when I saw SMB in the title, I was thinking "Samba" or windows networking in general.
OK so "yet another TLA" re-purposed to "yet another definition" on top of the others, even within the same technical realm, just to make things even MORE confusing.
That being said, removing 'admin' access on SMB shares is a *GOOD* thing. Here's what _I_ like to do:
a) host SMB shares on Linux or FreeBSD servers. Make them READ-ONLY via Samba's config.
a.1) alternately do that with a LAN-only web server, so people can view the files via https
b) to update a file on an SMB share like described in 'a', use scp or rsync [preferably from within Cygwin]. A script to do this somewhat automatically (to sync local to remove storage) would help.
b.1) similarly, a "put file" transaction via a web server to add/update or even remove a file, which is less secure but would require an actual login and, perhaps, more easily support transaction-based updates.
c) if that's too difficult for people to work with, IT can wrap a UI around it with a scripting language of some kind.
d) set up transaction-based backups for really important files, so you can revert them easily. Do *NOT* allow access to the backup directories outside of the server's management, and do NOT use a windows machine for the backup!
A properly set up network COULD do things LIKE this, and users aren't "too dumb" to follow some proper procedures with respect to important data. Yeah it requires some IT effort but there ya go.
[other similar kinds of things could be done, too, just saying what _I_ would do]