I am trying to understand the relationship between IUSR_MACHINE, EVERYONE, and the NETWORK Group with regard to permissions to view web pages. We removed the sharepoint browsers group and everyone from the files and turned off anonymous, but all users could still view pages we wanted secured. It appears that a built in group called NETWORK seems to allow any authenticated user to view pages if NETWORK has read authority on the files. I haven't been able to find a decent explanation of the role this group plays when access thru IIS is involved. To secure the pages we had to remove this group from the access list dialog. I still haven't figured out how it got assigned permissions in the first place so I am concerned that something like the FP server extensions could put it back.
If its role can be explained in the space allowed here I would greatly appreciate hearing from someone.... a pointer to an article on MS web site would work just as well, maybe, especially if you'll allow a follow up question or two. I looked at a couple of those already and found them either too light or so far into AD as to not help at all.

Thanks in advance