I have a Windows Server 2003 that acts as a domain controller, DHCP server, and file server. Presently, it's underutilized. I'd like to get WSUS going in the office, and the Windows Server 2003 is the only candidate, but have been told that IIS on a domain controller opens the server up to malicious activity. I'm not sure I understand why. If the server has a private IP and is behind a very robust firewall, where's the risk? Is it possible to install IIS on a domain controller that minimizes the risk?