How to grant explicity permission modify to a user on a child folder in windows 2012

I am trying to grant explicitly modify access to a domain user on a child object which is 2 level down. Only the system and the local admin along with this user should have full access to this child object/folder. Effective permissions test shows that this user has required access (except- Full Control, take ownership, change permissions), but unable to create folders in it.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cmaohioSenior Systems ManagerCommented:
I would check to make sure the folder is not inheriting permissions from the folder above it, then reapply the permissions
Member_2_7702693Author Commented:
Inheritance has been disabled, and all inherited permissions removed accept system/local admin/domain admin/specific domain user. In effective access tab in Windows 2012 I found the user doesn't have proper permission though the user has modify permissions. Refer attached.
Effective permissions showing that user only has read access

After you disabling inheritance, have you propagate those permissions to child objects from folder advance permissions?

If here you get errors, 1st you should take folder ownership and grant administrators full control and then try again
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Lionel MMSmall Business IT ConsultantCommented:
I suggest you use a command line utility called icacls You can run it as one command or as separate commands. Interested in this approach? If so I can write the required commands for you.
U may try Subinacl utility to enforce specific user permissions to specific folder and sub folders

Subinacl /noverbose /Subdirectories "D:\1st folder\2nd folder\userdata\*" /grant=domain\user=c
Subinacl /noverbose /Subdirectories "D:\1st folder\2nd folder\userdata\*" /grant=domain\user=WD

Replace domain\user with yours
The above command will grant specific user modify (C) OR Write and Delete (WD) permissions on all sub folders and files under Userdata

If you don't have permissions to do so, you might need 1st take ownership of entire folder, check below article for more info on folder ownership \ permissions problem and Subinacl download link as well.

For Subinacl utility help
Member_2_7702693Author Commented:
Hello All, Thank you for your timely support. I had done a mistake by not granting share level permission ( read and change) to the Domain Users, there by whatever security permission applied where not effective. Now specific user is able to create and delete files in their respective UserData folder.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.