Simplified situation – we have a department with 10 users which all have access to a shared network drive (Windows 2008 server). There are 30 folders under the main share folder. 10 of those folders are only to be accessed by the specific user and the other 20 accessed by everyone. I have created a group with all 10 users in it called “users_all”. Users_all has full security access to the main share folder.
Question – What is the best practice for setting up the 10 folders that are limited? Do I break inheritance for each of them or is there a better way? (I can't deny the group and then allow the user because "deny" takes precedence and the user doesn't have access.)