diff --git a/LiamNtfs/C4IT.LIAM.Ntfs.cs b/LiamNtfs/C4IT.LIAM.Ntfs.cs
index 1b8180a..ea8d3d1 100644
--- a/LiamNtfs/C4IT.LIAM.Ntfs.cs
+++ b/LiamNtfs/C4IT.LIAM.Ntfs.cs
@@ -896,12 +896,33 @@ namespace C4IT.LIAM
             bool ensureTraverseGroups = false,
             bool whatIf = false)
         {
-            if (!IsPermissionManagedFolderPath(folderPath))
+            var classification = ClassifyPath(folderPath);
+            if (!IsSupportedPermissionManagedPathKind(classification, eNtfsPathKind.Folder, eNtfsPathKind.ClassicShare, eNtfsPathKind.DfsLink))
             {
                 return Task.FromResult(new ResultToken(System.Reflection.MethodBase.GetCurrentMethod().ToString())
                 {
                     resultErrorId = 30008,
-                    resultMessage = $"NTFS permission ensure is only supported for folder paths. Shares, DFS namespaces and server roots are skipped: {folderPath}"
+                    resultMessage = $"NTFS permission ensure is only supported for folder and share paths. DFS namespaces and server roots are skipped: {folderPath}"
+                });
+            }
+
+            string matchingConfigurationKey;
+            string matchingRule;
+            if (IsPathBlacklisted(classification, out matchingConfigurationKey, out matchingRule))
+            {
+                return Task.FromResult(new ResultToken(System.Reflection.MethodBase.GetCurrentMethod().ToString())
+                {
+                    resultErrorId = 30008,
+                    resultMessage = $"NTFS permission ensure skipped for '{folderPath}' due to AdditionalConfiguration rule '{matchingConfigurationKey}={matchingRule}'."
+                });
+            }
+
+            if (!IsPathWhitelisted(classification, false, out matchingConfigurationKey, out matchingRule))
+            {
+                return Task.FromResult(new ResultToken(System.Reflection.MethodBase.GetCurrentMethod().ToString())
+                {
+                    resultErrorId = 30008,
+                    resultMessage = $"NTFS permission ensure skipped for '{folderPath}' because no AdditionalConfiguration whitelist matched."
                 });
             }
 
@@ -915,7 +936,12 @@ namespace C4IT.LIAM
                 writerSids);
             engine.WhatIf = whatIf;
 
-            return Task.FromResult(engine.ensureDataAreaPermissions(ensureTraverseGroups));
+            var allowTraverseGroups = classification.Kind == eNtfsPathKind.Folder && ensureTraverseGroups;
+            var resultToken = engine.ensureDataAreaPermissions(allowTraverseGroups);
+            if (!allowTraverseGroups && ensureTraverseGroups)
+                resultToken.warnings.Add($"Traverse groups are currently only ensured for folder paths. Traverse processing was skipped for '{folderPath}'.");
+
+            return Task.FromResult(resultToken);
         }
 
         private DataArea_FileSystem CreateFilesystemEngine(
@@ -985,9 +1011,19 @@ namespace C4IT.LIAM
         }
 
         public bool IsPermissionManagedFolderPath(string path)
+        {
+            return IsPermissionManagedPath(path, eNtfsPathKind.Folder);
+        }
+
+        public bool IsPermissionManagedSharePath(string path)
+        {
+            return IsPermissionManagedPath(path, eNtfsPathKind.ClassicShare, eNtfsPathKind.DfsLink);
+        }
+
+        private bool IsPermissionManagedPath(string path, params eNtfsPathKind[] supportedKinds)
         {
             var classification = ClassifyPath(path);
-            if (classification == null || classification.Kind != eNtfsPathKind.Folder)
+            if (!IsSupportedPermissionManagedPathKind(classification, supportedKinds))
                 return false;
 
             string matchingConfigurationKey;
@@ -998,6 +1034,14 @@ namespace C4IT.LIAM
             return IsPathWhitelisted(classification, false, out matchingConfigurationKey, out matchingRule);
         }
 
+        private static bool IsSupportedPermissionManagedPathKind(cNtfsPathClassification classification, params eNtfsPathKind[] supportedKinds)
+        {
+            if (classification == null || supportedKinds == null || supportedKinds.Length == 0)
+                return false;
+
+            return supportedKinds.Contains(classification.Kind);
+        }
+
         private IEnumerable<IAM_SecurityGroupTemplate> BuildSecurityGroupTemplates()
         {
             var templates = new List<IAM_SecurityGroupTemplate>();
diff --git a/LiamWorkflowActivities/C4IT.LIAM.WorkflowActivities.cs b/LiamWorkflowActivities/C4IT.LIAM.WorkflowActivities.cs
index a1633cc..86d75d5 100644
--- a/LiamWorkflowActivities/C4IT.LIAM.WorkflowActivities.cs
+++ b/LiamWorkflowActivities/C4IT.LIAM.WorkflowActivities.cs
@@ -909,7 +909,7 @@ namespace C4IT.LIAM.Activities
         public InArgument<Guid> ConfigID { get; set; }
 
         [Category("Input")]
-        [DisplayName("Folder Path")]
+        [DisplayName("Path")]
         [RequiredArgument]
         public InArgument<string> FolderPath { get; set; }
 
diff --git a/LiamWorkflowActivities/LiamWorkflowRuntime.cs b/LiamWorkflowActivities/LiamWorkflowRuntime.cs
index 71a1ce5..0af5c1e 100644
--- a/LiamWorkflowActivities/LiamWorkflowRuntime.cs
+++ b/LiamWorkflowActivities/LiamWorkflowRuntime.cs
@@ -420,7 +420,9 @@ namespace LiamWorkflowActivities
             if (!IsAdditionalConfigurationEnabled(provider, "EnsureNtfsPermissionGroups"))
                 return true;
 
-            foreach (var ntfsArea in dataAreas.OfType<cLiamNtfsFolder>())
+            foreach (var ntfsArea in dataAreas
+                .Where(dataArea => dataArea is cLiamNtfsFolder || dataArea is cLiamNtfsShare)
+                .Cast<cLiamNtfsPermissionDataAreaBase>())
             {
                 var folderPath = ntfsArea.TechnicalName;
                 if (string.IsNullOrWhiteSpace(folderPath))