Set NTFS permissions on the vault

Vault folders must have adequate NTFS permissions, including permissions for the Local System (SYSTEM) account. The Windows Search service runs as the Local System account to index permissions. By default, the Local System account has full control to all mounted volumes, folders, and files.

You can restrict permissions on some of the vault folders, but you must make sure that all permissions for users and the SYSTEM account are on the top folders defined as vault locations. You define restrictions by breaking inheritance in subfolders. When you break inheritence on a subfolder, no permissions are on that folder. You must add the SYSTEM account with full control, and add the appropriate user permissions for that level and its sublevels. Before breaking inheritance, take note of existing permissions in case you need to reapply them.

You assign and verify permissions to the vault or parts of the vault using the Windows Explorer Properties dialog box, and establish inheritance using the option Replace all child permission entries with inheritable permission entries from this object.

For details on setting permissions, see Microsoft TechNet.

---