We are using an Iomega file storage which is connected to our network. Our Windows Domain Controller is creating a share to this file storage, so our Windows users can easily access the share using \domaincontroller\share
When those users create a new folder, the file/directory permissions are inherited from the parent's folder. Everybody can read/write in their newly created folders, which is perfect.
When a Mac user (which is directly accessing the file storage) is creating a new folder, special permissions (read/write for current user) are applied and no else can write files in this newly created folder. The only way to solve this, is to RDP to a Windows console and reset the ACL's.
What's the best practice to solve this problem?
Best Answer
By default, Active Directory objects inherit ACEs from the security descriptor located in their parent container object. Inheritance enables the access control information defined at a container object in Active Directory to apply to the security descriptors of any subordinate objects, including other containers and their objects. This eliminates the need to apply permissions each time a child object is created.
If necessary, you can change the inherited permissions. However, as a best practice, avoid changing the default permissions or inheritance settings on Active Directory objects. For more information, see Best practices for assigning permissions on Active Directory objects and Changing inherited permissions.