jk's blog

Breaking the Rules: Share Files with Computers not in Your Windows Domain

How to share a folder and its files with computers outside of the Windows domain. This is a generally bad idea, but if you need to do it, it’s possible.

1. Create a local user on the server. Set the password.

2. Using the file server’s “Share and Storage Management” tool, create a new share for the folder you want to share.

3. Add this new local user to the share’s security settings. Add this user to the folder’s security settings.

When you’re testing the access, test that the user doesn’t have access to the rest of the shares. You might be surprised to find out that they have access. This is because permissions for shared folders are generally inherited from their parents, and new disks are set up with access for Everyone.

Depending on the share, you might want to stop inheriting permissions, and establish tighter permissions on shared folders. See NTFS File Permissions Rabithole and the linked articles for advice about setting up file permissions through groups.

The reason for step 2 is that it’s better than the alternative, which is to create a path through your existing share to the specific folder. When you make a share, it has both share and file system level permissions in one place, so you’re less likely to overlook the share.