I've raised this problem in another question, but didn't get any answer, but now I found the specific problem:
I ran into the problem on my server (SBS 2003) first when trying to control permissions at file level. I thought I did something wrong on the server so I recreated the scenario on my home computer (Windows XP Pro). I'll try to explain as good as I can:
On my home computer I have one account lets call it "Mainaccount" it has administrator rights.
I then created account number 2 called "Testaccount". It has limited rights.
When loggen in as "Mainaccount" I created a folder: "c:\testfolder"
In testfolder properties, open security tab, advanced, remove inheritance. Clean all permissions, then add "Mainaccount" full control, add "Testaccount" full control.
ok move a file into "c:\testfolder". eg. "test.txt".
Open properties for test.txt go to security tab, advanced. remove inheritance, clean all permissions, add "Mainaccount" full control. Click ok.
Now you are in the security tab and not in advanced. Add "testaccount" and click "read". Click apply.
Just to check everything go to back into advance tab, and choose the "Effective Permissions" Tab. Now Choose the "Testaccount" and see that it has only read permissions. Click "ok" until you are out.
Log off, and log on as "Testaccount" go "c:\testfolder". You can see the "test.txt". It should be write/delete protected. However choose it, push delete and its gone.
My question... How can that be???