Crystal, Web server, Security

I have an intranet using IIS4 webserver and crystal reports 8 (I don't think
the version matters with this problem). I am trying to set securities for my
reports to be run over the intranet. I am using NT challenge and response. I
have a web page that has a list of links to several reports. I have set
permissions on the web page and only certain users can access this web page.
But my problem is that if they can access the web page they can run any
report on that page even if I have secured each individual report with user
Any help with this?