oh, the joys of IIS permissions
i could speculate on the reasons that your permissions arent flowing, but it is likely that the actual NTFS permissions arent flowing to the index file.
right click > properties > security tab
does it have the user "IUSR_YOURCOMPUTERNAME" listed with at least read access to the file? (this is the account that windows uses if you tell it to use anonymous access)
always remember that IIS sits on top of NTFS, and no matter how you configure access in IIS, all that will be trumped by NTFS. you can have complete open access to anonymous IIS users to a file in your web site. but if the file's ACL doesnt list the IIS account (or give the account certain permissions like read/write/execute), then the web server will get shut out by NTFS.
also, if you moved this file from any location outside wwwroot into wwwroot, it probably didnt inherit the wwwroot folders permissions (which IIS sets up so things in there work). if this is the case, right click wwwroot, click properties, security, and the advanced button. click the unchecked box that says "replace permission entries...". when you do windows will advise that its not going to APPEND anything -- its going to first wipe all permissions and then replace all permissions. since this is a fresh install of IIS, you havent changed anything, and every folder/file in wwwroot is already inhereting the permissions IIS initially set, so nothing will be hurt by this replace.
once you do this, your index file (and all others) will receive the NTFS permissinos that will probably coincide with the IIS permissions, which will then give you access.
you dont have to do that method either. if you want, just right click your file and tell it to inherit the parent permissions. this should work for you as well.
if your problems persist, id blow away the IIS installation, and start over completely w/o messing with any of the registry and other entries you messed with. its easier to learn things from the point where everything began rather than after messing with stuff like you mentioned.
mostly this post assumes your website is set up for anonymous access. when it is, it uses that iusr account for that access. windows of course controls the password for that account, but the account has to be listed on every resource's ACL. IIS doesnt make this happen in any way, except with the initial install and through inhereted permissions. you could make a folder on your dekstop part of your IIS structure. that doesnt mean by default anyone can access that folder though.
IIS isnt so bad when you figure out the permission flow. heck, i learned the ins and outs of IIS from screwing with it on my xp pro machine just like you. i was able to translate that knowledge into doing many good things on an air force network i was an admin at.... especially considering there was NO formal training!!