Hey guys so we have the following setup:
Setup
We are using Server 2012 R2
N:\ ---- drive
N:\Network ----- The root folder for all folders. This has inheritance turned off on its permissions. The ACL's are then configured as needed.
Under the Network drive there are multiple folders. Each of these folders inherits the permissions from Network, then a active directory security group is added to this for user access.
We are using ABE to hide the folders that users don't have access too.
-----------------------------------------------------------------------------------------------------------------------------
ISSUE
When a user moves a file from N:\Network\Folder1 to N:\Network\Folder2 the permissions of the file do not update or inherit the new folders permissions. Even though inheritance is set on the file when looking at the advance permissions.
Some users dont have access to Folder1 so are not in the Folder1 security group, therefore when the file is moved to Folder2 and it retains Folder1 permissions the users who are in the Folder2 security group dont see the file as ABE hides it due to them not being in the Folder1 security group.
I know this is by design but in windows 2003 and 2008 you could change this function, but I cant see a way of doing this on server 2012 so looking to see if anyone knows a way around this. I am thinking about creating a script that every day just pushes the permissions back down the folders.
Any other ideas would be great. Permission, File views and the system works great other than this one issue. Changing this would require a less organised and messy file system. I can understand in some ways why Microsoft would have file and folders function like this but at the same time would be great if there was an easy way of choosing the behavior as the administrator.