Installing Samba Server on Windows Server 2016
File Server
Manages file shares and enables users to access files on this computer from the network. file shares that use the Server Message Block (SMB) protocol,
File Server Resource Manager
Helps you manage and understand the files and folders on a file server by scheduling file management tasks and storage reports, classifying files and folders, configuring folder quotas, and defining file screening policies.
Table of Contents
Install File Server & File Server Resource Manager(GUI)
To install a Samba server on Windows Server 2016, follow these steps:
Start Server Manager and click "Add Roles and Features".
Click "Next" to the "Server Roles" page.
Select File and Storage Services and click Next.
Select "File and iSCSI Services" and click "Next".
安装成功后,系统应该启动LanManServer
启用SMB共享服务
# 1.1 检查SMB功能状态
Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol-Client
Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol-Server
# 1.2 启用SMB功能(建议使用SMB2/3)
Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -All
Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol-Client -All
Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol-Server -All
# 1.3 启用网络发现和文件共享
Set-NetFirewallRule -DisplayGroup "网络发现" -Enabled True
Set-NetFirewallRule -DisplayGroup "文件和打印机共享" -Enabled True
# 1.4 创建专用网络配置文件
Set-NetConnectionProfile -NetworkCategory Private
Windows SMB配置
@echo off
REM windows_smb_setup.bat - Windows SMB高级配置
chcp 65001 >nul
echo ====================================
echo Windows SMB共享配置工具
echo ====================================
echo.
REM 1. 创建共享用户
echo [1/5] 创建共享用户...
net user phoneaccess P@ssw0rd123 /add /comment:"手机访问账户" /fullname:"Phone Access"
net localgroup "Users" phoneaccess /add
echo [2/5] 配置共享权限...
REM 设置共享用户对C盘的只读权限
icacls C:\ /grant phoneaccess:(OI)(CI)R /T
REM 创建专用共享目录
mkdir C:\PhoneShare 2>nul
mkdir C:\PhoneShare\Documents 2>nul
mkdir C:\PhoneShare\Media 2>nul
mkdir C:\PhoneShare\Downloads 2>nul
REM 设置目录权限
icacls C:\PhoneShare /grant phoneaccess:(OI)(CI)F /T
icacls C:\PhoneShare /grant "Everyone":(OI)(CI)R
echo [3/5] 配置共享文件夹...
REM 共享整个驱动器(谨慎使用)
net share CShare=C:\ /grant:phoneaccess,READ /remark:"C盘只读共享"
REM 共享专用目录
net share PhoneShare=C:\PhoneShare /grant:phoneaccess,FULL /remark:"手机专用共享"
net share Documents=C:\PhoneShare\Documents /grant:phoneaccess,FULL
net share Media=C:\PhoneShare\Media /grant:phoneaccess,FULL
echo [4/5] 配置SMB安全设置...
powershell -Command "Set-SmbServerConfiguration -EnableSMB1Protocol \$false -Force"
powershell -Command "Set-SmbServerConfiguration -EnableSMB2Protocol \$true -Force"
powershell -Command "Set-SmbServerConfiguration -AuditSmb1Access \$true -Force"
REM 启用SMB签名(增强安全)
powershell -Command "Set-SmbServerConfiguration -RequireSecuritySignature \$true -Force"
powershell -Command "Set-SmbServerConfiguration -EnableSecuritySignature \$true -Force"
echo [5/5] 配置防火墙规则...
REM 允许SMB端口(445)
netsh advfirewall firewall add rule name="SMB Access" dir=in action=allow protocol=TCP localport=445
netsh advfirewall firewall add rule name="SMB Access" dir=out action=allow protocol=TCP localport=445
REM 允许NetBIOS端口(137-139)
netsh advfirewall firewall add rule name="NetBIOS" dir=in action=allow protocol=TCP localport=137-139
netsh advfirewall firewall add rule name="NetBIOS" dir=out action=allow protocol=TCP localport=137-139
echo.
echo ====================================
echo 配置完成!
echo ====================================
echo 共享信息:
echo 地址: \\%COMPUTERNAME%
echo 或: \\%IP地址%
echo 用户名: phoneaccess
echo 密码: P@ssw0rd123
echo 共享文件夹: \\%COMPUTERNAME%\PhoneShare
echo ====================================
echo.
REM 显示IP地址
ipconfig | findstr IPv4
pause