Go to "Control Panel" > "Privilege Settings" > "Shared Folders" to configure shared folders of your NAS.
This chapter covers the post-obit topics:
Shared Folders
You lot tin create multiple shared folders on the NAS and specify the admission rights of the users and user groups to the shares. The number of shared folders you can create on the NAS varies according to the NAS models. If your NAS model is not listed, please visit http://www.qnap.com for details.
| Maximum number of shared folders | NAS models |
| 256 | TS-110, TS-210, TS-112, TS-119, TS-119P+, TS-212, TS-219P+, TS-x20, TS-x21, TS-410, TS-239 Pro 2+, TS-259 Pro+ |
| 512 | TS-412, TS-419P+, TS-410U, TS-419U, TS-412U, TS-419U+, SS-439 Pro, SS-839 Pro, TS-439 Pro Two+, TS-459U-RP/SP, TS-459U-RP+/SP+, TS-459 Pro+, TS-459 Pro Two, TS-559 Pro+, TS-559 Pro II, TS-659 Pro+, TS-659 Pro II, TS-859 Pro+, TS-859U-RP, TS-859U-RP+, TS-809 Pro, TS-809U-RP, TS-x70, TS-879 Pro, TS-1079 Pro, TS-879U-RP, TS-EC879U-RP, TS-1279U-RP, TS-EC1279U-RP, TVS-471, TVS-671, TVS-871, TVS-871U-RP, TVS-1271U-RP, TVS-463, TVS-663, TVS-863, TVS-863+. |
To create a shared folder, follow the steps below:
| 1. | Click "Create" > "Shared Binder". |
| ii. | Enter the basic binder settings. |
| o | Folder name: Enter the share name. The share name does not support " / \ [ ] : ; | = , + * ? < > ` ' |
| o | Comment: Enter an optional description of the shared binder. |
| o | Deejay Volume: Select which disk volume on which to create the binder. |
| o | Path: Specify the path of the shared folder or select to let the NAS specify the path automatically. |
| 3. | Access privileges for users: Select the fashion yous want to specify access rights to the folder. If you select to specify the access rights by user or user group, you tin can select to grant read only, read/write, or deny access to the users or user groups. |
| four. | Folder Encryption: Select to enable folder encryption with 256-bit AES encryption. See Binder Encryption for more information. |
| 5. | Advanced settings (this is only bachelor when creating a shared folder) |
| o | Invitee Access Right: Assign guest access rights of the folder. |
| o | Media Folder: Select to ready the shared folder as a media folder. |
| o | Hidden Folder Hibernate Network drive: Select to hide the shared folder or not in Microsoft Networking. When a shared folder is subconscious, you have to enter the complete directory \\NAS_IP\share_name to access the share. |
| o | Lock File (Oplocks): Opportunistic locking is a Windows machinery for the client to identify an opportunistic lock (oplock) on a file residing on a server in order to cache the data locally for improved performance. Oplocks is enabled past default for everyday usage and should be disabled on networks that require multiple users concurrently accessing the same files. |
| o | SMB Encryption: Prepare the binder to be accessible for SMB 3 clients. This choice is only bachelor after SMB3 is enabled. Subsequently information technology is enabled, all communications via Microsoft Networking will be conducted via SMB3 and encrypted. All SMB3 clients will be able to connect to NAS via Microsoft Networking. |
| o | Recycle Bin: Enable the Network Recycle Bin for created shared folders. "Restrict the access of Recycle Bin to administrators only for at present" will ensure that files deleted and moved to the Network Recycle Bin tin can only be recovered by administrators. Please note that the Recycle Bin option is merely bachelor after you enable Network Recycle Bin in "Command Panel" > "Network Services" > "Network Recycle Bin". |
| o | Enable Sync on this shared folder: Enable this selection if you want to sync the contents in this shared binder. Refer to Qsync Central Station for more details. |
| half dozen. | Click "create" to complete the setup. |
To delete a shared binder, select the folder checkbox and click "Remove". Y'all can select the option "Also delete the information. (Mounted ISO epitome files will not be deleted)" to delete the folder and the files in it. If you practise not select to delete the folder data, the data will be retained in the NAS. You tin can create a shared folder of the same proper noun once again to access the data.
| Icon | Proper name | Description |
|  | Folder Belongings | Edit the folder property. Select to hide or prove the network drive, enable or disable oplocks, folder path, comment, restrict the admission of Recycle Bin to administrators (files tin can just exist recovered by administrators from the Network Recycle Bin) ,enable or disable write-but access on FTP connexion, binder encryption, and synchronization. |
|  | Folder Permissions | Edit binder permissions and subfolder permissions. |
|  | Refresh | Refresh the shared binder details. |
Folder Permissions
Configure folder and subfolder permissions on the NAS. To edit basic folder permissions, locate a binder name in "Privilege Settings" > "Shared Folders" and click "Folder Permissions". The folder name will exist shown on the left and the users with configured access rights are shown in the panel. Yous can also specify invitee access rights on the bottom of the panel. Click "Add together" to select more users and user groups and specify their admission rights to the binder. Click "Add together" to ostend. Click "Remove" to remove whatsoever configured permissions. You can select multiple items by property the Ctrl central and left clicking the mouse. Click "Employ" to save the settings.
Subfolder Permissions
The NAS supports subfolder permissions for secure management of the folders and subfolders. You can specify read, read/write, and deny access of private user to each binder and subfolder.
To configure subfolder permissions, follow the steps below:
| one. | Go to "Privilege Settings" > "Shared Folders" > "Avant-garde Permissions" tab. Select "Enable Advanced Folder Permissions" and click "Apply". |
| 2. | Go to "Privilege Settings" > "Shared Folders" > "Shared Folders" tab. Select a root folder, for example Dept, and click "Binder Permissions". The shared folder name and its outset-level subfolders are shown on the left. The users with configured access rights are shown in the panel, with special permission beneath. Double click the outset-level subfolders to view the second-level subfolders. Select the root folder (Dept). Click "+ Add" to specify read simply, read/write, or deny admission for the users and user groups. |
| 3. | Click "Add together" when you have finished the settings. |
| 4. | Specify other permissions settings below the folder permissions panel. |
| o | Invitee Access Right: Specify to grant total or read only access or deny guest admission. |
| o | Owner: Specify the owner of the binder. By default, the folder owner is the creator. |
| 5. | To modify the binder possessor, click the "Binder Property" button side by side to the owner field. |
| 6. | Select a user from the listing or search a username. Then click "Set". |
| o | Only the owner tin can delete the contents: When you employ this selection to a folder, e.g. Dept, just the folder possessor tin can delete the get-go-level subfolders and files. Users who are non the owner simply possess read/write permission to the folder cannot delete the folders Admin, Hr, Production, Sales, and test in this instance. This option does not utilize to the subfolders of the selected folder even if the options "Utilise changes to files and subfolders" and "Utilise and supervene upon all existing permissions of this folder, files, and subfolders" are selected. |
| o | Only admin can create files and folders: This pick is just available for root folders. Select this option to allow admin to create start-level subfolders and files in the selected folder only. For example, in the folder "Dept", only admin can create files and subfolders Admin, HR, Production, and so on. Other users with read/write access to Dept can only create files and folders in the 2d and lower-level subfolders such as Admin01, Admin02, HR1, and HR2. |
| o | Apply changes to files and subfolders: Apply permissions settings except owner protection and root folder write protection settings to all the files and subfolders inside the selected folder. These settings include new users, deleted users, modified permissions, and folder owner. The options "But the owner can delete the contents" and "Only admin can create files and folders" will non exist applied to subfolders. |
| o | Apply and supersede all existing permissions of this folder, files, and subfolders: Select this option to override all previously configured permissions of the selected folder and its files and subfolders except owner protection and root binder write protection settings. The options "Only the owner tin delete the contents" and "Only admin can create files and folders" will not be applied to subfolders. |
| o | Special Permission: This option is only bachelor for root folders. Select this choice and choose between "Read only" or "Read/Write" to allow a user to access to all the contents of a folder irrespectively of the pre-configured permissions. A user with special permission will be identified every bit "admin" when he/she connects to the folder via Microsoft Networking. If you take granted special permission with "Read/Write" access to the user, the user will have total access and is able to configure the folder permissions on Windows. Note that all the files created by this user belong to "admin". Since "admin" does not have quota limit on the NAS, the number and size of the files created by users with special permission will non be limited by their pre-configured quota settings. This choice should be used for administrative and backup tasks only. |
| 7. | After irresolute the permissions, click "Apply" and then "Yep" to confirm. |
Annotation:
| • | You lot tin create up to 230 permission entries for each binder when Avant-garde Folder Permission is enabled. |
| • | If you lot accept specified "deny admission" for a user on the root folder, the user volition not be allowed to access the folder and subfolders even if you select read/write access to the subfolders. |
| • | If you accept specified "read just admission" for a user on the root binder, the user will have read only access to all the subfolders fifty-fifty if y'all select read/write access to the subfolders. |
| • | To specify read only permission on the root folder and read/write permission on the subfolders, you must set read/write permission on the root folder and utilise the option "Only admin tin can create files and folders" (to exist explained afterward). |
| • | If an unidentified account ID (such as 500) is shown for a subfolder on the permission assignment folio later yous click the "Admission Permissions" push next to a shared folder in "Control Console">"Privilege Settings">"Shared Folders">"Shared Folder", information technology is likely that the permission of that subfolder has been granted to a user account that no longer exists. In this case, please select this unidentified account ID and click "Remove" to delete information technology. |
Microsoft Networking Host Access Control
NAS folders tin be accessed via Samba (Windows) by default. You can specify authorized IP addresses and hosts by post-obit these steps:
| 1. | Click "Folder Permissions". |
| 2. | Select "Microsoft Networking host admission" from the drop-downward menu on top of the page. |
| 3. | Specify the allowed IP addresses and host names. The following IP address and host proper noun are used equally instance here: |
| o | IP address: 192.168.12.12 or 192.168.*.* |
| o | Host proper noun: dnsname.domain.local or *.domain.local |
| 4. | click "Add" to enter the IP address and host proper name and so "Apply". |
Notifications on characters used:
| • | Wildcard characters: You lot tin enter wildcard characters in an IP accost or host name entry to represent unknown characters. |
| • | Asterisk (*): Utilize an asterisk (*) as a substitute for null or more than characters. For example, if you enter *.domain.local, the following items are included: a.domain.local, cde.domain.local, or test.domain.local |
| • | Question mark (?): Utilise a question mark (?) as a substitute for only i character. For example, exam?.domain.local includes the following: test1.domain.local, test2.domain.local, or testa.domain.local |
When you use wildcard characters in a valid host name, dot (.) is included in wildcard characters. For example, when you enter *.example.com, "one.example.com" and "one.two.instance.com" are included.
Folder Encryption
Shared folders on the NAS can be encrypted with 256-bit AES encryption to protect data. The encrypted shared folders can but be mounted for normal read/write access with the authorized password. The encryption feature protects the confidential data of the binder from unauthorized admission fifty-fifty if the hard drives or the unabridged NAS were stolen.
Note:
| • | The function or its content is only applicative on some models. |
| • | The encryption central cannot include dollar signs ($) or equal signs (=). |
| • | Encrypted shared folders cannot be accessed via NFS. |
| • | If a volume has been encrypted, the shared folders on that book tin can non be encrypted. |
Encrypting and locking a shared folder
To encrypt and lock a shared folder, follow these steps:
| one. | Enable folder encryption: |
| o | When you create a folder, tick "Encryption" under "Binder Encryption", enter a countersign and cull to relieve an encryption key. |
| o | To encrypt an existing binder, click "Edit Properties" under "Activeness" in "Command Panel" > "Privilege Settings" > "Shared Folders", tick "Encrypt this binder", enter a password and choose to salve encryption central. |
| 2. | Become to "Control Panel" > "Privilege Settings" > "Shared Folders", click "Encryption Management" nether "Action". |
| 3. | Switch to "Lock" and click "OK". |
Encryption verification
Afterward a folder is locked, that binder will exist invisible in File Station. If an encrypted shared folder is unlocked, it will reappear in File Station.
Unlocking a shared binder
To unlock an encrypted and locked shared binder, go to "Control Console" > "Privilege Settings" > "Shared Folders", click "Encryption Management" under "Activity" and enter the countersign or upload the encryption primal file.
Encryption Management
After the folder is encrypted, click "Encryption Management" under "Action" in "Control Console" > "Privilege Settings" > "Shared Folders" to edit encryption settings:
| • | To save the encryption key, select the "Download" tab and enter the encryption password to consign the key. |
| • | You can choose to automatically mountain the encrypted binder by selecting "Mount automatically on start upward" in the "Relieve" tab. Enter the encryption fundamental to mount the folder automatically for admission. This option volition be automatically enabled if the "Save encryption key" is checked when encrypting the binder. Folders that practice not have this selection enabled volition exist locked afterwards the organisation restarts. |
| • | To prevent access to the encrypted folder, enable the lock function in the "Lock" tab. Select "Forget the saved key" if you want the binder to remain locked after the system restarts (i.east., without auto mountain when arrangement starts.) To unlock the folder later on, click "Unlock Share Folder" and then enter or import the encryption primal to unlock the folder. |
Note:
| • | It is strongly recommended that you export and save the encryption key. You need the primal to unlock or decrypt the encrypted folder. |
| • | You cannot modify an encrypted folder'south volume or path. |
| • | The default shared folders cannot be encrypted. |
ISO Shared Folders
You can mount ISO image files on the NAS as ISO shares. The NAS supports mounting up to 256 ISO shares.
TS-110, TS-119, TS-120, TS-121, TS-210, TS-219, TS-219P, TS-220, TS-221, TS-410, , TS-119P+, TS-219P+, TS-112, TS-212 support upwards to 256 network shares simply (including 6 default network shares). The maximum number of ISO image files supported by these models is less than 256 (256 minus half-dozen default shares minus number of network recycle bin folders).
Follow these steps to mount an ISO file on the NAS using the spider web interface:
| 1. | Log into the NAS as an ambassador. Go to "Share Folders" > "Create". Click "Create an ISO Share". |
| ii. | Select an ISO image file on the NAS. Click "Next". |
| 3. | The prototype file will be mounted equally a shared folder of the NAS. Enter the binder name. |
| 4. | Specify the access rights of NAS users or user groups to the shared folder. You can also select "Deny Admission" or "Read but" for the invitee access right. Click "Next". |
| v. | Confirm the settings and click "Next". |
| 7. | Subsequently mounting the prototype file, yous can specify admission rights for users over different network protocols such every bit SMB, AFP, NFS, and WebDAV past clicking the Access Permission icon in the "Action" column. |
The NAS supports mounting ISO image files using File Station. Refer to the File Station chapter for more details.
Note:
| • | ARM-based NAS models do not back up using Cyrillic characters for the name of a subfolder in an ISO shared folder (the name will be incorrectly displayed if a subfolder is created with a Cyrillic name.) Please proper name the subfolder with a unlike language before an ISO file is created. |
| • | For Mac OSX, mounting a binder that contains the # character in the folder name through WebDAV is not supported. Please rename the binder before mounting it if necessary. |
Folder Aggregation
You tin can aggregate the shared folders on Microsoft network equally a portal folder on the NAS and let NAS users access the folders through your NAS. Up to ten folders can be linked to a portal folder. To use this function, follow these steps:
| i. | Enable folder aggregation. |
| 2. | Click "Create a Portal Folder". |
| 3. | Enter the portal folder name. Select to hide the folder or not, and enter an optional annotate for the portal folder. Select the option "User must login before accessing the portal folder" to avoid invitee access and permission issues on the shared folders. |
| 4. | Click the "Link Configuration" push button under "Action" and enter the remote folder settings. Make sure the folders are open for public access. |
| 5. | Upon successful connectedness, you can connect to the remote folders through the NAS. |
Note:
| • | Folder Aggregation is only supported in Microsoft networking service and is recommended for a Windows Advert environment. |
| • | If there is permission command on the folders, you lot demand to bring together the NAS and the remote servers to the same Ad domain. |
Advanced Permissions
"Advanced Folder Permissions" and "Windows ACL" provide subfolder and file level permissions control. They can exist enabled independently or together.
| Protocols | Permission | Options | How to Configure |
| Advanced Folder Permissions | FTP, AFP, File Station, Samba | 3 (Read, Read & Write, Deny) | NAS web UI |
| Windows ACL | Samba | xiii (NTFS permissions) | Windows File Explorer |
| Both | FTP, AFP, File Station, Samba | Please see the application notation (https://world wide web.qnap.com/i/en/trade_teach/con_show.php?op=showone&cid=6) for more details. | Windows File Explorer |
Advanced Folder Permissions
Use "Advanced Folder Permissions" to directly configure subfolder permissions on the NAS. At that place is no depth limitation for subfolder permission, only it is highly recommended to only change permissions on the first or 2nd subfolder level. When "Advanced Folder Permissions" is enabled, click "Folder Permissions" under the "Shared Folders" tab to configure subfolder permission settings. See Shared Folders" > "Binder Permission of this section for details.
Windows ACL
Use "Windows ACL" to configure the subfolder and file level permissions from Windows File Explorer. All Windows Permissions are supported. For detailed Windows ACL behavior, delight refer to standard NTFS permissions: http://www.ntfs.com/ntfs-permissions.htm
| • | To assign subfolder and file permissions to a user or a user group, total control share-level permissions must exist granted to the user or user group. |
| • | When Windows ACL is enabled when "Advanced Folder Permissions" is disabled, subfolder and file permissions will only have consequence when accessing the NAS from Windows File Explorer. Users connecting to the NAS via FTP, AFP, or File Station volition only accept share-level permissions. |
| • | When Windows ACL and Advanced Binder Permissions are both enabled, users cannot configure Advanced Folder Permissions from the NAS. Permissions (Read only, Read/Write, and Deny) of Advanced Folder Permissions for AFP, File Station, and FTP will automatically follow Windows ACL configuration. |
| © 2022 QNAP Systems, Inc. All Rights Reserved. | | |
0 Response to "Set Drive to Read Only, User Still Able to Write to Subfolder Qnap"
Post a Comment