Bizarre NTFS permissions issue on Windows Server 2008 64-bit

Share permissions: Authenticated users have full control.
NTFS permissions for DATA2 parent folder: Data2 access group (full), Domain Admins (full), Administrators (full), Creator Owner (full), System (full).

No permissions set for other groups or users .

A test user I just created last night is a member of the following security groups: Corp Everyone, Domain Users and Staff Schedule Access. This is the same as the majority of the other users who shouldn't have access. Yet in effective permissions, this user has full control over Data 2 subfolders.

The weird thing is, last night this user didn't have access to any of the subfolders. This morning it has full access. Could the backup program be doing something?

I think this has to do with Symantec Backup Exec System Recovery. According to this article there's something wrong with our version (8.0.1) that results in elevation of privilige.

http://www.symantec.com/avcenter/security/Content/2008.05.28c.html

There's a patch, I need to dig up our serial number to get it. Stay tuned!

Symantec was definitely causing it somehow. A test user ("test) I created using 8.0.1 with the correct group permissions didn't have access when I created it, but did have access after I created it.

A second test user ("test2") was created after the upgrade to 8.0.4. The correct permissions were applied and have stuck after two backups .

Unfortunately the permissions for the other 30+ users are still at full access and the fix didn't take those rights away. Neither did adding them to the data 2 access group and removing them. However, adding test to a group that has explicit no access rights to the directory, then removing from that group, doesn't work either. The rights come right back. Unless anyone has a better idea, I will have to add them to this group tonight.