Ok, we need more info.
1. Can you use 3rd party firewall software? Or are you limited to just hardening it via configuration?
2. Have you patched IIS and the OS to get rid of the easy stuff? Eg, RPC holes, the most egregious buffer overruns, etc.
3. Can you run a security auditing program like Retina? If so, run it against your machine and theirs.
Suggestion, there are holes you may wish to read up on regarding the W2k IIS services like the one where you can read any file off the machine by using /../../ to navigate up out of the inetpub directory.
Suggestion, if you aren't using NTFS already, you may wish to convert. That way, you can lock down access to specific directories. Another thing, rename your administrator account and for the challenge, log into the UI w/ a restricted account. Also, do an nbtstat -a 123.23.23.23 on your machine to see what useful netbios data is available. (replace the fake IP with your real IP).
Use non-english passwords so they can't use the latest from lopht.
Finally, load up the policy editor and work your way through the available settings one by one. You'd be amazed at what you can lock down there.
Good luck!