How to Create a New Network Share in a Batch Script

Creating a network share allows other users on your network to access a specific folder on your computer. While this is often done through the graphical interface, automating this process with a batch script is essential for server configuration, setting up shared resources, or creating user home folders. The standard, built-in command for managing network shares is NET SHARE.

This guide will teach you how to use the NET SHARE command to create a new share, how to grant specific permissions to users, and the critical importance of running the script with administrator privileges.

danger

CRITICAL WARNING: Creating a network share makes a folder on your computer accessible over the network. Incorrectly configuring permissions can expose sensitive data. Always follow the principle of least privilege, granting only the access that is absolutely necessary. This script must be run with full administrator privileges.

The Core Command: `NET SHARE`

The NET SHARE command is the command-line interface for managing shared folders. It can be used to create, view, and delete network shares.

Syntax for Creation: NET SHARE ShareName="C:\Path\To\Folder"

ShareName: The name that the share will have on the network (e.g., PublicData). This is what users will see when they browse the network.
"C:\Path\To\Folder": The full, local path to the folder on your machine that you want to share.

This script creates a new share named Public that points to the C:\Public folder. By default, this creates a share with read-only permissions for the "Everyone" group.

@ECHO OFF
REM This script MUST be run as an Administrator.

SET "ShareName=Public"
SET "SharePath=C:\Public"

ECHO --- Creating a new network share ---
ECHO.
ECHO Creating the local folder...
MKDIR "%SharePath%" 2>NUL

ECHO Sharing "%SharePath%" as "%ShareName%"...
NET SHARE %ShareName%="%SharePath%"

IF %ERRORLEVEL% EQU 0 (
    ECHO [SUCCESS] The share was created successfully.
) ELSE (
    ECHO [FAILURE] An error occurred. Errorlevel: %ERRORLEVEL%
)

note

After running this, other users on the network can access this folder at \\YourComputerName\Public.

Controlling Access with Permissions (`/GRANT`)

A public, read-only share is rarely what you want. The /GRANT switch is essential for assigning specific permissions to users or groups.

Syntax: NET SHARE ShareName="Path" /GRANT:UserOrGroup,Permission

/GRANT:User,Permission: The key switch for setting permissions.
UserOrGroup: The name of a user or group (e.g., Alice, Administrators, Authenticated Users).
Permission: The level of access to grant. The three levels are:
- READ: Allows users to open and read files.
- CHANGE: Allows users to read, change, and delete files.
- FULL: Allows users to do everything, including changing the permissions on the files.

Let's see an example of script with permissions: this script creates a share named Projects and gives the "ProjectLeads" group full control.

@ECHO OFF
REM Run as Administrator.
NET SHARE Projects="C:\Data\Projects" /GRANT:ProjectLeads,FULL

You can grant permissions to multiple users by using the /GRANT switch multiple times:

NET SHARE Reports="C:\Data\Reports" /GRANT:Managers,CHANGE /GRANT:Analysts,READ

Key `NET SHARE` Parameters Explained

ShareName="Path": The core syntax for creating a share.
/GRANT:User,Permission: Sets the share-level permissions.
/USERS:<number> or /UNLIMITED: Sets the maximum number of simultaneous users.
/REMARK:"Comment": Adds a descriptive comment to the share.
/DELETE: Deletes an existing network share. (NET SHARE ShareName /DELETE)

Common Pitfalls and How to Solve Them

Problem: "System error 5 has occurred. Access is denied."

This is the most common error and it means your script does not have sufficient privileges to create a share.

Solution: You must run the script as an Administrator. Right-click your .bat file or cmd.exe and select "Run as administrator." There is no alternative.

This is a critical security concept. Windows has two layers of permissions that are checked when a user accesses a file over the network:

Share Permissions (NET SHARE /GRANT): The first gatekeeper. This controls the maximum level of access a user can have through the network share.
NTFS Permissions (File System): The second gatekeeper. This controls the actual access to the files and folders on the hard disk.

When a user connects, the most restrictive of the two permissions applies. For example, if you grant a user FULL control on the share, but they only have Read permissions on the NTFS files, they will only be able to read the files.

note

Best Practice: For simplicity and security, it is a common practice to set the Share Permissions to be very permissive (e.g., Authenticated Users,FULL) and then control access with fine-grained NTFS Permissions using the ICACLS command.

This script automates the creation of a private home folder for a new user, setting both the share and the necessary NTFS permissions.

@ECHO OFF
SETLOCAL
REM This script must be run as an Administrator.

SET "NewUser=Bob"
SET "HomeFoldersRoot=C:\Users\HomeFolders"
SET "UserHomeFolder=%HomeFoldersRoot%\%NewUser%"

ECHO --- Creating Home Share for user '%NewUser%' ---
ECHO.
ECHO Creating user's home folder...
MKDIR "%UserHomeFolder%"

ECHO Step 1: Setting restrictive NTFS permissions...
REM Remove inherited permissions and grant exclusive access.
ICACLS "%UserHomeFolder%" /inheritance:r
ICACLS "%UserHomeFolder%" /grant:r Administrators:F SYSTEM:F %NewUser%:F

ECHO Step 2: Creating the hidden network share...
REM The '$' at the end of the share name makes it a hidden share.
NET SHARE "%NewUser%$"="%UserHomeFolder%" /GRANT:%NewUser%,FULL /GRANT:Administrators,FULL

ECHO.
ECHO [SUCCESS] Home share for %NewUser% created at \\%COMPUTERNAME%\%NewUser%$

ENDLOCAL

Conclusion

The NET SHARE command is the definitive tool for creating and managing network shares from a batch script.

For reliable and secure share management:

Always run your script as an Administrator.
Use the syntax NET SHARE ShareName="Path" to create the share.
Use the /GRANT:User,Permission switch to set share-level permissions.
Remember the principle of "most restrictive applies" and manage both Share and NTFS permissions for a complete security model.

By mastering NET SHARE, you can automate a key part of Windows server and network administration.

The Core Command: NET SHARE​

Basic Example: Creating a Simple Share​

Controlling Access with Permissions (/GRANT)​

Key NET SHARE Parameters Explained​

Common Pitfalls and How to Solve Them​

Problem: "System error 5 has occurred. Access is denied."​

Understanding Share Permissions vs. NTFS Permissions​

Practical Example: A Script to Create a User's Home Share​

Conclusion​

Table of Contents

The Core Command: `NET SHARE`

Basic Example: Creating a Simple Share

Controlling Access with Permissions (`/GRANT`)

Key `NET SHARE` Parameters Explained

Common Pitfalls and How to Solve Them

Problem: "System error 5 has occurred. Access is denied."

Understanding Share Permissions vs. NTFS Permissions

Practical Example: A Script to Create a User's Home Share

Conclusion