ACL questione


I have been trying to get the permissions panned out for the systems I administer. I know I really need a guide to best practices from the ground up.

I am wondering if anyone might know of a good resource blog, article book...

Also a big question that I have not been able to find through google is...

I seem to be close with my ACL entries, however I still have to go back in and propagate the ACLs from the sharepoint.

I think the problem is the sharepoint permissions are correct, but users are adding files/folders that have bad permissions on them.

I don't know which way to pursue...
I have heard about two different things that seem like they might point to the answer. First something about inherit permissions only works when there is some kind of flag telling the item to inherit. Secondly umasks, that define permissions on creation of files.

I am thinking maybe I should bind user stations to my server to control the umask on client machines from a central location(otherwise administration seems like it might turn in to a real chore having to go work on each client).

Does it seem like I am heading in the right direction?

Thanks a million!

May God bless you unto salvation through faith in the work of Christ on the cross, Jesus is the only way!


After doing more reading, it seems I might be able to refine my question to specifically...

How can I force files that are copied from a users station to a share point inherit the permissions of the folder it is being placed in?