NTFS: User can edit/delete files without rights

windows ntfs active-directory file-server icacls

I have experienced a similar problems two months ago, this thread may be helpful to you.

I would first check if this happens for all files or only files that are owned by the user (change the owner to see if it still persists), as suggested by Daniel.

I would then try to set the permissions as described in the other thread, but using the detailed preference pane in Windows (Button Advanced in the lower right corner) and the Sharing tab (I don't know for certain if this is how it's done in Windows Server, in Solaris it is done this way). The basic idea is (quote from the second linked thread):

The owner is always allowed to change ACLs on her objects. You can prevent this for shared content by using a share which is only allowing "Everyone:Modify" permissions as this will "filter out" any change ACL requests at the share level. If you want to allow your Administrators to change ACLs, just add "Storage Admins:Full Control" to the share permissions.

Related

btrfs increase raid capacity by replacing disks (and not adding disks!)
How does AWS configure the 169.254.169.254 address on an instance?
Let's Encrypt certbot - add a new domain to certificate
Fortinet SSL VPN Client Setup Without GUI on Linux (Ubuntu)
Passive mode issue with vsftpd on Ubuntu (EC2)
How to attach an interface to an instance with the openstack client?
Calling lvcreate from inside the container hangs
Why is ab erroring with: apr_socket_recv: Connection reset by peer (54) on OSX?
OpenSSH client keeps sending RSA key instead of ECDSA
Latency on a small Linux NFS4 client/server system
Can a local DNS cache be configured to use stale records when upstream fails?
ldap_result: Can't contact LDAP server (-1)