When implementing an IIS server, you must first ensure that the Windows server hosting the IIS service is secure. Measures you can take include the following:
Define the user account for anonymous access.
Secure the file system.
Apply specific registry settings.
These Windows security setting recommendations are the same whether you are hosting IIS on Windows 2000 Server or Windows Server 2003 hosts.
At a minimum, IIS server requires that you configure the following services to start automatically:
IISAdmin Enables administration of the Web server
World Wide Web Publishing Service ...