Setup Drive Labels Manual Install Setup No Drive Indexing Next

Setup Drive Shares

FineBuild can set up shares drives needed for SQL Server.

FineBuild sets up drive shares and permissions to make it easier for the DBA to navigate to the desired drive on a database server from the SQL Administration Server. The labels used to Setup Drive Labels are also used as the drive share names.

Permissions for shares always have to be assigned on the server to which the share relates. This is because permissions for shares cannot be assigned by a GPO.

It is strongly recommended that Windows Access-Based Enumeration is activated to prevent users finding the names of shares they do not have access to. If access-based enumeration is not used then the share names should not include the drive letters, as these could help an outsider understand the server configuration. Only include the drive letters in the share names if access-based enumeration is active for the server.

The share permissions are set up on the basis that:
  • Permissions on shares should be kept as simple as possible. A complex list of permissions on a share is both difficult to manage and audit, and can give a misleading sense of security.
  • Windows controls access to the server via membership of the local User group. Restricting membership of this group is a key part of overall server security.
  • If a user has been granted access to the server, then they can navigate to the location specified by
the share regardless of the permissions on the share. Access to data on the server can only be controlled by permissions to the relevant files and folders.

Therefore, there is no benefit in having a permissions list on any share that is more complex than that shown below:

Drive Letter Label Share Name Permission User / Group
C: System (C) System Full Control (local) Administrators
Change (local) Users
E: Tools (E) Tools Full Control (local) Administrators
Change (local) Users
F: FT Data (F) FT Data Full Control (local) Administrators
Change (local) Users
I: Backup (I) Backup Full Control (local) Administrators
Change (local) Users
J: SQL Logs (J) SQL Logs Full Control (local) Administrators
Change (local) Users
K: SQL Data (K) SQL Data Full Control (local) Administrators
Change (local) Users
T: Temp (T) Temp Full Control (local) Administrators
Change (local) Users

FineBuild Drive Shares Processing

Processing of Drive Shares relates to Process Id 1FA in the FineBuild1Preparation script, and is controlled by the parameter below:

Parameter Build SQL2005 SQL2008 SQL2008 R2 SQL2012 SQL2014
SetupShares FULL Yes Yes Yes Yes Yes
SetupShares WORKSTATION Yes Yes Yes Yes Yes
SetupShares CLIENT Yes Yes Yes Yes Yes

FineBuild will use the labels used to Setup Drive Labels to also set up the drive share names.

Manual Setup Drive Shares Processing

The following steps show what you would have to do to setup Drive Shares manually. FineBuild does all of this work for you automatically.

1) Right-click on each drive letter and select Properties

2) Click on the Sharing tab. Click on Share this folder and then click on New Share
3) Set the share name as shown in the above table, for example (K) SQL Data, then click on Permissions
4) Remove the entry for Everyone, then click on Add to set up the desired share permissions
5) If the list of objects does not include Groups, click on Object Types
6) Select the Groups object type. Click OK to continue
7) Click on Locations, and set the location to be the current server
8) Add entries for the local server Administrators and local server Users groups, and then click Check Names. Click OK to continue
9) Assign Full Control permissions to the Administrators group
10) Assign Change permissions to the Users group. Click OK to exit from the Permissions window
Copyright © 2014 Edward Vassie. License and Acknowledgements
Previous Setup Drive Labels Top Setup No Drive Indexing Next

Last edited Aug 21, 2014 at 11:53 AM by EdVassie, version 2