If you have a series of folders on a file server that need different access levels by different users, what is the best practise for setting the folder permissions? Should we add the users directly to the security tab for each folder and set their permissions accrordingly? Or create a read only group and read/write group for each folder and add users to those groups?

This could depend on your particular setup and the complexity of access levels that you need for invidual users/folder. But in general it would be advisable to use a security group basedaccess right management for a domain environment. Not only is this a more scalable solution, its more secure in the sense that it reduces the risk that you may run into while removing access rights for individual folders/users. In other words,it reduces the risk of human error.