This is a question on how to correctly setup our NTFS permissions on our Srv2008 R2 file server:
Our file server, where our users get their network drive from, has 15 folders on the root of the network drive.
Some of these folders have the need for a complex NTFS setup - look at the attached picture before you read further.
I was thinking of removing the "Include inheritable permissions from objects parent" from all the folders and sub(sub)folders that need their own set of permissions. And then setup a new security group in AD for each folder and subfolder - each folder would then need two groups in AD - one for full access and one for read only access.
These security groups would then be organized within an OU.
This is what I have come up with so far - but it seems somewhat messy...
Any help would be appreciated - Thanks!