Here's my discovery for today. DotNet 2.0 is great in that you can set permissions on folders and files programmatically. So I've got a routine that assigns permissions that looks like the following, and I'm happy with it and it's working well.

    Private Sub AddDirectorySecurity( _
                ByVal sDirName As String, _
                ByVal sAccount As String, _
                ByVal oRights As FileSystemRights, _
                ByVal oControlType As AccessControlType)

        Dim oDir As DirectorySecurity = Directory.GetAccessControl(sDirName)
        oDir.AddAccessRule(New FileSystemAccessRule(sAccount, FileSystemRights.FullControl, AccessControlType.Allow))
        Directory.SetAccessControl(sDirName, oDir)
    End Sub

Well, now I want to use the routine to add a permission on a folder to the "users" group that's built in to windows. What happens when I try? A nasty IdentityNotMappedException exception. How could this happen? I know the account exists, and I know (or at least I think I know) that it's spelled correctly. (JLYNDS\Users).

Many minutes of fruitless googling ensues until...at last...eureka! I find the answer. Since "users" belongs to that special class of group, the "built in" group, instead of using machine name\group name as the account, I need to use the word "builtin" as in "builtin\Users".

Who woulda thunk it?