You can password protect a directory on your Windows hosting account by removing the "Read" directory permission for that directory. The result of removing this permission is that you can only access that directory using your hosting account's primary FTP user's user name and password.
This process restricts directory access to the primary FTP user only.
To verify your settings, go to www.yourdomain.com/customdir, where yourdomain.com is your domain name and customdir is the custom directory you just created or updated. When the login prompt displays, type your hosting account user name and password to view the contents of your directory.
You can also use an ASP script to password protect your directory. This would require a bit of programming on your part. See the User Authentication section at HotScripts.com for some examples.
NOTE TO FRONTPAGE USERS: Microsoft FrontPage manages all directory and subdirectory permissions on your website. If you created custom directories on your website, or you are using another tool to build and or manage your website, switching to FrontPage may cause some difficulties. It overwrites all of your directory permissions and may make your Website unusable. If you have FrontPage Extensions activated in your Hosting account, you will not have access to the Permissions feature in the FTP File Manager section of the Hosting Control Panel.
For additional information on limiting Web directory access, see Removing Web Access to Directories on a Windows Hosting Account.