Which is best, /G or /P, or does it not matter ?

My preference is "/E /P" which results in
         BUILTIN\USERS:(OI)(CI)F
         BUILTIN\Administrators:F
         BUILTIN\Administrators:(OI)(CI)(IO)F
         NT AUTHORITY\SYSTEM:F
         NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
         NT AUTHORITY\Authenticated Users:C
         NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)C

How is "single barrel-led" BUILTIN\Users: different from "double barrel-led" :-
BUILTIN\Administrators:
NT AUTHORITY\SYSTEM:
NT AUTHORITY\Authenticated Users:

What does /T do ?
CACLS /? says /T applies to "all sub-directories",
but how does that differ from
   CI - Container Inherit.
plus
   OI - Object Inherit.


I do not fully understand BUILTIN\Users:(OI)(CI)F,
but I am overwhelmed by "/E /G" which gives
         BUILTIN\Users:(OI)(CI)(IO)(special access:)
                                   STANDARD_RIGHTS_ALL
                                   DELETE
                                   READ_CONTROL
                                   WRITE_DAC
                                   WRITE_OWNER
                                   SYNCHRONIZE
                                   STANDARD_RIGHTS_REQUIRED
                                   GENERIC_READ
                                   GENERIC_EXECUTE
                                   FILE_GENERIC_READ
                                   FILE_GENERIC_WRITE
                                   FILE_GENERIC_EXECUTE
                                   FILE_READ_DATA
                                   FILE_WRITE_DATA
                                   FILE_APPEND_DATA
                                   FILE_READ_EA
                                   FILE_WRITE_EA
                                   FILE_EXECUTE
                                   FILE_DELETE_CHILD
                                   FILE_READ_ATTRIBUTES
                                   FILE_WRITE_ATTRIBUTES


A standard "Guest" account/profile can be logged into without a password
My daughter has a normal User account with a password but without Admin authority.
Does CACLS consider them both equally "BUILTIN\Users:" ?

I have Admin authority (and a password)
Am I a "BUILTIN\Administrators:" ?

How do I become a "NT AUTHORITY\Authenticated Users:" ?
Do I need to start in SAFE mode and log into my normal account ALAN ?
Or do I log into the special Administrator account via SAFE mode ?

I propose USING
CACLS "H:\Utils" /T /E /P Users:F
This I EXPECT to give full access for Guests etc.

QUESTIONS :-
If a new application is downloaded and held in a new folder under "H:\Utils\",
Will that inherit full access from the "H:\Utils" parent ?

If an existing application elsewhere in H:\ has normal NTFS restrictions,
will it retain those restrictions if I move it under "H:\Utils\",
Or will it now inherit full access from the "H:\Utils" parent ?

Regards
Alan
Bump