How to Set Up Network File System (NFS) Server on Windows Server 2016
Network File System (NFS) is a distributed file system protocol that allows clients to access files over a network as if they were on a local disk. Windows Server 2016 includes both an NFS Server (Server for NFS) and an NFS Client component. NFS is particularly valuable in mixed environments where Linux, UNIX, and Windows systems need to share file access without relying on SMB/CIFS. This guide covers installing the NFS server role, creating NFS shares, and configuring permissions for UNIX and Linux clients.
Understanding NFS Authentication on Windows
Windows Server 2016 NFS supports several authentication mechanisms. Anonymous authentication maps all NFS clients to a single anonymous user account on the server. Identity mapping can be configured using Active Directory (for domain-joined environments), User Name Mapping service, or a local password file to map UNIX UIDs to Windows accounts. For most enterprise deployments, Active Directory identity mapping provides the most seamless integration.
Step 1: Install the Server for NFS Role Service
Install the Server for NFS role service using PowerShell or Server Manager. This adds NFS sharing capabilities to the server:
Install-WindowsFeature -Name FS-NFS-Service -IncludeManagementToolsAlso install the Identity Management for UNIX features if you need UID/GID support and Active Directory integration:
Install-WindowsFeature -Name "ADLDS"
Install-WindowsFeature -Name "NFS-Administration"Verify the installation was successful:
Get-WindowsFeature -Name FS-NFS-ServiceStep 2: Create the Directory to Share
Create the directory that will be exported via NFS. Choose a drive with sufficient space and appropriate NTFS permissions:
New-Item -ItemType Directory -Path "D:NFSSharesLinuxData"
New-Item -ItemType Directory -Path "D:NFSSharesSharedReports"Step 3: Create an NFS Share
Use the New-NfsShare cmdlet to create NFS exports. The following example creates a share with read/write access for a specific subnet and enables root squashing to map the root user to an anonymous account:
New-NfsShare -Name "LinuxData" -Path "D:NFSSharesLinuxData" -AllowRootAccess $false -Authentication All -Permission ReadWriteCreate a read-only share for report access:
New-NfsShare -Name "SharedReports" -Path "D:NFSSharesSharedReports" -AllowRootAccess $false -Authentication All -Permission ReadOnlyVerify your NFS shares are available:
Get-NfsShareStep 4: Configure Client Access Restrictions
By default, NFS shares are accessible to all hosts. For production environments, restrict access to specific IP addresses or subnets. First, get the existing client permission settings:
Get-NfsSharePermission -Name "LinuxData"Grant access to a specific host or subnet with read/write permissions:
Grant-NfsSharePermission -Name "LinuxData" -ClientName "192.168.10.50" -ClientType "host" -Permission ReadWrite -AllowRootAccess $false
Grant-NfsSharePermission -Name "LinuxData" -ClientName "192.168.10.0/24" -ClientType "network" -Permission ReadWrite -AllowRootAccess $falseRevoke the default all-machines permission after adding specific restrictions:
Revoke-NfsSharePermission -Name "LinuxData" -ClientName "All Machines" -ClientType "hosts"Step 5: Configure Windows Firewall for NFS
Enable the NFS-related firewall rules to allow clients to connect. NFS uses several ports including TCP/UDP 111 (portmapper) and TCP/UDP 2049 (NFS):
Set-NetFirewallRule -DisplayGroup "File and Printer Sharing" -Enabled True
New-NetFirewallRule -DisplayName "NFS Portmapper TCP" -Protocol TCP -LocalPort 111 -Action Allow -Direction Inbound
New-NetFirewallRule -DisplayName "NFS TCP 2049" -Protocol TCP -LocalPort 2049 -Action Allow -Direction Inbound
New-NetFirewallRule -DisplayName "NFS UDP 2049" -Protocol UDP -LocalPort 2049 -Action Allow -Direction InboundStep 6: Configure Anonymous User Mapping
For simple deployments without Active Directory identity mapping, configure the UID and GID that anonymous NFS users will be mapped to. These should correspond to valid UIDs used by your Linux clients:
Set-NfsServerConfiguration -AnonymousUid 65534 -AnonymousGid 65534 -EnableNFSV4 $true -MapServerName "" -NetgroupCacheSize 1024Step 7: Mount the NFS Share on a Linux Client
On the Linux client, install the NFS client utilities and mount the Windows NFS share. The following commands apply to RHEL/CentOS-based distributions:
sudo yum install nfs-utils -y
sudo mkdir -p /mnt/windowsnfs
sudo mount -t nfs 192.168.1.50:/LinuxData /mnt/windowsnfsFor Ubuntu/Debian-based systems:
sudo apt-get install nfs-common -y
sudo mount -t nfs 192.168.1.50:/LinuxData /mnt/windowsnfsAdd an entry to /etc/fstab for persistent mounts across reboots:
echo "192.168.1.50:/LinuxData /mnt/windowsnfs nfs defaults,_netdev 0 0" | sudo tee -a /etc/fstabStep 8: Verify NFS Share Access and Permissions
From the Windows server, view current NFS session connections to verify Linux clients are connecting successfully:
Get-NfsSession
Get-NfsOpenFileWith NFS Server configured on Windows Server 2016, your Linux and UNIX systems can now seamlessly access shared file storage using native NFS protocols, enabling efficient cross-platform file sharing without requiring third-party software or protocol conversions.
