I need to give a user the ability to create files and folders within a shared folder on my Windows Server 2008 file server. The top level folder is called Shared1. I have removed the inherited Creator Owner at this level and added the user with Modify permissions, Checking the Special Permissions list confirms that the user can read permissions but not change them or assign ownership.
When I test this solution I find that the user can in fact alter the permissions on any folder they create in Shared1 - giving other users access or taking access away.
This user is only a domain user and is not a member of any other groups.
What am I missing here?