex (or 48 decimal). This provides the greatest security for share access. Note that the default value is 37 hex (or 55 decimal). This setting isn’t acceptable and should be changed.
Click on Start + Programs + Administrative Tools + Services. Stop, then Start the “File Server for Macintosh” service for the change to take effect.
On the Windows 2000 server that is hosting the AppleShare service:
You can display a message to anyone who logs on to the share by setting the LoginMsg value in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MacFile\Parameters registry key. This message is a limited to 198 characters.
Click on Start + Programs + Administrative Tools + Services. Stop, then Start the “File Server for Macintosh” service for the change to take effect.