This article describes the logic of applying different access permissions and their combinations.
How it works
1. Restrictive rules override the allowing ones;
2. Any user account not explicitly listed in an access control list (ACL) gets blocked by default.
Wrong unless you don't want to block access for everyone: 'Everyone:No access entry does not mean 'everyone except the accounts from the list'. It means 'everyone including those listed'.
Right: All accounts are blocked but for those that belong to 'Users' and 'Administrators' groups.
*In some cases it might be required that you add 'SYSTEM:Full control' entry for hard- or software to function properly.