I just discovered that there is a setting in PHP.ini that makes web folder access rights in Vista/IIS7/PHP a breeze! Open php.ini and look for the setting fastcgi.impersonate. Set it to 1 (Uncomment it if the line already exists)
fastcgi.impersonate = 1;
Restart the web server.
This directive enables PHP applications on Windows to impersonate the authenticated user making the request enabling PHP scripts to execute as that user (and not as an IIS process).
Once this is done, you do not need to add the IIS_IUSRS group to every folder that you want IIS to access! Yeah!