Hi folks, I'm trying to set up permissions on a set of folders and files on a Windows 2008 R2 file server. What I am trying to do is, we have a folder for employee evaluations with a few subfolders (ex. accounting, operations, etc) with evaluations in them (excel spreadsheets). I have users set up in security groups according to function and am giving permissions based upon security groups. What I want to be able to do is give certain permissions to employees and certain permissions to levels of management. I thought I had this setup, but it's not working as I had hoped. I have an "Evaluations Full Access" group with CEO and Managers, and "Evaluations Access" group which contains various user groups by function (ex. accounting group with accounting members) Here is an example for Accounting members access: Top level folder "Evaluations". User permissions are "Evaluations Full Access" group has full control, "Evaluations Access" group has "List Folders/Read Data" access (inherited permission is off) Sub folder "Accounting" has "Evaluations full access group with full control, "Accounting Management" group with full control, and "Accounting members" with "List Folders/Read Data" for "This Folder only". Individual users files in the accounting folder has permissions for "Evaluation full access" full control, "Accounting Management" full control, and individual user full control. I'm trying to set it so that the CEO can get to all with full control, the accounting manager can get to all accounting with full control and the individual user in accounting can see their file and edit, but not see anyone else's. With this setup, the individual user does not see the top level folder when they browse to the folder path. I can manually type in the folder and it will appear. Also, if I manually type down to the individual folder and try to edit it as the user, I get access denied. Any advice on what I am doing wrong? Mike

Hello Mike, On the Evaluations folder: Share permission: Authenticate users = Read, Modify CEO/Admins = Full Control NTFS Permission: CEO and Admins = Full Control Authenticated Users: Go to Advanced, select this Folder Only with these permissions: Read Permissions, read extended attributes, Read attributes, List Folder/Read data. For Each subfolder => Accounting, Operations etc. Leave inheritance in place so Admins/CEO rights will be inherited. On each add the specif user groups and manager with the proper rights. Enable Access based Enumeration and you are good to go. What will happen is that users will only see their folders when they browse through Evaluations. They will have to see the Evaluation top level folder because that is like a door to let them in to their folders.Isaac Oben MCITP:EA, MCSE,MCC View my MCP Certifications