How to Set Up Network File System (NFS) Server on Windows Server 2012 R2
Network File System (NFS) is a distributed file system protocol that allows clients to access files over a network as if those files were stored on a local drive. While SMB is the native Windows protocol for file sharing, NFS is commonly used in heterogeneous environments that include Linux, Unix, and macOS clients. Windows Server 2012 R2 includes Server for NFS, which allows Windows servers to act as NFS export hosts that Linux and Unix clients can mount directly. This guide covers the installation, configuration, and management of NFS Server on Windows Server 2012 R2.
Prerequisites
You need Windows Server 2012 R2 with the File and Storage Services role available. NFS clients (typically Linux or Unix hosts) must be on the same network or a routed network. User and Group Identifier (UID/GID) mapping between Windows and Unix systems must be planned before deployment. If using Identity Mapping, either Active Directory Lightweight Directory Services (AD LDS) or a User Name Mapping server may be required. The Server for NFS role service must be installed, and firewall rules must allow NFS traffic (TCP/UDP ports 111, 2049, and associated RPC ports).
Step 1: Install Server for NFS
Install the Server for NFS role service using PowerShell:
Install-WindowsFeature FS-NFS-Service -IncludeManagementToolsAlso install the NFS client if you need this server to mount NFS exports from other servers:
Install-WindowsFeature NFS-ClientVerify the installation:
Get-WindowsFeature FS-NFS-Service, NFS-Client | Select-Object Name, InstallStateStep 2: Configure NFS Firewall Rules
Open the required firewall ports for NFS communication:
netsh advfirewall firewall add rule name="NFS-Server-TCP" protocol=TCP dir=in localport=2049 action=allow
netsh advfirewall firewall add rule name="NFS-Server-UDP" protocol=UDP dir=in localport=2049 action=allow
netsh advfirewall firewall add rule name="RPC-Portmapper-TCP" protocol=TCP dir=in localport=111 action=allow
netsh advfirewall firewall add rule name="RPC-Portmapper-UDP" protocol=UDP dir=in localport=111 action=allowStep 3: Configure NFS Server Settings
Configure global NFS server settings using the NFS Server configuration commands. Set the NFS server protocol version support and transport settings:
nfsadmin server stop
nfsadmin server config nfsv2=no nfsv3=yes nfsv4=yes
nfsadmin server startConfigure the unmapped user access behavior. When a Unix client connects without a mapped Windows account, you can either grant anonymous access or deny it:
nfsadmin server config mapsvr=ADView current server configuration:
nfsadmin server configStep 4: Set Up User Identity Mapping
Identity mapping allows NFS server to map Unix UIDs and GIDs to Windows user accounts. Windows Server 2012 R2 supports three mapping methods: Active Directory-based mapping, an anonymous mapping using fixed UID/GID, and User Name Mapping service.
For simple environments with anonymous mapping (assigns a fixed Windows identity to all unmapped Unix users), configure the anonymous UID and GID:
nfsadmin server config unmappeduid=65534 unmappedgid=65534For Active Directory-based identity mapping (preferred in domain environments), ensure your Unix users have their UID and GID stored in AD attributes. This requires schema extensions and is managed through the AD configuration.
Step 5: Create an NFS Share
Create a folder and share it via NFS. Using PowerShell with the NFS sharing cmdlets:
New-Item -Path "D:NFSSharesLinuxData" -ItemType Directory
New-NfsShare -Name "linuxdata" `
-Path "D:NFSSharesLinuxData" `
-AllowRootAccess $false `
-Authentication sys `
-Permission ReadWrite `
-AccessMode ReadWriteAllow access only to specific client IP addresses or hostnames:
Grant-NfsSharePermission -Name "linuxdata" `
-ClientName "192.168.10.50" `
-ClientType host `
-Permission ReadWrite `
-AllowRootAccess $falseAllow a subnet to access the share:
Grant-NfsSharePermission -Name "linuxdata" `
-ClientName "192.168.10.0/24" `
-ClientType network `
-Permission ReadWrite `
-AllowRootAccess $falseStep 6: Configure NFS Share Permissions
NFS shares have two layers of permissions: NFS export permissions (configured via NFS cmdlets) and NTFS permissions on the underlying folder. Set appropriate NTFS permissions for the anonymous user (BUILTINUsers or the unmapped user account):
$acl = Get-Acl -Path "D:NFSSharesLinuxData"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule(
"Everyone", "Modify", "ContainerInherit,ObjectInherit", "None", "Allow"
)
$acl.SetAccessRule($rule)
Set-Acl -Path "D:NFSSharesLinuxData" -AclObject $aclView current NFS share permissions:
Get-NfsSharePermission -Name "linuxdata"Step 7: Verify NFS Share Is Exported
Confirm the NFS share is listed and available:
Get-NfsShare | Select-Object Name, Path, Authentication, AllowRootAccess, StateUse the showmount command to list exports as Unix clients would see them:
showmount -e localhostStep 8: Mount the NFS Share from a Linux Client
On a Linux client, install NFS client utilities and mount the share:
sudo apt-get install nfs-common
sudo mkdir -p /mnt/winshare
sudo mount -t nfs 192.168.10.20:/linuxdata /mnt/winshare
df -h /mnt/winshareFor a persistent mount, add to /etc/fstab:
192.168.10.20:/linuxdata /mnt/winshare nfs defaults,_netdev 0 0Test read/write access:
touch /mnt/winshare/testfile.txt
ls -la /mnt/winshare/Step 9: Configure NFS Locking and Stateful Connections
Configure NFS server locking behavior to handle client crashes and stale locks:
nfsadmin server config locking=lockedSet the grace period for client recovery after server restart:
nfsadmin server config gracetime=90Monitoring NFS Server Activity
Monitor active NFS sessions and statistics:
nfsadmin client listView NFS server statistics for performance monitoring:
nfsstat -sReview NFS-related events in Event Viewer under Applications and Services Logs → Microsoft → Windows → NfsServer.
Summary
Server for NFS on Windows Server 2012 R2 enables seamless file sharing with Linux, Unix, and macOS clients. By installing the NFS role service, configuring identity mapping, creating NFS exports, and setting appropriate permissions at both the NFS and NTFS layers, administrators can build a reliable cross-platform file sharing infrastructure. Careful attention to UID/GID mapping and client access controls is essential to ensuring both security and functionality in heterogeneous environments.
