Im finding something really hard to get my head around regarding ACL on my share folder

Basically im setting a mapped drive from a share,
now ive got my users in a Global group and got my ACL group setup as Domain Local group, so as you can imagine i place my global users within the domain local group for the share so they can save work to the mapped drive!

its all works. but i dont want them to see file permissions when they right click on a file or folder. (petty i know) but im sure it can be done.

so far the only permissions set are administrators and system group full control and my ACL domain local group only has

Traverse Folder / Execute File
List Folder / Read Data
Read Attributes
Read Extended Attributes
Create Files / Write data
Create Folders / Append Data
Write Attibutes
Write Extended Attributes

there is no where in the ACL of the drive have i set

Read Permissions
Change Permissions

for the ACL Domain Local group for my users. not even on the root of the drive.

so when i goto login as a user they can access the drive. create files and folders this is fine and delete is fine too. but if i right click on the any file or folder i can read permissions

if i create a folder or file directly from the share on the server under administrator. i got back to the client computer and log in as a users and it denies me to read permissions. which is what i want

it seems that if a users creates a file or folder they can read permissions but if its created by administrator on the server they cant!

ive even checked on the effective permissions and the

Read Permission
Change Permission

are ticked but i cant see where it is inheriting this from!

am i missing something here?


BTW my share permission is set to change and not full control for the users