I'm in a quandary... I'm the netadmin for a small school district, and we are trying to establish a directory to be shared by all staff district-wide. My problem is in blocking the file rights from the Student OUs in each school; for example:

At the Junior High, the JRH.{root} OU has child OUs Teachers.JRH.{root} and Students.JRH.{root} - I have some accounts in the JRH OU, so I've granted that OU as well as the Teachers.JRH OU trusteeship to the shared folder, with only File Scan and Read rights. However, these rights are also flowing down from the JRH OU to the Students.JRH OU, showing up when I look at the effective rights to the shared folder.

How may I block the file trusteeship rights bestowed on the JRH OU from flowing down to the Students.JRH OU? I've tried adding the Student.JRH OU as a trustee to the folder, with no rights granted, but the inheritance from the parent OU overrides this.

Assistance will be greatly appreciated.