I have a service account that has full control of a sub folder deep into a share. Access based enumeration is enabled at the root of the share and this service account has 0 rights at the root. An application that utilizes this service account is throwing access denied errors when trying to move/write files to the sub folders of the share.
Do I need to give permissions for this service account at the root to have them inherit down? Or, should permissions of subfolders suffice? Just wondering how the access based enumeration ties into the rights.
Yes, you need to give permissions on the root folder. An account that should access a folder must at least have read permissions on all the top folders. If not, this account can't even "know" this subfolder exists, so he will not be able to access it.
E.g. if you want your user to access \\myshare\folderA\myfolder, you have to add (at least) read permission on \\myshare\folderA.
If the target ist to hide this folder from other users: make it a share itself and hide it by adding a dollar sign at the end of the share name, like \\myshare\folderA$. This folder wont be listed in the explorer, and you can only access it by type in the path.