One of the biggest problems I have seen is users who prepare files under "Desktop" on their local machine (NT4/ Win2k, NTFS), then move/copy them to the server.

When you copy files in NT / Win2k, it attempts to copy the permissions. It often fails to do so, because the files were originally owned by a local user who doesn't exist on the server. In this case, the files end up with severely limited access.

Encourage people not to prepare files under "Desktop" - as this directory is normally restricted. Either encourage users to prepare files directly on the server or in another, unprotected directory locally, then when they move them to the server the permissions will be more appropriate.