Hello, I was under the impression that if I grant a user Full Control over their Network Folders, that they could, from their workstation, right click on a folder that they have full control over, and change the permissions access to that folder. While they can see the folder, they can access the Security tab, they can see who and what has permissions, when they change anything or remove users and groups from the Security folder, they get an ACCESS DENIED error. The folders are not accepting permissions from the parent folder, that has been removed. Any suggestions or is this just not an option? Thanks!

Is that some kind of mounted drive? What permissions are assigned on Share? What NTFS permissions are assigned on that NTFS folder??MCITP: Enterprise Administrator; MCT; Microsoft Security Trusted Advisor

It is a local drive connected inside the system, not say a USB or SAN/NAS. There are no Share permissions on this folder though this folder does reside within a server share. This folder is assigned to NOT inherent any permissions from the parent folder. The actual folder Security consists of Owner, System, Administrators Group and the User by name only. Owner has no permissions assigned as by default. System has all permissions assigned by default. Adminsitrators group was added and has all permissions. User was added and has all permissions. From the server i have no problem changing the permissions as expected. From the Users workstation he cannot change the security at all even though he has been assigned and given all permissions. Thanks

But what are permissions on a server share? To get an access, network users are checked at both Share and NTFS levels.MCITP: Enterprise Administrator; MCT; Microsoft Security Trusted Advisor

The Share folder is called Data and all users can go into the Share folder to Read/Write/Modify/Create etc. No one except the Administrator has the Full Control option. I was hoping that by having this the users could go into their folders and control the Security options if the folder, for example, Data\John Doe, has the Security set for that particular user John Doe, set to Full Control without inheriting permissions from the other folders. So if the share is so open, the security would be able to limit who and what can do to a folder. I hope that i dont have to give the user Full Control of the Data folder, that would give them too much power and is not an option. Obviosuly I am missing something here. Thanks again for the assistance.

In fact, I always assign no more than Change/Modify for Users. Otherwise, they will screw permissions for sure.MCITP: Enterprise Administrator; MCT; Microsoft Security Trusted Advisor

Hmm, the strange thing still is that the users cannot change anything at this point. Imagine if this were a multi location, 10,000 user company, how would you assign say the HR person to change some permissions for certain groups? If you as the admin had to do this, it would be a full time job in and of itself. While I agree with you on the permission types, my problem is that the end users cannot do anything to their own folders. Seems strange.