Windows

First do not change permission until you are told by your sup.

Some companys do remove everyone and replace it with domain users. That was Guest user can not see the users files on the servers.

At my place of work we set the user home folders for full access for Domain Administrators (Backups), for support team that supports that user (so that files old PC can be transferred to new PC and is the user leaves the file can be transferred to another user in that group) , and the user only.

The shared files for groups of users on a different drive letter. Again the Domain Administrators (Backups), for support team that supports that group, and member of that group only.

Shared files for the support teams on a different drive letter so that regular users can not get to installation files, drivers and documents. Again Domain Administrators (Backups), for support team
only.

Hope this helps

Good Luck in IT

Truthfully you are correct the admins should, and authenticated users should have rights to read& execute, read and write, but you do not want to change anything! Often times, Admins set drives or folder so that every authenticated user can have full access because they really don't want to bother with setting it up correctly. Possibly smeone else is also administering these folders and they have'nt taken the time to upgrade their account, etc, It is sometimes a pain to do things right. Also you may be at a place where security is not as high of a priority as other places. Your best bet is to talk with your Sup and ask a lot of questions. Questions have answers and that is how you learn in IT, ask Qs, lot of Qs.