Which built-in account is used for Anonymous Authentication in IIS 7?

The account is IUSR. Here is a great link describing what the account is and how to grant access.

Here's the key exerpt:

Note: The IUSR account is similar to LOCALSERVICE in the manner in which it acts anonymously on the network. The NETWORKSERVICE and LOCALSYSTEM accounts can act as the machine identity, but the IUSR account cannot because it would require an elevation of user rights. If you need the anonymous account to have rights on the network, you must create a new user account and set the user name and password manually, as you did in the past for anonymous authentication.

To grant an anonymous account rights on the network by using IIS Manager:

1. Click Start, type INetMgr.exe, and then click Enter. If prompted, click Continue to elevate your permissions.
2. In the Connections section, click the + button next to the name of your computer.
3. In IIS Manager, double-click the site that you want to administer.
4. In the Features View, double-click Authentication.
5. Select Anonymous Authentication, and then click Edit in the Actions pane.
6. In the Edit Anonymous Authentication Credentials dialog box, click the Specific user option, and then click Set.
7. In the Set Credentials dialog box, input the user name and password desired, and then click OK.

Conceptually speaking, IUSR is restricted to a system managed (including password) local only account. You can grant it rights locally by referencing "IUSR" but if you need any more you'll have to create a specific account.