Our shared drive has become very messy and we're looking to restrict the NTFS permissions on the top 2 levels of the folder structure.
Our structure resembles the following:
S:\Project\ (Folder level 1)
S:\Project\101-200\ (Folder level 2)
S:\Project\101-200\101\(Folder level 3)
At the moment everyone has full access to all levels and one of the problems we are facing is users *accidentally* moving folders into other folders and renaming folders.
What we would like is for a new admin security group to have modify access at the 2 top levels so that only they can create folders. All other domain users must have read,write and delete access to all the lower levels and to be able to copy files from one folder to another. They also must be able to traverse the 2 top levels to be able to reach all projects.
This is a live production environment and there are existing non-inheritable permissions on certain project folders. There are also thousands of folders.
What’s the best way to tackle this? And what permissions do I need to set to accomplish this?