Server 2012 R2 file server -- the share is exposed over a DFS namespace.
I have a group called "share" that all the users are members of. This group has read/write access to the root of the DFS share and a bunch of folders inside that share.
Inside the DFS share is a folder called "design" that only the design team should have access to. So I created a new AD security group called "design" and added the relevant users to this group.
I on the "Design" subfolder in the root of the DFS share, I disabled inherited permissions (convert to explicit) and removed the group "Shared" from having permissions over this folder (since not everyone should be able to view/modify files in here). I ensured the permissions that come with the folder (i.e. System, Creator/Owner etc) are on point. I then added "design" group and gave modify permissions.
However, the behaviour I'm seeing is users who are members of the "design" group are able to view and traverse the design folder. So far so good. They're able to create word documents, text documents, etc using the Right Click > New > Microsoft Word Document or Text Document respectively -- it all works great.
However, users attempt to create a new Excel Spreadsheet using the right click > New > Excel Spreadsheet - the spreadsheet is created called "New Microsoft Excel Worksheet", but the users are not allowed to rename, edit or delete the spreadsheet. Inspecting the permissions of the file shows this in the Security tab:
No groups or users have permission to access this object. However, the owner of this object can assign permissions.
At this point I thought I'd messed up the permissions and set the permissions for the "design" group to apply to "This folder and subfolder only" rather than "This folder, subfolders and files" but when I double checked I found I'd definitely assigned it correctly. I then examined effective permissions on a file & a folder that is already in there. It all checks out.
So the problem is -- newly created Excel Spreadsheets at this location are not inheriting permission despite being told to. Newly created directories are OK.
Where do I start looking to fix this?
