IIS is no longer the attack target is used to be. It's been componentized, with everything turned off by default. You also say this is for an intranet, so it shouldn't be exposed externally anyway.
Unless you have lots of scheduled jobs running during the day when IIS traffic is higher, I don't see why you can't use the same box.
>The version that ships with the latest Server 2008 R2 - is that 7.5?
Craig Berntson
MCSD, Microsoft .Net MVP, Grape City Community Influencer