Configure IIS 7.0 Web Server Security
This is a double edged sword. On one hand, you'll be very secure by creating what appears to be a least privilege environment with IIS 7, on the other hand, your security might be coming from a virtual denial of service condition for both your legitimate and illegitimate users.
What you need is a good guide on IIS 7 Web server security.
The good news is that we now have one. Check out this section of the Windows Server 2008 R2 documentation that gives you the information you need to understand and configure IIS 7 security:
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer