I prefer to use the advanced sharing button to manage the share permissions, and the security tab to manage manage NTFS permissions.
In a server environment I would recommend using groups (local or Active Directory) wherever possible. That way you can organize access by role using meaningful names. For example AccountingTeam-Update, AccountingTeam-ReadOnly, Engineering-Update, and Engineering-ReadOnly.
When an employee leaves the company and his AD account is deleted then I don't have dead SID's all over my file system.
Review a user's access with the Effective Access tab.