DON'T DO THAT !
It will stop both ASP and ASP.NET from working as both need access to certain directories.
Spend some time reading through usenet and MS site and find out which files and folders your users DO need access to, make sure they can see those (read only) and shut them out of the others.
There's something that should worry you more . . . .
Your users can probably also see each others files which is an unforgivable lapse in security and could lead to big problems for you and your users.
You should be running each site with it's own IUSR_ user AND you need to enforce impersonation in your machine.config file to stop them reading each others file via the user used for .NET - otherwise they will have free access to each others files including databases which could hold CC details etc.
You also need to set machineonly in your machine.config file to stop a user overriding it in their own web.config file.
This is a huge topic and can't be explained in a post - you have a lot of homework to do I'm afraid