IIS 7 restrict folder

1. Create User and Group:
Control Panel/Administrative Tools/Computer Management/Local users and groups
- create User
- create Group

2. add user to group. Delete user from "users" group. Add group over specific folder. (properties/security tab)

3. Convert specific folder to Application in IIS.

4. In web config of just created application add your group and restrict anonymous user:

<?xml version="1.0" encoding="UTF-8"?>

<configuration>

    <system.web>

        <authentication mode="Windows" />

    </system.web>

    <system.webServer>

        <security>

            <authorization>

                <remove users="*" roles="" verbs="" />

                <add accessType="Deny" users="?" />

                <add accessType="Allow" roles="XMyGroup" />

            </authorization>

        </security>

    </system.webServer>

</configuration>