Managing a file server using JumpCloud is very similar to managing permissions with Active Directory. The main difference is that the JumpCloud agent is deployed on the file server to maintain local accounts, instead of granting permissions via domain accounts. Access to a given folder is granted by defining local groups, then adding the local user to the appropriate local group.
- A Windows file server. See Microsoft’s documentation to walk you through the process of deploying a Network File System.
- Note: You can deploy either a NFS or SMB file share. NFS is used in this example because it will support both Windows and *nix shares.
- A target computer.
For this example, we’ll take the following actions:
- Install the JumpCloud agent on the file server and a client system.
- Provision a local account to both systems.
- Create a local group and define folder permissions on the share.
- Add the user to a local group on the file server, optionally using a script via Commands.
- Access the share via UNC path, a persistent mapped drive, and the Finder is OS.
Install the JumpCloud Agent
JumpCloud provides multiple methods with which you can install the Agent to your local system: Install the Agent.
If you currently use configuration management software like SCCM or JAMF, you can leverage them to deploy and install the Agent to your environment. You can also automate the installation process in other ways: Install the Agent from Command Line.
Provision Local Accounts
In order to grant access to this system for our test user, we'll need to bind the user to the system resource. If you're unfamiliar with binding users to resources, see Connect New Users to Resources.
Create a Local Group and Define Permissions
Now let's define a specific group that will have explicit access to this share. Run the New-LocalGroup PowerShell command to create a new group:
New-LocalGroup -Name "TestGroup"
Then, we'll run the New-Item command to create a new directory:
New-Item -Path "c:\" -Name "test-share" -ItemType "directory"
Finally, we'll create the share itself based on this new directory with the New-SmbShare command, and grant both our new test group and the local administrators group access to it:
New-SmbShare -Name "TestShare" -Path "C:\test-share" -FullAccess "LocalTest\Administrator", "LocalTest\TestGroup"
Add the User to a Local Group
In order to add our user to our new test group, we'll be leveraging the Commands feature in the JumpCloud Admin Portal. Navigate to Commands and create a new command. Run the Add-LocalGroupMember PowerShell command against the target system:
Add-LocalGroupMember -Group "TestGroup" -Member "TestUser"
The command will take at least 60 seconds to complete. Once it has completed, you can verify the group membership of the user on the local system.
Access the Share
On a Windows system, accessing the share is as simple as navigating to the network directory itself. Based on the examples above, our network share in this case would be \LocalTest\test-share\.
For Mac systems, open the Finder and press ⌘+K to access the Connect to Server dialogue, then type
smb://LocalTest/test-share/ and you'll be prompted to authenticate. Once authenticated, you'll have access to the share.
Voila! You now have a new share. Depending on how often new shares are created, you can automate their creation by leveraging our Commands feature plus our API: