Problem: When applying Windows auditing permissions at the root of a NetAPP CIFS share (\\NetApp\Share), you receive an 'Access Denied' error for every file and folder contained in that particular share's snapshot folder (\\NetApp\Share\~snapshot).
Discussion: The snapshot folder, which is a hidden folder in Windows (\\NetApp\Share\~snapshot\), is a read-only file on the NetApp Filer. Even if you grant yourself full permissions in Windows, you will still receive an "Access denied" error for files & folders within the snapshot directory. You can also grant your windows domain account full access on the filer, but you will continue to get the Access denied errors. The only way around this is to hide the snapshot folder from WIndows using the Filer's command line interface.
My environment is WIndows Server 2012R2 with Netwrix Auditor 7.1 (build 329), NetApp 8.0.5 in 7-Mode.
Solution: From your filer, turn off showing the snapshot folder by logging into your filer(s) as root, and using the the "options cifs.show_snapshot" commands (see example below) to toggle the feature on or off. You can use the command "options cif.show_snapshot" to display its current status, and add the variables 'on' or 'off' at the end of the command to change whether or not the snapshot folder is displayed in Windows. When you toggle it, the command will not provide you any output/feedback, and will just return you to the prompt. You must perform this operation on any partner filers as well for it to work.
Start Putty Session and login as root:
NetApp> options cifs.show_snapshot
NetApp>options cifs.show_snapshot off