I have a SAMBA server running RHEL5 with SELINUX on permissive
SAMBA server is member server of 2003 AD domain
Using ADC security

I have a test share that within linux
default owner is root
default group is root
default chmod is 770
default ACL for user is rwx
default ACL for group is rwx
default ACL for other is ---

Within SAMBA for this share:

force group = root
read only = No
force create mode = 0770
force directory mode = 0770

Samba version is 3.0.25b-1.el5_1.4

In XP the ACLs are as expected, specifically Everyone has blank rights to any file within this share.

However if I create a file from an XP client within the share and look at the Properties/Security of the file, Everyone has Read access!

I am not sure how Windows is interpreting the LINUX ACL or SAMBA file properties, and would like to be able to remove Read access to Everyone

what are the linux perms of said file ?

the way windows interprets the acl settings is not perfect, but it only matters what's set on the server !

I'd make sure samba creates the files with the correct linux perms and not care about what' s visible on the clients as long as they show correct behavior.

I don't have an answer, but i do strongly suggest that you move away from using root as the owner and group. Instead create a lower privileged owner and group.