Let me preface this by saying that the main drawback of FTP in IIS is that it only supports two types of authentication: Anonymous Authentication, and Basic Authentication which transmits user passwords in clear text. So if you're going to use FTP to share sensitive information, you should implement some other form of security to protect your network passwords and data.
To enable Basic authentication, go to the Properties sheet of the site, directory or virtual directory, click the Security Accounts tab and clear the "Allow Anonmyous Connections" check-box. Then you can control access to the FTP resources using standard NTFS permissions, and the Basic Authentication will use that information to control access to resources on the site.
This was first published in January 2005