2
I have two groups of AD users:
- Group_R (members: User_1, User_2)
- Group_RW (members: User_3, User_4)
There are two shared folders:
Folder 1:
\\server\folder_A
Permissions: Group_R (read only), Group_RW (read write)Folder 2:
\\server\folder_A\subfolder_B
Permissions: User_2 (read write), User_4 (read write)
Permissions on folder 1 set and working as expected.
On folder 2, I have removed the inherited permissions from the parent folder and assigned special permissions (r/w) for the two User_2 and User_4
When I get to test the permissions (i.e. creating a file), User_4 has r/w but User_2 has read only (it cannot create files) in subfolder_B.
If I check the valid permissions for User_2, it shows that he has write permission in the subfolder_B (but cannot write or edit files there). If I move User_2 from Group_R to Group_RW, he can write files.
To me it looks like the group's permissions are propagated from folder_A to subfolder_B, despite the fact that subfolder_B does not inherit parent's permissions (I have chosen to remove parent permissions when disabilng the inheritance).
AD is Windows 2008 R2, the server holding the folders is Windows 2003.