Ditch the web gui and edit the smb.conf directly and manage your own file permissions.
Here is how I am able to achieve exactly what you are looking for:
Public Share
Everyone can read and write
smb.conf
[Public]
comment = Public Storage
path = /shares/internal/public
hosts allow = 10.0.1.0/24
guest ok = Yes
public = Yes
writable = Yes
browseable = Yes
create mode = 0666
directory mode = 6777
force user = guest
force group = domainadmins
create mask = 0666
File permissions
u+rwxs,g+rwxs,o+rwx-s,-t
u+rw-xs,g+rw-xs,o+rw-xs,-t
Shared Share
Everyone can read and only members of the domainadmins group can write
smb.conf
[Shared]
comment = Shared
path = "/shares/internal/Shared"
hosts allow = 10.0.1.0/24
guest ok = Yes
read only = Yes
force group = domainadmins
force user = root
create mode = 0664
directory mode = 6775
write list = @domainadmins
File permissions
u+rwxs,g+rxsw,o+rx-ws,-t
u+rw-xs,g+rw-xs,o+r-wxs,-t
Private Share
Members of the domainadmins group can read and write
smb.conf
[Private]
comment = Private
path = /shares/internal/private
hosts allow = 10.0.1.0/24
read only = Yes
browsable = Yes
guest ok = No
force group = domainadmins
force user = root
create mode = 0660
directory mode = 6770
write list = @domainadmins
File permissions
u+rwxs,g+rwxs,o-rwxs,-t
u+rw-xs,g+rw-xs,o-rwxs,-t
NOTE
You will need to make sure you configure groups and users correctly on the server using adduser, addgroup, and smbpasswd. You will also need to make sure you have made a guest user on the server and mapped it in the smb.conf file. Check out the smb.conf manpages for more info.