I made a reference to the IISOle.dll and used the following code to add restrictions.  It requires .NET 3.5.   You can use Visual Basic Express to compile the code.  Thanks Brent for the assistance!

Imports System.DirectoryServices
Module Module1

    Sub Main(ByVal v_arrArgs As String())

        Dim args() As String = Environment.GetCommandLineArgs
        Dim y As Integer
        For y = 1 To UBound(args)
            ProcessIT(args(y))
        Next
        Console.Write("Done")
    End Sub

    Sub ProcessIT(ByVal value As String)
        Dim ServerIP As String
        Dim IPAddress As String
        Dim SiteID As String
        Dim arrSplit As String() = Nothing
        'Try

        arrSplit = value.Split(CType("!", Char))
        ServerIP = arrSplit(0)
        IPAddress = arrSplit(1)
        SiteID = arrSplit(2)
        Dim Dir As New DirectoryEntry("IIS://" & ServerIP & "/W3SVC/" & SiteID & "/ROOT")
        Dim IpSec As IISOle.IPSecurity = Dir.Properties("IPSecurity").Value
        IpSec.GrantByDefault = True
        Dim IpList = (From Ip As String In CType(IpSec.IPDeny, Object())).ToList()

        For Each item As String In IpList
            Console.WriteLine(item.ToString())
        Next
        Console.WriteLine("Done")
    End Sub

End Module

Here is a forum post.

http://forums.iis.net/p/1148477/1865759.aspx

Cheers,

Steve Schofield