We have the following layout
•Shared Folder "Clients"
•Level 1 ("Client A"/"ClientB"/"Client C"/etc)
•Level 2 ("Folder 1"/"Folder 2"/"Folder 3"/"Folder4")
•Level 3 ("Word Docs / Spreadsheets / Raw Data / etc")
Users have a mapped drive and access the folders as follows:
Clients on server T:\Client A\Folder 1\Word Doc1.doc
Each Client folder has 4 sub folders at level 2 as shown above.
The problem we have is users are accidentally saving/moving/deleting folders at Level 1 and Level 2.
We have a group called Admin Staff who are the users who create the folders at Level 1 and Level 2 when a new client is added onto the system. These users need to create / delete / ammend all details at all levels.
All other users for example Domain Users must not be able to make any changes to Level 1 or Level 2 folders. However they must be able to work within the various folders at Level 3. At level 3 the users can create their own sub folder structure if they like and we are happy for all users to have read/write/modify at this level.
What is the best way to configure network permissions to achieve this task to prevent users moving folders by mistake or deleting client folders.
Thanks
Best Answer
This is what I would do:
Level 1 & 2 - Admin Group - Write, Modify, Read, etc. Users - Read, List Folder Contents, Read and execute
Bottom levels - Users - add Write and Modify permissions.
You can add permissions at the lower levels w/ no problems. Taking away permissions at lower levels is where you have to remove the inheritance and then copy permissions, then remove what you don't want.