Holy mouse droppings! Success! With a Vista machine no less. Removed the acl entry. Used domain\user.