Strange Behavior with NTFS Permissions Inheritance

Experts:

All of my client files are hosted on a single File Server located in-house.
The Hardware is new and very efficient, HP DL380 G5 server with loads of RAM, HDD space, processing power, etc. It is a member server of my domain and runs Server 2003 R2 SP2. I currently have both Macintosh and Windows clients touching the same directory hierarchy where all my client files reside.

I've setup the directory permissions where a folder and its nested files inherits NTFS permissions from its parent directory. The default permissions on the root directory is set as: Domain Admins=FullControl, SYSTEM=FullControl, Domain Users=Modify. This works fine for the most part. However, at least once or twice a week, I get a call from a Macintosh user complaining that a directory/file they worked on is locked out to other users (and sometimes vice versa). So I go check it out and find that the inheritabnce has been superceded by the user's own permissions, therefore setting a new inhertince structure starting at the level where the anomoly happened.

Here's a good example:
Lisa is a Macintosh user - she's working today in Clients/VISA/Creative/Rev1 directrory where
there is a file within Rev 1 called cardshot.vh.psd. She closes out Photoshop and sends Jim, a windows user, an email telling him this project is ready for proofing. Jim goes on the server, drilling down to ~/Creative but is locked-out of the ~Rev 1 directory for some reason. So I have Sally, another Mac user have a look, and sure enough, the ~Rev 1 directory has a red STOP-SIGN on it via the Macintosh Finder window. When I check the NTFS permissions on ~Rev 1, I see that the expected permissions inheritance was blown away and replaced with: Domain Admins=Modify, Everyone=<nothing>, Lisa=FullControl, SYSTEM=Modify.

It's the weirdest thing and seems to happen only with a handful of Macintosh users/computers (three, actually). Right now, I "fix" the problem ad-hoc as it happens by repossessing ownership of the problem file/folder and reinheriting the permissions from the proper parent structure. But this is a reactive measure. My creatives want better, more secure file permission stability and I don't blame them.

So here's what I I'd like to see from you Experts:
1)  Any insight into diagnosing any problems directly causing this behavior (from a Windows permission or Appletalk  perspective)
2)  Any scripts for automating resetting the proper perm-inheritance structure on a regular basis
3)  your suggestions based on past experience will help...


- juckyt -Start Free Trial