I have two groups of AD users:

1. Group_R (members: User_1, User_2)
2. Group_RW (members: User_3, User_4)

There are two shared folders:

• Folder 1: \\server\folder_A
  Permissions: Group_R (read only), Group_RW (read write)

• Folder 2: \\server\folder_A\subfolder_B
  Permissions: User_2 (read write), User_4 (read write)

Permissions on folder 1 set and working as expected.

On folder 2, I have removed the inherited permissions from the parent folder and assigned special permissions (r/w) for the two User_2 and User_4

When I get to test the permissions (i.e. creating a file), User_4 has r/w but User_2 has read only (it cannot create files) in subfolder_B.

If I check the valid permissions for User_2, it shows that he has write permission in the subfolder_B (but cannot write or edit files there). If I move User_2 from Group_R to Group_RW, he can write files.

To me it looks like the group's permissions are propagated from folder_A to subfolder_B, despite the fact that subfolder_B does not inherit parent's permissions (I have chosen to remove parent permissions when disabilng the inheritance).

AD is Windows 2008 R2, the server holding the folders is Windows 2003.