I'm working on a little project where we're trying to have some sort of structure to a drive letter that's being shared to the domain users.
As an example, here's the structure that we have:
^ ^ ^
| | |
| | Third Level
| Second Level
The first level: G:\01\xxxx\xxxx\xxx is supposed to be read only to the domain users. They don't have any write/change/delete rights to this level of the tree. (Note: In the first tree level, there are 26 folders corresponding to the alphabet)
The second level G:\XX\01060\XXXX\XXXX\etc has essentially the same rights and restrictions as its parent folder.
The third level, G:\xx\xxxxx\20050341\etc. is where the domain users have the ability of creating folders, and files within them. They are allowed to delete files, but not the folders. Requests to the domain admins has to be made in order to delete the folders.
Where it gets tricky for me is I have to apply all the rules to all the folders within the first two levels of folders (which are already in place. First level stuff is set since it corresponds with the alphabet; Second level is set right now, but potentially needs new folders in the future with the same rights as its sister folders in place).
What I'm fearing is that there is no dynamic way that the folders and their security rights will be implemented every time a new folder is created.
Basically, my main question is the above mentioned structure even possible? And as a bonus to my question, is it implementable in a dynamic way where Folders added on the second tree level will have the rights assigned automatically?
I know this post is rather confusing since I'm at a loss for words in describing the issue, so please post questions you may have :)