I've got a client that wants a specific setup for their files shares and I'm struggling with getting it setup the way the want without applying the permissions to every stinking folder in every share. Here's the example folder structure.
ShareRoot | |-Folder1 | | | |-SubFolder1 They want the users that have access to ShareRoot to have read/write access to the SubFolder level without having the ability to modify, move or delete the folders at the Folder level or delete any files in the ShareRoot folder, but still able to modify the file in the ShareRoot folder and files in the Folder level. I've tried explaining there are seldom good technical solutions for behavioral problems, but they really don't care. They feel this should be doable. I can set the permissions folder by folder, but they want to be able to automate the permissions because the Folders do change over time and they don't want to pay us every time they make a change, never mind that the person who originally made this possible (and of course don't work there anymore) used to just manually set the permissions practically at every file level. (Cleaning this up has been a real nightmare.) The current permissions set on the ShareRoot look like this: ShareGroup - Read & execute - This folder only ShareGroup - Modify - Subfolders and files only The problem I'm having is even with those permissions set, a user, albeit accidentally, could still move and/or delete Folder level folders, although they cannot rename them. Their access rights at the SubFolder level is correct. If I change the Subfolder and files permission for the group to Read, write & Execute, I then don't have the needed Modify permissions at the SubFolder level, and to do that I then have to add the Modify - Subfolders and files only permission on the Folder level folders, which doesn't meet their requirement of not needing us in the future for this stuff. Is there any way I can make this work from the ShareRoot?
