πŸ”οΈ Best Practices to Setup File Server in Windows Server 2025

Posted on by

Published on: Maharjan-Tech
Author: MAHARJAN | System Engineer
Category: Windows Server / File Services / IT Infrastructure
Estimated Reading Time: 8 mins

πŸ”° Introduction

In many organizationsβ€”banks, insurances, hospitals, colleges, and other companiesβ€”a centralized and secure file-sharing system is critical. With Windows Server 2025, Microsoft has improved performance, security, and management tools that are ideal for modern file server environments.

This blog walks you through step-by-step deployment and best practices to set up a File Server tailored for country-based infrastructure, considering network conditions, security compliance, and administrative simplicity.

🧱 Why a File Server?

A File Server allows central management of:

  • Department-wise data
  • Permission-based file sharing
  • Secure backup & audit logs
  • Shadow copy for accidental deletions
  • Storage quotas and file screening

πŸ”§ Step-by-Step Deployment Guide

βœ… Step 1: Prepare the Server Environment

  • OS: Install Windows Server 2025
  • IP: Assign a Static IP
  • Domain: Join to your Active Directory Domain (e.g., maharjan.local)
  • Drive Partition: Use a dedicated partition (e.g., D: or E:) for file shares
  • Update: Install all latest patches via Windows Update

βœ… Step 2: Install File Server Role

  1. Open Server Manager
  2. Click Add Roles and Features
  3. Select:
    • File and iSCSI Services β†’ Check File Server
    • (Optional) FSRM,DFS
  4. Complete installation and reboot if required
RolesDescriptions
File Server File server manages shared folders and enables users to access files on this computer from the network.
File Server Resource Manager (FSRM)FSRM helps you manage and understand the files and folders on a file server by scheduling file management tasks and storage reports, classifying files and folders, configuring folder quotas, and defining file screening policies.
DFS NamespacesIt enables you to group shared folders located on different servers into one or more logically structured namespaces.

βœ… Step 3: Folder Structure & Sharing

File Server Folder Design Structure

E:\FILESERVER-CENTRALIZED-DATA\

 β”œβ”€ BRANCHES\ β†’ [KATHMANDU-BRANCH, BHAKTAPUR-BRANCH, BUTWAL-BRANCH, POKHARA-BRANCH, LUMBINI-BRANCH]

 β”œβ”€ HEAD-OFFICES\DEPARTMENTS\ β†’ [ADMIN, FINANCE, HR, IT, PROCUREMENT, MARKETING, LEGAL]

 β””─ PUBLIC-SHARE-HUBS\ β†’ [Educational-Videos, Notices-2025, Reports]

In the above design structure, the Head-Offices and Branches folders contain multiple subfolders, each requiring specific access and permissions for their respective groups (i.e., branches or departments). However, the Public-Share-Hubs folder should be accessible to all users with read-only permission.

Steps to Share:

  1. Right-click the folder β†’ Properties β†’ Sharing
  2. Click Advanced Sharing
  3. Share name: Finance, IT, etc.
  4. Permissions:
    • Remove Everyone
    • Add domain security groups (e.g., Finance-Groups, IT-Groups)

NTFS Permissions (Security Tab):

  • Finance-Groups β†’ Modify
  • Domain Admins β†’ Full Control
  • Remove Authenticated Users if not needed

Note: For each Department and Branch folder, configure sharing access by adding the respective security groups. Assign NTFS permissions according to each group’s access requirements. Additionally, include a dedicated admin group with full privileges to manage and maintain the folders.

βœ… Step 4: Enable Access-Based Enumeration (ABE)

Hide folders users can’t access:

  • Open Server Manager β†’ File and Storage Services β†’ Shares
  • Edit the share β†’ Go to Settings
  • Tick Enable access-based enumeration

βœ… Step 5: Enable Shadow Copies (Previous Versions)

  1. Right-click on E: β†’ Configure Shadow Copies
  2. Select the volume β†’ Enable
  3. Set schedule: e.g., every 1 hour
  4. Inform users they can right-click > Previous Versions to restore files

βœ… This helps avoid unnecessary ticket requests and restores files deleted mistakenly.

βœ… Step 6: Implement Quotas and File Screening (FSRM)

Install File Server Resource Manager (FSRM) for:

  • Quotas (e.g., FINANCE share max 100MB)
  • Blocking files (e.g., .exe, .mp3, .torrent)

Steps:

  1. Open FSRM Console
  2. Create Quota β†’ Select path (e.g., E:\FILESERVER-CENTRALIZED-DATA\HEAD-OFFICE\DEPARTMENTS\FINANCE)
  3. Create File Screen β†’ Block unwanted file types

πŸ“Œ Tip: Especially useful for schools and finance departments in Nepal to maintain storage hygiene.

βœ… Step 7: Map Network Drives via GPO

For user drive mapping:

  1. Open Group Policy Management
  2. Create a GPO: DEPARTMENT-MAPDRIVE-GPO
  3. Edit GPO:
    • User Configuration β†’ Preferences β†’ Drive Maps
    • Location: \\\Ws2k25-sfb19\finance
    • Drive Letter: D:
    • Use Item-Level Targeting β†’ Target HRTeam group

Note: I did not get drive mapped of Finance dept. due to conflict of drive letter. So, i changed to another letter and try again.

βœ… Step 8: Test the GPO

Note: The drive mapping policy has been successfully applied. It is observed that the Finance department’s mapped drive displays a total size of 100 MB, reflecting the quota limit previously assigned. In contrast, the Public-Share-Hubs mapped drive shows the full 20 GB, which corresponds to the total volume size since no quota has been configured for that folder.

Also checked: The features for Previous Versions, File Screening, and Access-Based Enumeration (ABE) have been successfully reviewed and verified. These features are functioning as expected, enhancing data protection, storage control, and user-specific folder visibility.

🏁 Conclusion

With Windows Server 2025, setting up a highly available and secure File Server for Nepalese organizations is easier than ever. By combining core features like ABE, Shadow Copies, FSRM, and GPO mapping, you can ensure streamlined collaboration with data control and user accountability.