[Notification] We're upgrading the JumpCloud Support Center the week of September 16th.

Support Center

Managing Shared NTFS Folders with Local Accounts

Managing a file server using JumpCloud is very similar to managing permissions with Active Directory. The main difference is that the JumpCloud agent is deployed on the file server to maintain local accounts, instead of granting permissions via domain accounts.  Access to a given folder is granted by defining local groups, then adding the local user to the appropriate local group.


  • A Windows file server. This official Microsoft article will walk you through the process of deploying a Network File System.
    • NOTE: You can deploy either a NFS or SMB file share. NFS is used in this example because it will support both Windows and *nix shares.
  • A target computer.

For this example, we’ll take the following actions:

  • Install the JumpCloud agent on the file server and a client system
  • Provision a local account to both systems
  • Create a local group and define folder permissions on the share
  • Add the user to a local group on the file server, optionally using a script via Commands
  • Access the share via UNC path, a persistent mapped drive, and the Finder is OS

1) Installing the JumpCloud agent

JumpCloud provides multiple methods with which you can install the Agent to your local system. If you currently use configuration management software like SCCM or JAMF, you can leverage them to deploy and install the Agent to your environment. You can also automate the installation process in other ways, such as this example using PowerShell.

2) Provision Local Accounts

In order to grant access to this system for our test user, we'll need to bind the user to the system resource. If you're unfamiliar with binding users to resources, please have a look at this article to learn more about resource binding.

3) Create a Local Group and Define Permissions

Now let's define a specific group that will have explicit access to this share. Run the following PowerShell command to create a new group:

New-LocalGroup -Name "TestGroup"

Then, we'll run this command to create a new directory:

New-Item -Path "c:\" -Name "test-share" -ItemType "directory"

Finally, we'll create the share itself based on this new directory, and grant both our new test group and the local administrators group access to it:

New-SmbShare -Name "TestShare" -Path "C:\test-share" -FullAccess "LocalTest\Administrator", "LocalTest\TestGroup"

4) Add the User to a Local Group

In order to add our user to our new test group, we'll be leveraging the Commands feature in the JumpCloud console. Navigate to the Commands tab in the console and create a new command. Run the following PowerShell command against the target system:

Add-LocalGroupMember -Group "TestGroup" -Member "TestUser"

The command will take at least 60 seconds to complete. Once it has completed, you can verify the group membership of the user on the local system.

5) Accessing the Share

On a Windows system, accessing the share is as simple as navigating to the network directory itself. Based on the examples above, our network share in this case would be \\LocalTest\test-share\

For Mac systems, open the Finder and press ⌘+K to access the Connect to Server dialogue, then type smb://LocalTest/test-share/ and you'll be prompted to authenticate. Once authenticated, you'll have access to the share.

Voila! You now have a new share. Depending on how often new shares are created, you can automate their creation by leveraging our Commands feature plus our General Access API.

Last Updated: Jul 12, 2018 02:54PM MDT

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found