Windows file sharing lets another computer connect to a folder on your VPS using SMB. Use it when you specifically need a Windows network share, for example to move files from another Windows machine or to let a trusted office PC access a folder.
For one-off uploads, Remote Desktop copy and paste, SFTP, or a temporary download link is usually simpler and safer. If you do use SMB, only allow the IP addresses that need access and remove the share when you are finished.
- Decide which folder you want to share. In this example the folder is
C:\Share. - Create a separate Windows user for the share. Open PowerShell as Administrator and run:
net user ShareUser StrongPasswordHere /add
Do not use the main Administrator account for routine file sharing.
- Create the folder if it does not already exist:
New-Item -ItemType Directory -Path C:\Share
- Give the share user permission to the folder. This example allows the user to add, edit, and remove files inside the share:
icacls C:\Share /grant ShareUser:(OI)(CI)M
If the user only needs to download files, give read-only access instead:
icacls C:\Share /grant ShareUser:(OI)(CI)R
- Create the SMB share. This example creates a password-protected share named Share and gives
ShareUserchange access:New-SmbShare -Name "Share" -Path "C:\Share" -ChangeAccess "ShareUser"
For a read-only share, use
-ReadAccessinstead of-ChangeAccess. - Allow SMB through Windows Firewall from trusted IP addresses only. SMB uses TCP port
445. ReplaceTRUSTED_PUBLIC_IPwith the public IP address that should be allowed to connect:New-NetFirewallRule -DisplayName "SMB from trusted IP" -Direction Inbound -Protocol TCP -LocalPort 445 -RemoteAddress TRUSTED_PUBLIC_IP -Action Allow
If more than one IP needs access, separate them with commas. Do not open TCP
445to all IP addresses. - If your VPS has a panel firewall as well, add the same TCP
445allow rule there. Keep the source limited to the same trusted IP addresses. - Connect from the other Windows computer. Open File Explorer and enter:
\\VPS_IP_ADDRESS\Share
When Windows asks for credentials, sign in with the share user you created, for example
ShareUser. - Check the share exists if you need to confirm it from the VPS:
Get-SmbShare
- Remove the share when it is no longer needed:
Remove-SmbShare -Name "Share"
- Remove the firewall rule as well:
Remove-NetFirewallRule -DisplayName "SMB from trusted IP"
Leaving SMB open to the internet is unsafe and will attract automated scans. Keep shares temporary, password protected, and limited to trusted source IP addresses.
