Greetings,
I am having a problem with a network share on a new system we setup. Here is how the skeleton is structured for a single network drive users have access to:
Z:\
Inside this folder, you have a folder for each international division of the whole company -- i.e. France Division, United States Division, China Division,etc.
Z:\United States Division\
Inside this folder you have a folder for every department -- i.e. Accounting, Engineering, Information Technology. This "United States Division" folder inherits its security permissions from Z:\. On each departmental folder, there is an AD group "US_dpt_Accounting" or "US_dpt_Engineering" (in the form of "<division>_dpt_<department>") with
---------------------------
Users are only supposed to be able to browse the folder skeleton. They can modify/write/change *inside* their own departmental folder. Both of this works.
However, I discovered a "glitch" today. A user can right click on a folder in Z:\ or "Z:\United States Division\" --> Create shortcut... it will actually do it! O_O They cannot however delete, rename, create new folder/file, or copy files into either of these locations (access/permission denied) -- which is good.
How do I fix this? Or what is the proper way to set the permissions on this?
I am having a problem with a network share on a new system we setup. Here is how the skeleton is structured for a single network drive users have access to:
Z:\
Inside this folder, you have a folder for each international division of the whole company -- i.e. France Division, United States Division, China Division,etc.
- Share Permissions
- Authenticated Users
- Full Control
- Change
- Read
- Domain Admins
- Full Control
- Change
- Read
- Authenticated Users
- NTFS Security Permissions
- Authenticated Users
- Read & execute
- List folder contents
- Read
- Domain Admins
- Full control
- Modify
- Read & execute
- List folder contents
- Read
- Write
- Authenticated Users
Z:\United States Division\
Inside this folder you have a folder for every department -- i.e. Accounting, Engineering, Information Technology. This "United States Division" folder inherits its security permissions from Z:\. On each departmental folder, there is an AD group "US_dpt_Accounting" or "US_dpt_Engineering" (in the form of "<division>_dpt_<department>") with
---------------------------
Users are only supposed to be able to browse the folder skeleton. They can modify/write/change *inside* their own departmental folder. Both of this works.
However, I discovered a "glitch" today. A user can right click on a folder in Z:\ or "Z:\United States Division\" --> Create shortcut... it will actually do it! O_O They cannot however delete, rename, create new folder/file, or copy files into either of these locations (access/permission denied) -- which is good.
How do I fix this? Or what is the proper way to set the permissions on this?