There's probably a complex way to do it using NTFS permissions, and by handing out passwords to those who won't be accessing the site locally, but, if you're using Windows 2000 server, just couple this with the IP address restrictions and it's done. Just restrict the 127.0.0.1 and your assigned IP address from accessing the website. That way, no one would be able to sit at the machine and surf the site.