|Shares don't have passwords. That went away after Win98 since it is unsecure whereas server is secure.|
User passwords concern authenication to the server/active directory. This gets them in the door. How you assign permissions to shares/folders decides what they can access on the server and at what level [full permissions/readonly whatever].
You can set when the user password expires or they can change it themselves after they have logged in by pressing control-alt-delete and selecting the button change password
I would suggest buying a 2003 server book.