We have a 2008 R2 file server. It has a share in which only Domain Admins have full control. Domain Users have Read and execute, Lister Folder content and Read. The only other group in the list that has full control is the local administrators. However we discovered that our domain users can write to this folder. When we test effective permissions, the domain users group is correct. But if we test effective permissions for any individual user, they have full control. We are quite baffled at this point.