Use both NTLM and Anonymous authentication with IIS

Point '^accounts/login/$' or whatever your custom login path is to the 'negotiate_ntlm' view. This allows you to keep anonymous authentication enabled on IIS and easily lock down just the parts of the site you need to (e.g. [admin](http://djangosnippets.org/snippets/2127/)).