I have a folder called ‘scanned’ that is shared. Share permissions full access for everyone. Folder security is full access for everyone.
I created user folders under scanned. Each sub folder has inherited permissions disabled. Permissions for sub folders is system, administrator and folder owners account. All have full access. Any other groups have been deleted like authenticated users or domain users.
The problem is one user can look at the contents of another users folder. I tried to explicitly deny one user in another users folder but they can still browse the folder.
I discovered a previous IT company has made all users members of the Domain Admin group. I removed all the users from this group.
I created a new shared folder called ‘test’ and created two sub folder for two users. I protected the sub folders as above and even went so far as to deny one user from accessing the other users folder but they can still browse the denied folder.
I am at a loss. Did access control get broken by everyone being domain admin? This is a Server 2016 Standard box. Thanks in advance