IIS 7 Permissions issue

We are using w2k8 for our internal Intranet server.  We want to restrict some of the subfolders to specific a domain group.

We have Windows authentication enabled (anonymous is disabled).  The NTFS permissions on the folder are set as follows:
 - WebAdmins = Full Control
 - RegistrationStaff = Read & executie, List folder contents, Read

WebAdmin users and RegistrationStaff users are given a "500 error". If I add "Domain Users" or IIS_IUSRS to the folder, then EVERYONE can access it!

So - how do I limit to just one domain group??
Solution : -
Please see if this helps you : http://technet.microsoft.com/en-us/library/cc753695%28WS.10%29.aspx