Before a user can Login to WebAccess the first time, the user must pass through Windows security of the Project node (for Web Browser Clients) and Windows security of the SCADA node (for local users of ViewDAQ and DrawDAQ).
Anonymous Access is not required (or recommended). The best way to secure your system is to use Windows Authentication in IIS (the web server software).
The SCADA nodes and Project Nodes run only on Windows 2003, 2000 or XP. They all use a version of Windows security.