I assume the basic auth module is already installed. Edit directory properties in IIS. Remove anonymous access and enable basic auth. In directory security remove all users except an admin (for future management), the account used for FTP and the account for web access. That should do it. I tested and it worked... Play with a subdirectory just to be on the safe side until you make sure it works for you as intended.
On the directory in iis all I have enabled is basic authentication. In directory security all there is, is administrator, owner and system. Any domain user can log in, really weird... -- »www.devicemanager.net