Need a little help applying NTFS folder permissions.
Under the company root share folder (Drive G:) there are 35 shared folders, divided by department. Under each department shared folder there are 2 folders, one called 'deptonly' and the other called 'everyone'. Permissions are assigned by AD group.
My goal is to reset permissions more efficiently.
1. No user can make any modifications to any of the 35 shared folders, or the 2 folders underneath (no copy, move, delete, rename...no modifying at all).
2. Users who are in the security group for their department can access the 'deptonly' folder and make any changes that want to everything underneath it, except full control and anything as well as the 'everyone' folder.
3. All folders to be visible to everyone.
What Ive done so far is that on one of the department folders I am not inheriting permissions to any of the security groups from the parent (root share). I setup the domain users group with special permissions of allow 'list folder / read data' - apply to: This folder Only.
On the 'dept only' folder I gave the domain users group modify permissions, which will be inherited to all subfolders and files.
I logged on as a domain user and verified that I cannot copy or move the department folder, but if I try to delte it, it starts to delete.
On the 'everyone' folder I'm assuming by giving everyone modify privleges that would reach my goal.
Why does the folder delete when they dont have the privlege and any recommendations if there is a more efficient way to do this.