I can see still lots of resources on the web that state its best practice to set "Everyone\Full Control" at the share level and restrict access using NTFS permissions.
I can remember this being taught in the training courses back in the day, but I thought in the last decade, this was no longer the recommendation.
I've always mirrored the NTFS permissions on the share. I never use "Everyone" permissions on the Share or folder unless its specifically needed and the data isn't important (which has been never until this point in my life).
Can anyone point me in the direction of official Microsoft documentation that supports either scenario. Happy to be proven wrong.
I've always based this on the premise of least privilege. It's not least privilege if you given "Everyone" rights.
It also offers a level of protection if you do then set the NTFS permissions incorrectly which is why this question is being asked.
Too many instances of the NTFS permissions being set incorrectly, being compounded by the Everyone permissions on the share.