We have a shared network drive running Windows Server at work.
One of the folders contains sensitive information that should only be visible to a small group of people.
The problem is that if one of those people copy and paste a folder that has read permissions for everyone into the sensitive folder, anyone will be able to access that folder if they go directly to the full path.
If there any way to set up the file server to make 100% sure that all files and folders created or copied anywhere in the tree under x:\sensitive will have the same restricted rights as x:\sensitive?
Best Answer
Please see the file system options documented in this Microsoft Support article: How permissions are handled when you copy and move files and folders
The following setting will alter the default behavior and will preserve the ACL during a copy operation.
Note that this must be configured on the client end, so you may use Group Policy Preferences, or something similar, to push it out.
Also related on Serverfault: