…can’t you turn on auditing of the manipulation of share permissions directly either through GUI or code?
By this, I mean the permissions on the share, not permissions on the files and folders in the share. This may seem odd, but maybe, just maybe you want to know WHO is changing permissions on the share.
Just thinking out loud here…
joe
There are countless many reasons that I tell people to not use share permissions but instead use file system permissions. This was never on my list, but if I get a chance to look at the code and confirm it is true, it will be in the future.
My main reason that I use NTFS perms instead of file share, though, is simple: troubleshooting. It means all of your interesting ACLs are in the same place.
Makes life a heck of a lot easier when you are trying to figure out why someone doesn’t have the correct access to some resource.