1. Create the user:
Administrative Tools -> Computer Management
Expand Local Users and Groups
Right-click Users, select New User…
Fill in the appropriate fields, be sure to clear the box for “User must change password at next logon”.
Click Create

2. Remove anonymous access from the directory that you want to restrict:
Open Internet Information Services (IIS) Manager
Expand Web Sites
Expand the respective web site
Right-click on the directory you want to restrict, select Properties
Click the Directory Security tab
Click the Edit… button
Clear the check for Enable anonymous access
Make sure only Integrated Windows authentication is selected ( or basic with a https site )

3. Set the NTFS permissions on the directory:
Within IIS Manager, right-click on the web site name.
Select Open
Right-click on the directory that you’re restricting, select Properties
Click the Security tab
Click the Add… button
Type the username that you created earlier, click OK
Make sure at least Read & Execute permissions are selected for the user
Click OK until all windows are closed