Folder permissions in Win2k8
Posted on 2011-03-07
I'm setting up a new file server, and rearranging folder / group permissions as part of the project. My problem is that I want to create a top level folder that has departmental folders in it but I'm having permissions problems.
The top level folder is shared so everyone can map a drive letter to it and see inside it for their respective dept. folder, BUT, I don't want them to be able to add or create anything in this top level folder. Also, I want users to have access to their respective departmental folders below, based on their domain group membership.
This seems like it should be easy, but when I set up the top level share as anything but Full Control (sharing properties, not ACL), no matter what I have set up on the next level folder, the users can no longer have full control in the lower level folders.
I've messed with inheritance issues until I'm blue in the face (!) and can't seem to get it right. Seems like Sharing properties keeps trumping ACL properties. Help!
One last thing, this is a Win2k8 member server on a Win2K based AD domain.