Thanks to you both for your reply. It would be nice to get him on group shares and I have tried. Special permission can be 6 or 7 subfolders down and scattered. I've been planning on changing the parent folder permissions from the "user" group (all domain users) to a new group for his normal employees. Restricted user in a different group. I will have a bare metal backup with NTFS permissions before considering to attempt that. At this point, major changes with groups in the file/folder permissions could be an issue. These permissions and the "user" group were originally set on a 2k domain server. I did migrate him from 2k to 2003 r2 and then to 2012r2. With that many files, it could a few hours if no problems to a couple of days with problems to get all of the files and folders permissions set. It's mostly a terabyte of documents. I do agree with using user groups and group shares. Between that and group policy, it makes administration easy. My main concern with this is there is no structure and a stubborn client that will not allow it. As well as the file/folder security was set by a legacy OS. And I'm not able to be at his office during the day. I work as an IT admin in a healthcare environment during the day. I've held on to a few clients from when I worked for myself full time. Maybe you can see my frustrations.