Since security is in File System, if you delete an user/group, the rights will still remain on file system. Windows identify users by an internal identification instead the account name. SID is dynamically generated to avoid collisions (in a scope).
If you have a tool that can change an account SID to a deleted one, this account will have access to those files. Period.
BTW, leaving rights on directory (or resources) of dead users is the most stupid way to administer security. So, you can use this "exploit" only against dumb administrators.

And against those guys, you can get access on an easy way, such "standard" passwords, or even basic social engineering