How to set up security to SQL 2005 Reporting Service?

I have Sql 2005 server (SSAS, SSRS, Database)installed on my workstation running on Windows XP Pro. SP2 for development only. However I need to migrate the reports to a "Production" enviroment next month which is set up with two servers running on Windows 2003 Server, one will serve as Data Server with Sql 2005 server and SSAS installed on it and the other will serve as Report Server with Sql 2005 Reporting Service. My question is how to set up the IIS on the Report Server to allow users from the domain to access the Report Manager (the reporting Service is intend to set up as an "Intranet" tool for the users ie No Internet access to the reports). A "dumpy" user will be set up at the Report Server for the data connection to the remote Sql 2005 Server. Also how to implement the security on the individual folder in the Report Manager. Currently I have folders set up for the department and I want to set up security only allow people from those depts to access their folder/subfolders. How to set up security on folder and subfolders in Report Manager? Can I set the security on my Windows XP machine to test it before I roll it out to the Production servers? Thanks.

here is a microsoft link that talks about role based security in reporting services...

http://msdn2.microsoft.com/en-us/library/ms156014.aspx

hope this helps...good luck!