Ok looking for some help here as I cannot figure this out..
I want the following setup using DFS and ABE....:
DFS\Staff\Areas - Read Only to all
DFS\Staff\Areas\SLT - FC to SLT members only - everyone else - No Access
DFS\Staff\Areas\%department% - FC to appropriate departments only - everyone else - Read Only....
But if i set the FC on the "areas" share - All subfolders end up as FC - despite the ABE and NTFS Permissions..
Setting it to RO has similar result - everything is RO...
What Share/NTFS permissions/inheritence should I set where? :(
On holiday so can't remember exactly how we ended up doing this... but from what I remember the major thing we forgot at first was the difference between the share itself, and the DFS permissions. At the root DFS level we set staff to have RO access to 'This Folder Only', then used dfsutil to grant RO rights to the relevant DFS links below it, otherwise ABE would show all folders regardless of their source NTFS permissions.
On the share permissions, set the staff group to have FC, let the NTFS permissions do the work. On the NTFS permissions, make the Staff RO in that folder only, then add the permissions necessary on the folders below, SLT, English, etc.