How to Set Up Windows Server 2016 Network File System
Network File System (NFS) is a distributed file system protocol that allows a server to share files and directories over a network, enabling Unix, Linux, and other compatible clients to mount and access shared storage as if it were local. Windows Server 2016 includes both Server for NFS and Client for NFS components, making it easy to integrate Windows-based storage infrastructure into heterogeneous environments. This tutorial covers installing and configuring NFS shares on Windows Server 2016.
NFS Components in Windows Server 2016
Windows Server 2016 provides two NFS components. Server for NFS allows the Windows server to act as an NFS file server, sharing folders with Unix and Linux clients. Client for NFS allows the Windows server itself to mount NFS shares from other NFS servers. Both components support NFS version 3 and NFS version 4.1. NFS version 4.1 provides improvements including stronger security, better performance over WAN connections, and mandatory locking. Authentication can be handled using standard Unix UID/GID mappings or Active Directory via Identity Management for Unix.
Installing Server for NFS
Install the Server for NFS role service on Windows Server 2016 using PowerShell. Open PowerShell with administrative privileges and run:
Install-WindowsFeature -Name FS-NFS-Service -IncludeManagementToolsTo also install the Client for NFS to allow this server to mount NFS shares from other servers:
Install-WindowsFeature -Name NFS-ClientVerify the installation:
Get-WindowsFeature -Name FS-NFS-Service, NFS-ClientConfiguring NFS Server Global Settings
Configure global NFS server settings using the NfsServerConfiguration cmdlets. To view current settings:
Get-NfsServerConfigurationConfigure the NFS server to enable NFS version 3 and version 4.1 and set the number of worker threads:
Set-NfsServerConfiguration -EnableNFSV3 $true -EnableNFSV4 $true -NfsV4Leasetime 120 -NlmGracePeriod 45To configure the server to use a specific port for NFS traffic (default is 2049):
Set-NfsServerConfiguration -NfsPort 2049 -MountPort 0 -NlmPort 0 -NsmPort 0Configuring User Mapping
NFS uses Unix-style UID and GID for permissions. Windows Server 2016 supports several mapping methods. The simplest is anonymous mapping, where all NFS clients are mapped to a specific Windows account. To configure anonymous access, first create a dedicated local account for NFS clients:
New-LocalUser -Name "nfsanon" -NoPassword -Description "NFS anonymous user"Then configure the NFS server to use this account for unmapped users. This is configured per-share when creating the share.
Creating an NFS Share
Create an NFS share on a specific folder using the New-NfsShare cmdlet. First, create or identify the folder to share:
New-Item -Path "D:NFSShare" -ItemType DirectoryCreate the NFS share with read-write access for all hosts using anonymous mapping:
New-NfsShare -Name "data" -Path "D:NFSShare" -AllowRootAccess $true -Authentication sys -Permission ReadWrite -AnonymousAccess $true -AnonymousUid 65534 -AnonymousGid 65534To restrict access to specific client hosts or subnets, use the ClientAccess parameter:
New-NfsShare -Name "restricted" -Path "D:NFSShare" -Authentication sys -AllowRootAccess $false -Permission ReadWrite -ClientAccess @(@{Name="192.168.1.0/24"; LanguageEncoding="ANSI"; ClientType="host"; Permission="ReadWrite"; AllowRootAccess=$true})Managing NFS Shares
List all current NFS shares on the server:
Get-NfsShareModify an existing share to change permissions or add client access entries:
Set-NfsShare -Name "data" -AllowRootAccess $false -Permission ReadOnlyRemove an NFS share:
Remove-NfsShare -Name "data" -Confirm:$falseConfiguring NFS Share Permissions via Server Manager
You can also manage NFS shares through Server Manager. Open Server Manager, navigate to File and Storage Services, then Shares. Click Tasks and select New Share. Choose the NFS Share – Quick or NFS Share – Advanced template. Follow the wizard to specify the share path, share name, authentication methods, and share permissions. The Advanced template allows you to configure per-client-host permissions, enabling fine-grained access control for each NFS client.
Mounting an NFS Share on Linux Clients
On a Linux client, mount the NFS share using the mount command. Replace the server IP and share name with your values:
sudo mount -t nfs 192.168.1.100:/data /mnt/nfsdata -o vers=3For NFS version 4.1:
sudo mount -t nfs4 192.168.1.100:/data /mnt/nfsdata -o minorversion=1To make the mount persistent across reboots, add an entry to /etc/fstab:
192.168.1.100:/data /mnt/nfsdata nfs vers=3,rw,hard,intr 0 0Using Client for NFS on Windows
To mount an NFS share from a Windows server or workstation with Client for NFS installed, use the mount command in an elevated command prompt:
mount -o anon \192.168.1.100data Z:To view mounted NFS drives:
mountTo disconnect an NFS mount:
umount Z:Configuring NFS Firewall Rules
Ensure the Windows Firewall allows NFS traffic. Enable the predefined NFS rules:
Enable-NetFirewallRule -DisplayGroup "Network File System"Best Practices for NFS on Windows Server 2016
Use NFS version 4.1 where possible for improved security and performance. Restrict NFS share access to specific client IP addresses or subnets to reduce unauthorized access risk. Avoid allowing root access from NFS clients unless absolutely necessary. Place NFS shares on dedicated volumes separate from the operating system. Monitor NFS access using Windows Event Viewer under Applications and Services Logs > Microsoft > Windows > NFS. Use dedicated high-speed network interfaces for NFS traffic in high-throughput environments. Regularly audit NFS share permissions to ensure they align with organizational security policies.
Configuring NFS on Windows Server 2016 enables seamless file sharing between Windows and Unix or Linux systems, making it an essential service in mixed operating system environments and providing the flexibility to serve both Windows and open-source workloads from a single file server platform.
