Hi, I have a question regarding NTFS permissions. Is it possible to have permissions for groups only? Thing is I've created some tree structure with inheritance and specified groups - some groups have rights read only, some have modify. No full control. Once my domain users start creating their own folders, they have full control rights for their newly created folders and are mentioned in ACL by their name. Also, they are owners of such folders. Is there any way how to keep my folder structure clean from individual user names?

Thank you

Petr

Hi Petr,

Above all, the creator of a subfolder will be the owner by design.

However I think if there is no full control permission set in root folder and heritate was enabled, the user should not have full control permission.

Can you share the NTFS permission of the root folder to us? Or can you please test to create a test folder, give only a certain user group Read + Write permission and see if subfolders created by another user will have Full Control permission.

Also please specifically check if Creator Owner has Full Control permission in root folder, which could lead your current situation. 

Hi Shaon,

as I look at it again, the owner has "special permission" which seem like full control but they cannot change or cancel heritage. Anyway, when the user leaves our company and their account is disabled (or in some cases deleted) it still remains in permissions on folders created by them. So in the end we can end up with folder structure full of "dead souls" :) So my question is: Is there any way how to eliminate this? User names in permissions?

Thanks

Petr