Does anybody know a way to force that all files that get created inside some folder inherit the NTFS permissions of that folder.
The problem is the following:
I have a third party software that is creating PDF files inside a certain folder, but the problem is that those files get created with only the permissions for that user and for the administrators group, the file doesn't inherit the permissions of the folder it is in (Include inheritable permissions... is not marked on the files that get created), which give access to other groups of users also.
As a temporary solution to the problem I created a .bat with
icacls "folder_path*" /inheritance:eand have put that in Task Scheduler.
If anybody else comes to a better idea, please post it in the answers.
EDIT: The problem was that the PDF file was first created in %appdata% folder and then it would get moved in the custom folder on the same drive and therefore would keep the original permissions it had in the %appdata% folder.
I created a new folder on another drive and the file inherits the permissions of the folder where it is saved(since moving on another drive is actually first copying and then deleting the original file).
I was looking for the same problem. People create a file/folder on their desktop or somewhere else on the network and copy the files to an area on the network that has strict network security policies - and the permissions would follow the files from where they originated and we would have to manually initiate the "inherit permissions". This is not a good overall solution. I read a little bit here - maybe this will help someone: How to use ADsSecurity.dll to add an access control entry to an NTFS folder [archived from microsoft.com on 2014-08-27]