When assigning NTFS group rights to a folder. How do I force rights to be inherited by folders that are specifically set NOT to inherit rights. (I don't want to replace rights... I want to ADD rights and have only the added rights propagate all the way down the folder structure)
F:\Main (rights are not inherited and are specifically defined)
F:\Main\Dept-10 (rights are not inherited and are specifically defined)
F:\Main\Dept-10\production (rights are inherited)
F:\Main\Dept-10\production\wave1 (rights not inherited)
If I want to give the group "checkers" read rights to F:\Main and everything below it, assigning that group read rights to F:\Main will work ONLY for this directory as the next directory is SET NOT to inherit rights. This example is only a few layers deep. If we have directory structures where rights are SET NOT to inherit rights dozens of layers deep, there is no way to quickly identify those nor would we want to have to find each inherited rights break to assign the proper specified rights.
I must be missing something, but where is the magic button to force JUST THE NEWLY ADDED RIGHTS to propagate all the way down the structure? In the example above. In order to give the "checkers" group read rights to a file in the F:\Main\Dept-10\production\wave1 folder as well as ALL FILES IN BETWEEN. I would have to manually assign the "checkers" group to each directory where rights were set NOT to inherit rights. This just doesn't seem right.
I've played with the "replace all permissions on all child..." options in the advance tab, but all that does is replace everything on all child objects to whatever you currently have on the folder at hand. I want to apply only NEW changes to all child objects (basically add the new NTFS group right), not replace or change child objects to the existing set of NTFS rights.
Coming from the Netware world, this seems entirely restrictive in how you can implement different security rights through out a file server structure in an efficient manner.