I've run several searches, here, here and here including many replies on SE to try and address a simple question:

In a Windows NTFS only environment, if I wanted to use NTFS alone to share folders on a LAN, could I do that?

None of the results I found seem to address this question. Microsoft's documentation does not address the question either - From Share and NTFS Permissions on a File Server (emphasis mine):

Access to a folder on a file server can be determined through two sets of permission entries: the share permissions set on a folder and the NTFS permissions set on the folder (which can also be set on files). Share permissions are often used for managing computers with FAT32 file systems, or other computers that do not use the NTFS file system.

Share permissions and NTFS permissions are independent in the sense that neither changes the other. The final access permissions on a shared folder are determined by taking into consideration both the share permission and the NTFS permission entries. The more restrictive permissions are then applied.

The sentences in bold are confusing. For instance, if Share permissions are often used for managing computers with FAT32 file systems does this not imply that, in a NTFS-only environment, I don't need Share permissions and I can rely on NTFS permissions only?

A similar question was posted on TechNet 8 years ago but most answers just revert to the Microsoft document above, with the exception of one answer, which seems to suggest it is possible to use NTFS only:

With ntfs permissions you need to know the path to the directory and have rights to that directory. Please also note with a standard windows server install all server drives have a default administrative share (c$, d$,e$ etc). So for example for a secure security model i would do the following:

  1. Delete all administrative shares (c$, d$ etc.)
  2. Remove everyone from the directories with user data
  3. Now go back and set ntfs security for the directories in concern (more complicated than stated here)
  4. Map drive letters on user workstations using login scripts or group policies.

Now users have access to their appropriate directories on the server but cannot browse the server for share names.

The problem is, that answer does not detail how to go about "using login scripts or group policies", exactly .

  • 2
    I think it was OldNewThing who wrote that "share permissions" are mainly a relic of pre-NTFS days, and you could just as well rely on NTFS permissions alone and set share permissions to Everyone:F. Commented Aug 2, 2020 at 10:53
  • 1
    networking release of a folder is different from disk access permissions - for a successful sharing you need both layers
    – alecxs
    Commented Aug 2, 2020 at 11:26
  • @user1686 this would contradict the accepted answer that it cannot be done. Is there a way to attract the attention of this user you mention to clarify?
    – Dave White
    Commented Aug 2, 2020 at 11:35
  • 1
    It does not, because half your question is about relying on NTFS permissions when sharing via SMB, yet the other half is about using NTFS itself as a file-sharing mechanism. Greg is answering the latter part: even though NTFS is still involved, it is not a LAN file-sharing mechanism by itself. Commented Aug 2, 2020 at 15:02
  • 2
    you need both - it's just a question of which one is the more restrictive, i can't see a contradiction. windows has a simple-sharing-setting where both is managed with one click (explorer settings) if you disable that feature, you can play with each one on it's own and see what happens
    – alecxs
    Commented Aug 2, 2020 at 15:40

4 Answers 4


NTFS, like ext4, are partition file systems. They only operate on the local computer. You need to “share” a folder in order to make it accessible outside the local computer.

Further to that, when sharing via Windows (or Samba), the share permissions also apply. If you’re granted access via the share, you still need access via the underlying file system’s security.


The confusion is caused by your using old and new Microsoft documentation, where both are badly worded.

NTFS has a permissions model, while the ancient FAT32 does not.

In NTFS, files/folders can have permissions. A network share can also have permissions. But one does not imply the other, as both are entirely separate.

To access a file folder residing in a network share for an NTFS file-system, two checks are done, in order:

  1. Network check : To verify if the presented network credentials have the necessary access permissions to the share. And if they pass -
  2. NTFS check : Windows verifies the NTFS permissions needed for accessing the file or folder.

Both checks need to succeed in order to gain access.

(I note that deleting administrative shares has nothing to do with the above. It might be a good idea (or bad one, depending) if your local network environment is hostile.)

  • Sorry if I am being completely dense: A network check to verify network permissions/credentials <-- does this mean I must use the Share facility, combined with NTFS permissions?
    – Dave White
    Commented Aug 2, 2020 at 10:09
  • Files/folders cannot be created on NTFS without them being assigned some local permissions, even by default. In the same way, a network share cannot be created without access permissions, even if all they are is only full-control for the Everyone group. There is no Share utility as such.
    – harrymc
    Commented Aug 2, 2020 at 10:19
  • 1
    @DaveWhite NTFS is a file system. You need to “share” it via a file share to have it accessible outside the local computer.
    – Greg W
    Commented Aug 2, 2020 at 10:25
  • @GregW ok, so we're saying, the answer to my original question is no.
    – Dave White
    Commented Aug 2, 2020 at 10:27
  • 2
    Note that this discrepancy in permissions is a regular point of confusion for people new to the concept of Windows file shares. It's technically possible to have such a discrepancy in other file sharing protocols like AFP and NFS (nothing mandates they must use the underlying permissions on the filesystem), but in practice Windows is the only system that lets you configure shares like that. Commented Aug 2, 2020 at 19:26

You ask two questions, so there are two answers:

In a Windows NTFS only environment, if I wanted to use NTFS alone to share folders on a LAN, could I do that?

No. NTFS is only a disk layout and not a network protocol. You will always need something like SMB (built-in Windows file sharing) or SFTP to make the files accessible over the network.

The sentences in bold are confusing. Fos instance, if Share permissions are often used for managing computers with FAT32 file systems does this not imply that, in a NTFS-only environment, I don't need Share permissions and I can rely on NTFS permissions only?

Yes. Share permissions are optional to use – you can just set them to "Everyone: Full control" at share level. (NTFS permissions will always be honored, and access is only granted if both mechanisms allow it.)

More or less, SMB share permissions only exist because they already existed in Windows 98 (e.g.), which did not have NTFS nor filesystem level permissions.

with the exception of one answer, which seems to suggest it is possible to use NTFS only:

It does not suggest that! It suggests that it is possible to use NTFS permissions only (instead of SMB share-level permissions), but it does not say anything about NTFS performing all the other functions of SMB, namely, actual network communications.

  • Fair enough. Thank you.
    – Dave White
    Commented Aug 3, 2020 at 8:13
  • 1
    The only answer that really goes into the vital difference between the two technologies interplaying in the question; NTFS and SMB
    – Caius Jard
    Commented Aug 3, 2020 at 12:39

You seem to be asking this question:

Can I access files on ComputerA from ComputerB without sharing them because the files are on NTFS?

The answer is no.

A caveat is that Windows generally has administrative shares accessible for drives such as \\mycomputer\c$ for the C: drive available to administrators without you having to manually create a share, but the files are really 'being shared' and you're using shares (just built-in ones) so that doesn't count.

The sharing (including administrative shares) is what allows access from other computers. NTFS is just a file system organizing data on your hard drive. When you want to connect to Computer A from Computer B, it needs to connect over the network. That process is called sharing.

A lot of what you are linking to seems to be about permissions. NTFS has a built-in permissions system while FAT32 does not. So if you use FAT32 the only protection you have is by controlling who has access to the share.

Let's call you 'Alice' and your computer 'ComputerA' and your friend 'Bob' and his computer 'ComputerB'. On your ComputerA you have a drive D: that is FAT32 and these directories:

  • D:\Data\Public - things you want to share with Bob
  • D:\Data\Private - things you don't want Bob to see

If you want to keep Bob from seeing the Private folder then you must not give him access to any share containing that folder. You could share the Public folder with access for Everyone and share the Private folder restricting access to your own account. If you shared the Data folder with Bob then there's nothing keeping him from looking in the Private folder because FAT32 lacks permissions.

If you are using NTFS however, you can use the NTFS permission model to protect the Private directory so only your account has access. Now you can just create a 'Data' share for both you and Bob. If you restrict access to the Private folder using NTFS permissions, Bob will be able to see that it exists, but not access it. You can use the same share and access the Private folder because your user has permissions.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .