In Internet Information Server, if the server is configured to access and index a remote virtual root, access to that virtual root and the documents contained on it is determined by the account configured to access the remote share. Any accessible document will be indexed, and will be available to any client that connects to the server. The access checks for query results described in Access Control for Web Pages are explicitly disabled in this case.
Be aware that by indexing remote virtual roots, you may unintentionally disclose the contents of documents on that root to unauthorized clients, because the user name and password supplied by the Web administrator (in the Internet Service Manager) is used for all access to that remote share.