Introduction to NFS Server on Windows Server 2019

Network File System (NFS) is a distributed file protocol that allows clients — primarily Linux and Unix systems — to mount and access shared directories over a network as if they were local drives. Windows Server 2019 includes both an NFS server (Server for NFS) and an NFS client (Client for NFS) as part of the File and Storage Services role. Setting up NFS on Windows Server 2019 enables interoperability between Windows file servers and Linux/Unix workstations, Kubernetes persistent volumes, and legacy UNIX applications that depend on NFS mounts.

Windows Server 2019 supports NFS versions 2, 3, and 4.1, with NFS v4.1 offering improved security through Kerberos authentication, better performance, and support for parallel NFS (pNFS) layouts.

Installing the NFS Server Role

Install the Server for NFS role service using PowerShell:

Install-WindowsFeature -Name FS-NFS-Service -IncludeManagementTools

This installs both the NFS server and the NFS management cmdlets. Also install the Identity Management for UNIX component if you need UID/GID mapping between Windows and Linux:

Install-WindowsFeature -Name RSAT-AD-Tools

Verify the NFS services are running:

Get-Service -Name "Server for NFS"

You may also see the NFS-related services listed as NfsSvc. Start it if needed:

Start-Service -Name NfsSvc
Set-Service -Name NfsSvc -StartupType Automatic

Configuring User Name Mapping

NFS uses numeric UID and GID values for permissions, while Windows uses SIDs. To map Windows users to UID/GID values, configure User Name Mapping. The simplest approach is using a passwd file. Create a mapping file at C:NFSpasswd:

root:x:0:0:root:/root:/bin/bash
linuxuser:x:1001:1001:Linux User:/home/linuxuser:/bin/bash

Configure the NFS server to use this mapping file:

Set-NfsMappingStore -EnableADLookup $false -EnableNisDomain $false -UseMappingFilePath $true -MappingFilePath "C:NFSpasswd"

For a simpler setup where Linux clients will connect as anonymous, configure anonymous UID/GID mapping:

Set-NfsServerConfiguration -EnableNFSV2 $false -EnableNFSV3 $true -EnableNFSV4 $true -AnonymousUID 65534 -AnonymousGID 65534

Creating an NFS Share

First, create the directory you want to share:

New-Item -Path "D:NFSSharesLinuxData" -ItemType Directory

Create an NFS share using the New-NfsShare cmdlet. This example shares the folder with read-write access, allowing all hosts:

New-NfsShare -Name "linuxdata" -Path "D:NFSSharesLinuxData" -AllowRootAccess $false -Authentication "sys" -Permission ReadWrite

To restrict access to a specific subnet:

Grant-NfsSharePermission -Name "linuxdata" -ClientName "192.168.1.0/24" -ClientType "host" -Permission ReadWrite -AllowRootAccess $false

For Kerberos-secured NFS v4.1 shares (requires an Active Directory Kerberos infrastructure):

New-NfsShare -Name "secureshare" -Path "D:NFSSharesSecure" -Authentication "krb5p" -Permission ReadWrite

Here “krb5p” means Kerberos with data privacy (encryption). Other options include “krb5” (authentication only) and “krb5i” (authentication with integrity).

Configuring NTFS Permissions for NFS

NFS clients access files using the underlying NTFS permissions on the Windows server. Set permissions to allow the mapped NFS user access:

$acl = Get-Acl "D:NFSSharesLinuxData"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Everyone","FullControl","ContainerInherit,ObjectInherit","None","Allow")
$acl.SetAccessRule($rule)
Set-Acl "D:NFSSharesLinuxData" $acl

In production, replace “Everyone” with a specific Windows group or user that maps to the NFS UID. This is crucial for security — NFS file access ultimately enforces Windows NTFS permissions.

Connecting from a Linux NFS Client

On a Linux client, install the NFS client utilities and mount the share. On Ubuntu/Debian:

sudo apt-get install nfs-common
sudo mkdir /mnt/winshare
sudo mount -t nfs 192.168.1.50:/linuxdata /mnt/winshare

For NFS v4.1 explicitly:

sudo mount -t nfs4 -o vers=4.1 192.168.1.50:/linuxdata /mnt/winshare

To make the mount persistent across reboots, add it to /etc/fstab:

192.168.1.50:/linuxdata   /mnt/winshare   nfs4   vers=4.1,rw,auto   0   0

Managing and Monitoring NFS Shares

List all active NFS shares on the server:

Get-NfsShare | Select Name, Path, Authentication, AllowRootAccess

View active NFS client sessions:

Get-NfsSession | Select ClientId, ClientHostName, NumRequests

View share permissions:

Get-NfsSharePermission -Name "linuxdata"

To revoke access from a client:

Revoke-NfsSharePermission -Name "linuxdata" -ClientName "192.168.1.100" -ClientType "host"

Check NFS server statistics and performance counters using Performance Monitor. Add the “NFS Server” counter category to track bytes read/written per second, total procedure calls, and cache hit rates. Windows Server 2019 NFS Server provides a reliable, manageable way to serve files to Linux and Unix systems without requiring a third-party solution.