Hello:
I am new to this employer.  They have an IIS 5.0 Server in a DMZ that is a
member of workgroup not domain.  The name of workgroup is same as domain.  
Script writes route to internal domain ip range through firewall.

I have researched this type of practice in MS technet and found no reference
to recommendation IIS server be member of workgroup not domain.  Doesn't seem
secure to me since credentials of Adminstrative users will pass with
name\username(same as on domain).  The websites go into domain to sql server
and Access Database server to display information from catalogs to public.

Second IIS lockdown and URL scan have never been installed.  Are there any
precautions I should use when installing these tools?  As state above asp and
cgi scripts get information from SQL and Access databases to produce pages to
public and also run application tools.  Some Access databases are also on web
server.

Webpublishing services are stopping on regular basis.  One problem was
diskspace on C: partition and I have moved page file and largest log to
bigger partition.

Thanks for any help you can give.