Share/Ntfs Permissions, the Right way.
I have seen 2 ways Administrators design their Share/Ntfs Permissions.
**Some Administrators , create a Share and give Authenticated Users Full Control in Share permissions. Then in Security tab of the Share they give permissions to Active Directory Groups that needs to have access to the Share and folders inside the Share.
**Other Administrators, they create a Share and give Authenticated Users Full Control in Share Permissions. in Security tab of the Share , they leave everything to the default, they do not change anything.
Then they create a folder inside the Share, they name it for instance "Departments" which will be the top folder. in Security tab of "Departments" folder,they give READ permissions to Authenticated Users (This folder Only), and they give for instance Domain Admins, Enterprise Admins, Full Control (This folder, Subfolders and Files).
Then Under "Departments" folder , when they get a request , they will create folders for each department, ex : Accounting, Marketing,etc...and they add appropriate AD group to the folder permissions.
---So I am familiar with the second options that Administrator use, but I am not sure if the first option is best practice or it is wrong, or is something to avoid.
any Clarification will be very much appreciated.