In addition to "Never" selected in QMC > System > Setup > QlikView WebServer > QVWS@ > Authentication, you'll want to have "Always anonymous" selected for Authorization\Clients in QMC > System > Setup > QlikView Servers > QVS@ > Security tab. Then to complete the process, the IQVS_<ServerName> user needs to be added to either the folder security or document security. This user will need read & execution rights. The IQVS_<ServerName> is created as a local user. You can use a distribution to set it, by using All Users as the user type or you can set it manually on the folder or QVW. If you do it manually you MUST restart the QVS service to force it to rescan the folder.
If you are using section access and the users in the table do not match exactly in the form "domain\userid" there is little you can do server side. You need to open that file locally with a privileged user, make the necessary adjustments in the script and reload.
Actually that is a good test to verify that the application is fine: copy it locally to one of the user's computers and see if you can open it using QlikView Desktop. Note that IE Plugin by design does not use the QlikView Web Server service and therefore the NTNAME of the current user is passed through to the QlikView Server (as any other Windows pass-through scenario)