Current environment setup:
Server1 - used for storing all users HOME DIRECTORIES
Server2 - used for storing all departments Shared Directories

I have an issue where by our current shared folders was initially setup by
assigning containers with almost full trustee rights to the shared folder.

I do not recommend accessing a folder and gaining permissions this way as
you do not have much filtered control if you set full rights at the root
level of the shared folder via the CONTAINER.

The problem we have now is that 2 years later has passed and the data
structure has grown huge levels down (sub-folders-within-subfolders) and
we are now getting requests that only specific users should see a specific

I do not want to start using IHF as it hard to find out who owns what and
it does not reflect any consistency.

I am looking at heavily using groups to be created and by this the users
gain access to the shared folder according to what rights the specific
group has to that shared folder.

I do NOT want users to have the right to create folders but i DO want them
to be able to create files, edit & filescan.