Ditch the web gui and edit the smb.conf directly and manage your own file permissions.

Here is how I am able to achieve exactly what you are looking for:

Public Share

Everyone can read and write

smb.conf
[Public]
comment = Public Storage
path = /shares/internal/public
hosts allow = 10.0.1.0/24
guest ok = Yes
public = Yes
writable = Yes
browseable = Yes
create mode = 0666
directory mode = 6777
force user = guest
force group = domainadmins
create mask = 0666

File permissions
u+rwxs,g+rwxs,o+rwx-s,-t
u+rw-xs,g+rw-xs,o+rw-xs,-t

Shared Share

Everyone can read and only members of the domainadmins group can write

smb.conf
[Shared]
comment = Shared
path = "/shares/internal/Shared"
hosts allow = 10.0.1.0/24
guest ok = Yes
read only = Yes
force group = domainadmins
force user = root
create mode = 0664
directory mode = 6775
write list = @domainadmins

File permissions
u+rwxs,g+rxsw,o+rx-ws,-t
u+rw-xs,g+rw-xs,o+r-wxs,-t

Private Share

Members of the domainadmins group can read and write

smb.conf
[Private]
comment = Private
path = /shares/internal/private
hosts allow = 10.0.1.0/24
read only = Yes
browsable = Yes
guest ok = No
force group = domainadmins
force user = root
create mode = 0660
directory mode = 6770
write list = @domainadmins

File permissions
u+rwxs,g+rwxs,o-rwxs,-t
u+rw-xs,g+rw-xs,o-rwxs,-t

NOTE
You will need to make sure you configure groups and users correctly on the server using adduser, addgroup, and smbpasswd. You will also need to make sure you have made a guest user on the server and mapped it in the smb.conf file. Check out the smb.conf manpages for more info.