I know that Windows Server 2003 is necessary to run IIS 6.0 and that IIS 6.0 has more secure default settings because it starts off totally locked down.

What are the benefits of IIS 6.0 over IIS 5.0 in terms of performance, convenience to the administrator, security features (beyond default settings), and snap-ins for the MMC? Are there other important benefits? I also care about the benefits of using Windows Server 2003 to host web apps.

I am part of a team developing a web-based application for in-house use on a closed intranet for a couple hundred users. The application will probably start out on a web farm with two servers, tied to a Microsoft SQL Server database, and will be implementing sessions via the database. The ASP pages won't be process intensive, mostly just manipulating business objects and business rules and reading and writing from the database.

I am trying to decide if getting a copy of Windows Server 2003 is worth the money. If you switched from IIS 5.0 to 6.0, do you agree with the top 10 benefits that Microsoft lists at http://www.microsoft.com/windowsserver2003/evaluation/whyupgrade/top10iis6.mspx:

1. The new IIS 6 process model is more available and reliable
2. The IIS compression utility
3. Previous Microsoft Data Access Components (MDAC) locking issues are resolved
4. General IIS 6 error rate reporting is significantly reduced
5. Revamped security reduces default attack vulnerability
6. Tracing is instrumented in the operating system and its components
7. The IIS 6 metabase is revamped to be completely XML based
8. Improved IIS and network load balancing (NLB) Event Logging
9. Resource Accounting and Quality-of-Service (QoS)
10. Isolating individual Web applications and multiple sites into a self-contained processes

Thanks for any input you have.