Folder Security

How can i stop users from accessing shared folders on the server which they have NO permissions too.. i even tried deny permissions and can still access folders or any other drive on the server

Running Server sbs 2003 (standard)
Windows IP Configuration

Host Name . . . . . . . . . . . . : SERVER
Primary Dns Suffix . . . . . . . : xxxxxxxxxxxxxxx.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xxxxxxxxxxxxxxx.local

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1D-09-1C-32-20
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.1.200
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.1.1
DNS Servers . . . . . . . . . . . : 10.1.1.200
10.1.1.1

all workstations are running Windows 7 professional
the server uses no-ip.org

There are possibilities that to some extent deny permission works. If not then you can go for advance settings. For that same right click on the folder and choose Properties > Security > Advance. In that you can remove the permission which inherit from C:\Windows. In that remove the tick from inherit from parent the permission entries that apply to child objects. You will receive a popup message. In that choose copy and remove. If you choose remove then it will wipe out all the permission and you have to then configure everything from beginning. A copy can restore this in future. After that every permission can be customized. Now go back to security and then configure the deny permission thing again.

update - when i logon as the user from the server all permisions to folders etc work as they are ment too, so it seems when the user logs onto the domain from there windows 7 workstation is when they seem to get the unrestricted access and have complete access to every file and folder on the domain - even when deny permisions or no permisions are on the folder.

btw I am MCSE but this has me stumped

ANY help would be appriciated

I got a blog on AGMP and I think that this might help you here in your issue. This simply looks issue with configuration of the Group policy settings. It describes giving out the most less privileges for a Child Domain, which matches with your problem. You can go through the blog and have look on the same. Basically if you have created a user account and if only that id is used to log in then there must not be issue.

AGMP