NTFS: User can edit/delete files without rights
I have experienced a similar problems two months ago, this thread may be helpful to you.
I would first check if this happens for all files or only files that are owned by the user (change the owner to see if it still persists), as suggested by Daniel.
I would then try to set the permissions as described in the other thread, but using the detailed preference pane in Windows (Button Advanced in the lower right corner) and the Sharing tab (I don't know for certain if this is how it's done in Windows Server, in Solaris it is done this way). The basic idea is (quote from the second linked thread):
The owner is always allowed to change ACLs on her objects. You can prevent this for shared content by using a share which is only allowing "Everyone:Modify" permissions as this will "filter out" any change ACL requests at the share level. If you want to allow your Administrators to change ACLs, just add "Storage Admins:Full Control" to the share permissions.