To do this, go to your IIS manager (Click Start, Admin tools and then Internet Information Services Manager), and select the directory you want to protect. In the middle pane, double click 'Authorization Rules'. In the right hand pane, click 'Add Deny Rule'. Select 'All anonymous users' and click OK. Now, to grant users access, click 'Add Allow Rule' and select the 'Specified Users' box. Just type the usernames of the people you want to allow access.
Let me know how you go, and if you have any questions, just let me know!