this is a really straight forward question however i cant get my head around it due to not having done it for ages.
I have a Windows 2008 storage server with a folder that has been shared. this folder contains sub folders which can only be accessed by management and a specified department:
i.e folder A is accessible by dept A and management, folder B by department B and management ETC.
I know of 2 ways i can do this already by either A) giving read share permissions to the root folder and then explicitly allowing / denying access based on the group at the NTFS level however i know this is not best practice. the other obvious but laborious way would be to create an individual share for each folder.
any other ideas?