Internet Information Services (IIS) 6.0 Changes
In Windows 2000 Server, IIS installs just about all the components by default. With Web services being a major source of virus and other attacks from the outside world, Microsoft decided to tighten the security in Windows .NET Server. It doesn't install any additional add-ons by default. In fact, by default there isn't any support for Active Server Pages (ASP) either; only static HTML pages are supported.
Another nice feature is that when you first run the IIS Management Console, the IIS 6.0 Security Lockdown Wizard gives you the option to enable only the extensions that you want. Microsoft clearly had a new mindset when they designed .NET services, and security is definitely a major area of interest. The default IIS configuration in a .NET server is much more secure than its predecessor.