It can get really messy and confusing, but underneath it all, it's really not all that complex. The messy part is the old old legacy of the underlying system, which is cluttered a bit further by the front end.
A few principles:
1. You should have local accounts that have the same password as on the remote account. I.e. if you want "Joe" to be able to connect to your machine, then you need to create a local (non-administrator!) account called "Joe". If there is already a "Joe" on another computer who wants that access, it can get confusing as to which "Joe" is accessing the files -- is it the local one or the remote one? Which password should be used? The answer from the server's perspective is that it's always the "local" one, which means that the server's password is the one that matters, and if the remote password is different, then it's wrong and won't work. For this it's much simpler if you ensure that the "Joe" on any computer on your network has the same password.
There can be some issues with blank passwords and different versions of Windows -- some might not accept blank passwords across the network.
2. Share permissions are different from file/directory permissions. Basically you have the option to set permissions on both levels. Sometimes share permissions are open but file permissions are not -- so anyone can see the share, but not the files.
3. Permissions are usually better managed at the group level than at the individual user level. Of course to get into this, you get into user group management, but you might be able to keep this simple. (Esp. don't let the "administrators" group get crowded if you want to keep control!)
4. You cannot supply different credentials to a remote computer. E.g. if you connect to share A on computer C as "Joe", don't try to connect to share B on computer C as "Jill" from the same computer -- you need to disconnect "Joe" before trying to connect as "Jill".
5. Much of this can be done somewhat easily and more controllably from the command line. Look at "Net use".
E.g. To create a drive mapping x: to \\server\share as the user Joe:
net use x: \\server\share /user:Joe
(Password will be prompted.)
E.g. To disconnect the drive mapping x:
net use x: /delete
Note that a drive letter is not even necessary, but is often convenient for regularly-accessed folders and some picky software.