Is there a way to secure an internal IIS so only a select few users have access to it? If I select Integrated Windows Authentication and set security to the home directory folder for the IIS site to only some people, everyone else can still access it. If I set it to Basic Authentication then users get prompted for the credentials but still everyone can get access to the site.
P.S. This is only for intranet, so using basic authentication is not a security threat.