We would like to be able to temporarily deny anonymous access for a certain page and all of its children (from a web UI interface). It seems the problem with the built in EPiServer Access Rights tool is not all of our subpages have the same settings so if we check the "Apply settings for all subitems" box, we will overwrite those custom, per-page settings, not just the one we want to change. Is there a way to push out only a specific setting (such as remove read rights from the Everyone group) to a page and all its children without overwriting everything else?
In the adminstrator user guide on page 23 you can read about setting access rights:
I do not see a solution there. Do you have one in mind?
Yes I do. :) Just uncheck the access checkboxes for the anonymous group (Everyone group in most cases) on your top page, check the "Apply settings for all subitems" and everything should be fine. In that case the Everyone access will be removed on all child pages without affecting other access rights. Try it out in your development environment and you'll see how it works.