What? Are you serious? The DenyPermsMask column is used now??? Oh yeah my friends, it can be used now! Unfortunately, it can't be used at the site/web level. It is in the web application policy level where you can now specify the explicit deny on permissions. We have been waiting for this since SP1 of SharePoint 2007!
You can configure explicit deny on the SharePoint Central Administration by:
- Open Central administration
- Click Applicaiton Management
- Select a web application
- In the ribbon click Permission Policy
- Click "add Permission Policy Level"
- Give it a name like "My Deny Policy"
- Notice that all the site level permission are displayed with a Grant and a Deny check box! Cool!