No matter how much you know, it is always good to revisit the basics every now and then. That said, I'd like to
submit a follow up to Adesh Rampat's tip, Plan before you assign permissions.
Regarding the tip, one explicit comment was not made that can be easily overlooked. That is, assigning "Everyone" to a resource means assigning everyone. To clarify, Everyone includes users like IUSR_computername and members of a foreign domain in a trust relationship with the local domain. (The IUSR_computername is the account that NT uses to authenticate web users accessing the system via IIS and trust relationships allow users from one NT 4 domain to access resources in another NT 4 domain. Win2k handles things differently).
The moral of the story is to strongly consider the use of the Everyone group and keep in mind exactly who all it includes, and consider explicitly denying these users, IUSR and trusted domains if using the Everyone group is necessary.