Odd asp page behaviour

This is probably easy but I am tearing my hair out here so any help
greatly appreciated.

We have IIS 6.0 running on Win 2003 and when a user tries to access an
asp page under the default website on our intranet they are prompted for
a password. I have anonymous access turned off as I want the
Request.ServerVariables("LOGON_USER") to return their username. Windows
authentication is on.

It doesn't seem to matter what is in the asp page, the simplest hello
world script refuses to run but html pages and images in the same folders
are accessible without a password.

Administrators have no problems accessing asp pages. Obviously I thought
it was a permissions problem but I cannot phathom out where it wants
permissions changing. The default web site and all the folders all have
the correct directory permissions because they can access images and html
pages on the site and I assume passthrough authentication is occuring.

Doesn't matter what I do users always get HTTP Error 401.3 -
Unauthorized: Access is denied due to an ACL set on the requested
resource.

Anyone got any ideas what I missed?