We're having a problem where a user moves a file or folder from their My Documents (which is redirected to the server) and then they become the owner of the file/folder. When I log into the server using our Administrator's account (username is not Administrator) I can apply a different security group to a given folder but it returns "Access Denied" errors when it hits the files and folders that I'm referring to. These files and folders were transferred to this "public" shared folder by someone in the SBS Users group, not the Administrators group so I can't understand why I'm unable to take control of those files/folders.
I think this problem has something to do with the NTFS permissions because we are allowing everyone to have Full Control on the sharing/SMB permissions. I understand it's a best practice on SBS 2008 to control file and folder access through NTFS permissions only.
I'm sure someone will ask whether or not we are using the SBS file sharing wizard. Yes, we used it to establish what you might call the root share or the top level share but we are using NTFS permissions (not the wizard) to gain more granular control over who has access and who does not on subfolders contained inside the original "top level" share. We are trying to avoid nested shares since I strongly dislike when users have more than one way to access the same file. Nested shares get very confusing to everyone involved.