Setup Volume Shares

Setup Volume Labels	Manual Install	Setup No Drive Indexing Next

FineBuild can set up shares for local volumes needed for SQL Server.

FineBuild sets up volume shares and permissions to make it easier for the DBA to navigate to the desired volume on a database server from the SQL Administration Server. The labels used to Setup Volume Labels are also used as the volume share names.

Permissions for shares always have to be assigned on the server to which the share relates. This is because permissions for shares cannot be assigned by a GPO.

It is recommended that you Install Access Based Enumeration to prevent users finding the names of shares they do not have access to. If access-based enumeration is not used then the share names should not include the drive letters, as these could help an outsider understand the server configuration.

The share permissions are set up on the basis that:

Permissions on shares should be kept as simple as possible. A complex list of permissions on a share is both difficult to manage and audit, and can give a misleading sense of security.
Windows controls access to the server via membership of the local User group. Restricting membership of this group in Setup No Windows Global Access is a key part of overall server security.
If a user has been granted access to the server, then they can navigate to the location specified by the share regardless of the permissions on the share. Access to data on the server can only be controlled by permissions to the relevant files and folders.

Therefore, there is no benefit in having a permissions list on any share that is more complex than that shown below:

Volume Letter	Label	Share Name	Permission	User / Group
C:	System	(C) System	Full Control	(local) Administrators
			Change	(local) Users
E:	Tools	(E) Tools	Full Control	(local) Administrators
			Change	(local) Users
F:	FT Data	(F) FT Data	Full Control	(local) Administrators
			Change	(local) Users
I:	Backup	(I) Backup	Full Control	(local) Administrators
			Change	(local) Users
J:	SQL Logs	(J) SQL Logs	Full Control	(local) Administrators
			Change	(local) Users
K:	SQL Data	(K) SQL Data	Full Control	(local) Administrators
			Change	(local) Users
T:	Temp	(T) Temp	Full Control	(local) Administrators
			Change	(local) Users

FineBuild Volume Shares Processing

Processing of Volume Shares relates to Process Id 1FA in the FineBuild1Preparation script, and is controlled by the parameter below:

SQL Version	Parameter	FULL Build	WORKSTATION Build	CLIENT Build
SQL2019	/SetupShares:	Yes	Yes	Yes
SQL2017	/SetupShares:	Yes	Yes	Yes
SQL2016	/SetupShares:	Yes	Yes	Yes
SQL2014	/SetupShares:	Yes	Yes	Yes
SQL2012	/SetupShares:	Yes	Yes	Yes
SQL2008R2	/SetupShares:	Yes	Yes	Yes
SQL2008	/SetupShares:	Yes	Yes	Yes
SQL2005	/SetupShares:	Yes	Yes	Yes

FineBuild will use the labels used to Setup Volume Labels to also set up the drive share names.

Top

Manual Setup Volume Shares Processing

The following steps show what you would have to do to setup Volume Shares manually. FineBuild does all of this work for you automatically.

Right-click on each volume letter and select Properties
Click on the Sharing tab

Click on Share this folder and then click on New Share
Set the share name as shown in the above table

For example (K) SQL Data, then click on Permissions
Remove the entry for Everyone

Click on Add to set up the desired share permissions
If the list of objects does not include Groups, click on Object Types
Select the Groups object type

Click OK to continue
Click on Locations

Set the location to be the current server
Add the required permissions entries

Add entries for the local server Administrators and the local server Users groups

Click Check Names, then click OK to continue
Assign Full Control permissions to the Administrators group
Assign Change permissions to the Users group
Click OK to exit from the Permissions window