You can password protect directories using the following method:
1) log in to your server and open up the IIS MMC. Drill down to the site/folder you want to password protect, right-click on that object, and then bring up the properties.
2) Go to the directory security tab and click the first "Edit" button.
3) Uncheck the "Anonymous Access" box. Click OK. and then click OK again. Now visitors attempting to access this particular site/directory will be prompted for a username/password. The default FTP username / password will allow access to the directory.
