For administrators who want to enable a user account to create shares in Windows 10, follow these steps:
- Add the user account to the Power Users administrative group. By default, the Power Users administrative group has the permission to create shares.
- Enable the File and Printer Sharing group in the firewall. When the first user share is created (not counting default shares), the File and Printer Sharing group in the firewall is enabled automatically.
Note If the first user share is created by using a user account that does not have the permission to enable that group, the action fails. You can grant the account permission to the user to allow the user to enable firewall settings. To do this, add the user account to the Network Configuration Operators group.
User Account Control (UAC)
When a user account in Power Users administrative group logs on, two separate access tokens are created for the user: A Standard Users administrative group access token and a Power Users administrative group access token.
By default, Standard Users and Power Users administrative group both access resources and run applications in the security context of the Standard Users administrative group. To use the Power User administrative group access token, run the application in an elevated Command Prompt window by selecting Run as administrator.
The behavior of this window can be configured by using the Local Security Policy snap-in (Secpol.msc) or Group Policy. For example, a power user who opens a Command Prompt window as an administrator can create a share by running the following command:
net share sharename=drive:path