How to Secure Shared Data on a Windows Computer
There's three sets of rules that govern file-level security on Window.

Rule 1. Share-level security is additive unless there's a "Deny". A user's permissions for a file share are the Most Permissive possible.

If the Everyone Group has the Read permission on a Share, and the Dialup Users Group has Full Control, and I'm a member of Dialup Users, I inherit Read and Full Control.

There are 3 share-level permissions. Share Permissions are only set at the Folder Level:

Obviously, Denies shouldn't be set unless you REALLY mean it.

Rule 2: NTFS-level security is additive unless there's a "Deny". A user's NTFS permissions for a file are the Most Permissive possible.

There are six File/Folder Permissions for NTFS:

Deny permission still exists, and should only be used to absolutely prevent a behavior.

Rule 3: The combination of NTFS and Share permission is Subtractive, always resulting in the most restrictive combination of permissions.

If I'm a member of Dialup Users, and as such I have Full Control Share permission, but Dialup Users have only Read, Read and Execute and Write NTFS permissions on a the folder that's being shared, the net effect is that I cannot Delete anything, as I do not have the NTFS modify right. I can still write to files that already exist.
Do you want a boat load of useless paper or years of practical experience? As it happens I have both.

This site consists of computer related discussions and the occassional bit of computer news. Mostly it is the place where I hang out with my friends.
Redhill has been documenting the advancement of computer technology for many years now. Combined with excellent technical information, the anecdotal writings of our Aussie friend is worth your time. Please navigate to their hardware guide.