Hi Gurus,
First and foremost happy belated 2013 and apologies if I am posting in the wrong section. 
We just inherited an custom-build asp website which there is no documentation or manual provided by the vendor (they went bust) and we have successfully deployed it on our web server machine (IIS7.5/windows 2008 r2). Now the management wants to restrict access to the backend CMS such that only if the user is accessing the CMS via intranet then the login page will be displayed successfully else it will display an error page (some 401/403 exceptions etc). The CMS is built/integrated within the same package as the website under the /admin folder and the website is also accessing a SQL database remotely in our web DB machine. Both web and DB servers are in our network domain.
Now the quick question is how do we set different folder permissions in IIS7.5 such that the /admin folder (and all child folders under it) will only be accessible (read/write/execute) if the user is an authenticated domain user without affecting the rest of the website which is available to the public?
Sorry if I sound really wrong on this as I do not have much experience in IIS7.5 at all and as much as possible we are trying to avoid tweaking the code since the vendor is gone and it may open up a can of worms. Any suggestions to do this otherwise outside of IIS is also greatly appreciated!
Thanks!!