The SIDLookup merge module translates "well-known SIDs" from a format like: S-1-5-32-545 to its textual representation: "BUILTIN\Users". These properties are meant to be used in the LockPermissions table. I haven't found any use for the Domain column when using these properties so leave that to NULL.
The Custom Action is set to insert itself into the InstallExecuteSequence right before CreateFolders. It does this via the ModuleInstallExecuteSequence table. If you don't like it, your free to change it.
An example for setting security on a directory in an installation:
| LockObject | Table | Domain | User | Permission |
| SubDirectory | CreateFolder | [SID_BUILTIN_POWER_USERS] | 268435456 |
| Property Name | Translated Value on W2K US Eng. |
| SID_EVERYONE | Everyone |
| SID_LOCAL | LOCAL |
| SID_CREATOR_OWNER | CREATOR OWNER |
| SID_CREATOR_GROUP | CREATOR GROUP |
| SID_DIALUP | NT AUTHORITY\DIALUP |
| SID_NETWORK | NT AUTHORITY\NETWORK |
| SID_BATCH | NT AUTHORITY\BATCH |
| SID_INTERACTIVE | NT AUTHORITY\INTERACTIVE |
| SID_SERVICE | NT AUTHORITY\SERVICE |
| SID_PROXY | NT AUTHORITY\PROXY |
| SID_ENTERPRISE_CONTROLLERS | NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS |
| SID_ANONYMOUS_LOGON | NT AUTHORITY\ANONYMOUS LOGON |
| SID_SELF | NT AUTHORITY\SELF |
| SID_AUTHENTICATED_USERS | NT AUTHORITY\Authenticated Users |
| SID_RESTRICTED | NT AUTHORITY\RESTRICTED |
| SID_TERMINAL_SERVER | NT AUTHORITY\TERMINAL SERVER USER |
| SID_SYSTEM | NT AUTHORITY\SYSTEM |
| SID_BUILTIN_ADMINISTRATORS | BUILTIN\Administrators |
| SID_BUILTIN_USERS | BUILTIN\Users |
| SID_BUILTIN_GUESTS | BUILTIN\Guests |
| SID_BUILTIN_POWER_USERS | BUILTIN\Power Users |
| SID_BUILTIN_BACKUP_OPERATORS | BUILTIN\Backup Operators |
| SID_BUILTIN_REPLICATOR | BUILTIN\Replicator |