Security question (virtual directory)

I can not protect files that are in a virtual directory. What is wrong?

Situation:

- three Windows 2003 server:
S1: primary server
S2: Exchange + IIS 6 (with intranet)
S3: printer and file services. Including \\D3\Data share

- on S2:

1. intranet website with root in C:\inetpub\wwwroot (on S2)
2. virtual directory intranet connected with D:\intranet (on S2)
3. in \intranet created some virtual directories that refer to directories in the data share op S3.

For example:
\intranet\dept1 --> \\S3\Data\dept1 (rights on this folder for the group dept1)
\intranet\dept2 --> \\S3\Data\dept2 (rights on this folder for the group dept2)

When I log on S3 on the file system (connected to the share on WinXP); I can not access for example dept1. I have not right on the dept1 folder.

When I log on to the webserver on S2 and surf to http://s2/intranet/dept1 I can see the content. When I turn of the Browse capabilities (Browse directory = off) of this dept1 virtual directory, I can not see the content anymore. But If a know the URL of a document I can still open it.

For example:
- I can access http://s2/intranet/dept1/test.doc
- But I can not access this from my WinXP station: \\S3\Data\dept1\test.doc

The rights on the virtual directories are not arranged by the file rights.
How can I fix this? (prevent persons not a member of the dep1/2 groups to view files in \intranet\dept1 and \intranet\dept2

Regards,
Martijn

.