Its been a while since I studied this topic but I remember there is a BEST PRACTICES way of setting up a new share on a folder in Windows Server 2003.
When you set up a Folder for sharing the first time, there is a PERMISSIONS Button on the SHARING Tab. When you press the button it opes a window with Everyone in the top group with READ rights, by default I believe.
Then there is the SECURITY Tab. WHen you open that window it has the Regular Security settings window with SYSTEM and OWNER etc. with a long list of rights that can assigned to the selected user or group.
The question is then...Should the PERMISSIONS button be used at all in a normal Windows 2003 Active Directory Domain? And if so...how? IE: Remove EVERYONE ?
Then ad the Everyone Item back in Under the SECURITY Tab? And others as appropriate?